Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner legt PC lahm

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.08.2012, 22:25   #1
Grobby
 
GVU Trojaner legt PC lahm - Standard

GVU Trojaner legt PC lahm



Hallo liebe Trojaner kundigen !!
Habe mir gestern auch diesen GVU Trojaner eingefangen; dieser erscheint nun jedesmal sobald ich meinen PC hochfahre (allerdings nur wenn PC mit I-net verbunden ist).
Wäre super wenn ihr mir helfen würdet bzw. könnt; vorab schonmal vielen Danke
Ich poste nachfolgend die beiden log-files. Hoffe dass ich das richtig gemacht habe, bin nicht so bewndert in solchen Dingen.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.08.2012 21:56:06 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Wotan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 56,76% Memory free
15,96 Gb Paging File | 12,65 Gb Available in Paging File | 79,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 44,07 Gb Free Space | 18,06% Space Free | Partition Type: NTFS
Drive D: | 1618,87 Gb Total Space | 350,26 Gb Free Space | 21,64% Space Free | Partition Type: NTFS
Drive G: | 4,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 7,45 Gb Total Space | 0,70 Gb Free Space | 9,43% Space Free | Partition Type: FAT32
 
Computer Name: WOTAN-PC | User Name: Wotan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Wotan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (CLHNServiceForPowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (CyberLink)
SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ntk_PowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (Cyberlink Corp.)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 B9 ED 88 27 70 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.10.25 19:53:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.14 01:15:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.02 19:52:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2012.08.02 18:50:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 20:28:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.14 01:42:17 | 000,000,000 | ---D | M]
 
[2011.10.25 21:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wotan\AppData\Roaming\mozilla\Extensions
[2012.07.07 16:24:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wotan\AppData\Roaming\mozilla\Firefox\Profiles\qvionje7.default\extensions
[2011.12.10 14:38:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Wotan\AppData\Roaming\mozilla\Firefox\Profiles\qvionje7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.07 16:24:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wotan\AppData\Roaming\mozilla\Firefox\Profiles\qvionje7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.29 18:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.13 20:22:22 | 000,009,584 | ---- | M] () (No name found) -- D:\CYBETECH\APPS\KYLO\APP\EXTENSIONS\{34685145-442A-4A29-A33E-AF4FFA3DDAEB}.XPI
[2011.10.13 20:22:22 | 000,099,159 | ---- | M] () (No name found) -- D:\CYBETECH\APPS\KYLO\APP\EXTENSIONS\{448D473E-BEC6-11E0-8845-A93E4824019B}.XPI
[2012.07.20 20:28:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.14 01:42:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.29 18:11:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.29 18:11:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2012.04.29 18:11:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.29 18:11:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.29 18:11:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.29 18:11:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.10.25 19:43:28 | 000,002,402 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 27 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CybeSystems.lnk = D:\Cybetech\CybeSystems.exe (Microsoft)
O4 - Startup: C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK = C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V\registrationa1\RegistrationReminder.exe ()
O4 - Startup: C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK = C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe ()
O4 - Startup: C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Wotan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wotan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Wotan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wotan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E51C7A9-DC03-4151-B8F3-D7668B54981C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A3DF05E-6B30-4A13-AC56-0F5424D98D3B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\tbr - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.29 01:19:31 | 000,000,000 | ---D | M] - G:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - G:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.02 20:03:32 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Wotan\Desktop\OTLPENet.exe
[2012.08.02 18:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2012.08.02 18:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
[2012.08.02 18:50:00 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.08.02 18:49:59 | 000,000,000 | ---D | C] -- C:\Users\Wotan\AppData\Roaming\Spyware Terminator
[2012.08.02 18:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.08.02 18:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.08.02 18:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2012.07.23 19:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2012.07.23 19:25:49 | 000,000,000 | ---D | C] -- C:\Users\Wotan\Documents\Stronghold 2
[2012.07.22 15:01:17 | 000,000,000 | ---D | C] -- C:\Users\Wotan\Desktop\Neuer Ordner
[2012.07.18 21:52:34 | 000,000,000 | ---D | C] -- C:\Users\Wotan\Documents\Stronghold 3
[2012.07.18 19:48:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.17 21:58:32 | 000,000,000 | ---D | C] -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.07.14 22:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports
[2012.07.12 03:00:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 03:00:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 03:00:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 03:00:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 03:00:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 03:00:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 03:00:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 03:00:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 03:00:49 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 03:00:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 03:00:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 03:00:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 03:00:48 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 23:22:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 23:22:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 23:21:58 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 23:21:53 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 23:21:52 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.07 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\Wotan\dwhelper
[2012.07.06 03:00:33 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.02 20:01:46 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 20:01:46 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 19:55:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.02 19:53:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.02 19:53:54 | 2132,430,847 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.02 19:52:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.08.02 18:50:00 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.08.02 18:49:58 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.08.02 12:52:32 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Wotan\Desktop\OTLPENet.exe
[2012.08.01 22:52:12 | 000,001,881 | ---- | M] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.29 13:25:22 | 000,000,124 | ---- | M] () -- C:\Users\Wotan\Documents\ax_files.xml
[2012.07.18 19:51:16 | 001,619,884 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.18 19:51:16 | 000,707,550 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.18 19:51:16 | 000,661,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.18 19:51:16 | 000,153,036 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.18 19:51:16 | 000,125,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.18 19:51:10 | 001,619,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.14 22:02:38 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 11.lnk
[2012.07.13 20:50:02 | 000,001,613 | ---- | M] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK
[2012.07.13 20:49:55 | 000,001,567 | ---- | M] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
[2012.07.13 20:49:48 | 000,001,714 | ---- | M] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK
[2012.07.12 03:20:23 | 004,831,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.02 18:49:58 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.08.01 22:52:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.08.01 22:52:12 | 000,001,881 | ---- | C] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.14 22:02:38 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 11.lnk
[2012.07.13 20:50:02 | 000,001,613 | ---- | C] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK
[2012.07.13 20:49:55 | 000,001,567 | ---- | C] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
[2012.07.13 20:49:48 | 000,001,714 | ---- | C] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK
[2012.04.22 12:04:19 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.04.05 18:46:28 | 000,697,862 | ---- | C] () -- C:\Windows\unins000.exe
[2012.04.05 18:46:28 | 000,002,357 | ---- | C] () -- C:\Windows\unins000.dat
[2012.04.05 18:36:14 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2011.11.01 11:02:52 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.01 11:02:49 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.11.01 11:02:49 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.30 16:49:03 | 000,000,093 | ---- | C] () -- C:\Users\Wotan\AppData\Local\fusioncache.dat
[2011.10.25 22:56:27 | 001,619,884 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2007.06.21 17:11:24 | 000,000,266 | ---- | C] () -- C:\Program Files (x86)\Common Files\hama.de - Download-Area Gamecontroller.url

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.08.2012 21:56:06 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Wotan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 56,76% Memory free
15,96 Gb Paging File | 12,65 Gb Available in Paging File | 79,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 44,07 Gb Free Space | 18,06% Space Free | Partition Type: NTFS
Drive D: | 1618,87 Gb Total Space | 350,26 Gb Free Space | 21,64% Space Free | Partition Type: NTFS
Drive G: | 4,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 7,45 Gb Total Space | 0,70 Gb Free Space | 9,43% Space Free | Partition Type: FAT32
 
Computer Name: WOTAN-PC | User Name: Wotan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083F99C6-5227-425E-8B64-E75F8ACAA575}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{09C00565-D11B-4572-AB62-BD25ECD995C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0F01F07C-2204-4197-A054-52D26108D8E4}" = lport=58232 | protocol=6 | dir=in | name=pando media booster | 
"{1761F213-8A72-47E6-B77E-945278D46405}" = lport=58232 | protocol=6 | dir=in | name=pando media booster | 
"{37442C76-CB90-4541-9701-80EA4C13E09A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3D72F8D5-8175-412E-9E1D-1369461E331C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4126EA9C-15EB-42C0-99ED-033FED56865E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{43E66627-9023-43E4-914E-91C8A74B96D3}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 | 
"{45872FA9-9F9D-4603-96BC-62B0CB56BD80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{471DDD51-CE32-4285-85B0-531E785257D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4CBC277E-7004-4DDB-9030-86DA18F358A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5B0A9B82-F292-43EB-AB39-907E91A824C8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5BD109D3-B398-4E15-B711-3E557C5DE704}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{64C1C04A-D896-4615-B1CD-DCD3E945BBB5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{653283B3-7101-4FD3-96A3-41DAF72467A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{678DB5C1-0379-4CC1-A478-EAC6C3BF83F2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{680DFBE2-69B3-4852-BD1C-6422E3E1F1B5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6FA0A9BD-ABA9-4250-9184-B87A4EAB52C4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{70AF299F-DE35-4436-AA84-D802C2EA63FF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{81510B2A-CED5-433C-8A78-85B9498E585A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{871020EC-AB66-47CD-AB25-EF7B8C2CC7E5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8B5E0903-68B1-4DA2-93C8-7B057CD59B36}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{9F69456B-AF35-40BE-9EEF-45823C5566CD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A28BE798-1762-4D07-B2F3-4B6F6C2666BB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A377C6D2-A1EA-4928-9BC5-258352900E9B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A4CEE47F-E3F8-4BD4-BE83-D6A242F7218A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A79EE648-86A1-4CC6-9D3D-9F9372D40104}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B02313F8-BC11-4776-B71B-9337F44AAFE7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B4D94DD0-74E7-4DCD-A0A0-132660F5F293}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C4117031-05BC-4CAE-900B-14B9A3F994EC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C850A8EE-73BE-49C9-B2D9-4F77B377BABF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D289B2C1-555F-463B-8F48-1A2AD9E3090B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D383D01A-9579-4DAA-80AC-A12EE6450491}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E0EAD7ED-6188-4F96-B7A0-8E2C3CAD6524}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2C3E8A7-F28E-46B4-85FE-94420A09AAD3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F04246E1-DADF-4C90-8EE4-7A3E1B273BC3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F2B94574-7C46-4FDA-A027-0A0B75F9694B}" = lport=58232 | protocol=17 | dir=in | name=pando media booster | 
"{F6CC924F-C651-4D66-9D9B-9101D5F93BCD}" = lport=58232 | protocol=17 | dir=in | name=pando media booster | 
"{FDD049D9-6A35-424B-AAAF-E71C3A422430}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045CC36C-289E-4105-8A9F-3C63AC1B1408}" = protocol=17 | dir=in | app=d:\gamez\tq - immortal throne\tqit.exe | 
"{047C222B-8724-495C-AE96-9C3C91094C26}" = protocol=17 | dir=in | app=d:\gamez\stronghold 1\stronghold.exe | 
"{07C547F8-00A4-4808-A8DB-B96D272F2759}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{083A3621-5E59-4246-9FC1-62476F18ED5B}" = protocol=17 | dir=in | app=d:\gamez\stronhgold legends\strongholdlegends.exe | 
"{08AD65E2-EF28-4DD5-AC29-E89BBC3E310B}" = protocol=6 | dir=in | app=d:\gamez\die schlacht um mittelerde ii - der aufstieg des hexenkönigs\game.dat | 
"{0A6290C4-AA7F-40CE-BB76-5873B59C4115}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{0E7C95CB-2B89-442D-B2A1-0B6128E02560}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{12317A31-4C96-45C8-93E6-8A9F1D0AD6FC}" = protocol=17 | dir=in | app=d:\gamez\battleforge\battleforge.exe | 
"{1CACB76B-CCED-428E-8F54-D082FC4D994C}" = protocol=17 | dir=in | app=d:\gamez\diablo iii\diablo iii\diablo iii.exe | 
"{1DA33912-50BD-4725-99B7-BA54755B1375}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{1F6FD4E1-0CF8-4790-B846-C61B4F101FEC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of battles\release\launcher.exe | 
"{26109926-4B9E-458B-B329-1281173380AF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{266E0077-8349-4409-9BF3-CEF93AB446E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe | 
"{26D20554-5CDA-4FE5-94C0-42AB64934E6E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{2A8DC2F2-8EBD-4683-8F84-7D89A104E541}" = protocol=6 | dir=in | app=d:\gamez\resident evil 5\re5dx9.exe | 
"{30516F06-5FEC-4496-9C13-C158DA656B70}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{30C96685-3EDD-464A-B2C9-32789C4E09C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{330B1022-4BEC-41F2-A1B4-5B4E8C900229}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | 
"{336C6148-1600-4B83-985E-223FA078AEBF}" = protocol=6 | dir=in | app=d:\gamez\resident evil 5\re5dx10.exe | 
"{34C0D79C-4A43-4A0B-B666-E9B4A6641C3F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{34ECF543-D29C-4BAC-BC87-4D3252A352AE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe | 
"{3551F2CC-A7EA-4350-887E-1314704D9FEB}" = protocol=6 | dir=in | app=d:\gamez\tq - immortal throne\tqit.exe | 
"{3BCE0140-4A42-41CC-9E91-9A35307B9EC5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{3EA085CF-C4E9-4241-A09F-E0643DCCC243}" = protocol=6 | dir=in | app=d:\gamez\batman - arkham asylum\binaries\shippingpc-bmgame.exe | 
"{3FEE07F1-5DF6-4E6A-8482-ED0F030B9D24}" = protocol=17 | dir=in | app=d:\gamez\resident evil 5\re5dx10.exe | 
"{4386D938-D502-4DB2-8F0C-FB01DD65E25A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe | 
"{45A49146-7174-4613-B413-26DB7C9F44AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4998C9C5-87C2-4618-9098-71D64DE2E1CD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe | 
"{4F0F3C07-5D8A-4882-AABB-31877E430529}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5410CC6B-724F-4878-A409-E4892A1E8838}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{56D04746-34D6-4188-8C48-A2DE1A4704A7}" = protocol=6 | dir=in | app=d:\gamez\stronghold 1 - crusader\stronghold crusader.exe | 
"{57099FFA-C8D2-49AE-BE3B-4184F9847EAB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of battles\release\launcher.exe | 
"{57C20600-F173-4C7A-8FE4-E9CF292E3912}" = protocol=17 | dir=in | app=d:\gamez\die schlacht um mittelerde ii - der aufstieg des hexenkönigs\game.dat | 
"{58FDB912-19F7-4F9A-9443-977B9BE7F05A}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"{599D9230-53AE-4202-A31B-3AADE31A1B50}" = protocol=17 | dir=in | app=d:\gamez\stronghold 1 - crusader\stronghold_crusader_extreme.exe | 
"{5C87EDD1-B4D2-46D8-B7A8-92A71409994B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{63702DFA-E271-44FC-83DB-E879B969B3BE}" = protocol=6 | dir=in | app=d:\gamez\stronghold 2\stronghold2.exe | 
"{659D4CCB-F6E9-431D-B3D5-295DE085376A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{67DDC725-F020-44F5-BC79-ABEAA19B423F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{687A545E-1087-41BF-91E2-C24FB3F4D93F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{688618DF-988F-4F84-BE7D-D2096C0A8C13}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{68E27E36-C22B-4E94-9F4B-032A600065D9}" = protocol=17 | dir=in | app=d:\cybetech\apps\utorrent\app\app\utorrent\utorrent.exe | 
"{6A427219-5ED5-48E7-B4BE-3D8DD0CD2549}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"{6A6D7262-CDEC-4BE0-8A6F-2ED8493C7AD4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6EBEED7A-4EFE-4934-B5E7-956E464F87EF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6F69B536-F0C9-482F-8C57-691ACDDD3AD7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe | 
"{70BA2998-BE9F-4D5B-9B2D-5850E0ECBED9}" = protocol=17 | dir=in | app=d:\gamez\die schlacht um mittelerde ii - der aufstieg des hexenkönigs\game.dat | 
"{73E0416C-45D7-4D22-89C5-8AF0F33A9398}" = protocol=6 | dir=in | app=d:\gamez\stronhgold legends\strongholdlegends.exe | 
"{7416938F-47D9-4E15-A723-D4CB1241DAE7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{7419E1C6-0B28-4A41-B450-99CF049BF2EA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7527DA0C-2648-4587-8D42-11942A011D9B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | 
"{78853808-25AF-4488-B2CB-0459BE120052}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{78FFD5DF-51DF-4CE5-AC55-73A60F11A9C1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserver.exe | 
"{7FB93290-8C00-4334-A055-9DE2A577655F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{817D9B8F-D6CB-4661-AF44-9EDAB2582BDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{825D8392-7A4D-481E-8B2A-62D96CFFA9E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{82A52AD0-ADA1-4096-90AD-2E111F533478}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{84544764-6C1D-46CB-9836-391A89B6DECC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{8605FF1B-EBF1-44CF-B89E-1A60054F3C65}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{875AA9DC-C1F1-4F1D-8CA3-4366171709F9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | 
"{8787FE05-76D8-41D7-ADC6-64C3B8E7BBF3}" = protocol=6 | dir=in | app=d:\gamez\stronghold 1\stronghold.exe | 
"{889F70FE-5066-480C-9D7D-9D1D08162FB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe | 
"{8C6682F4-4DD3-4560-91E8-101C3F5445D2}" = protocol=6 | dir=in | app=d:\gamez\diablo iii\diablo iii\diablo iii.exe | 
"{9163240E-E05E-4A6C-90D0-A60C9F8E4BEB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{94194D05-D549-4601-8112-E2A382A6F5E2}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | 
"{95CC710B-74CF-4A8D-8383-354004562069}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9BAFD1BC-4966-4B66-A29D-6229A897B49C}" = protocol=17 | dir=in | app=d:\gamez\stronghold 2\stronghold2.exe | 
"{9C59968C-B5D1-402C-BF7F-842937356CC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9C5FF772-09D1-4639-9BB4-D26FEF166C19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{9E04CED4-3EBC-4A97-A5DD-937C86D5EB95}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9E593D6D-6F09-43F0-871E-616C94E41C2D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe | 
"{9EA65127-E951-4F4B-AB0D-66859299C177}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{A1589430-0E48-4B1A-A2E1-31A8F142C5E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | 
"{A7510513-5631-4186-9F5A-B612C73488E1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | 
"{A89FFA7B-CD86-4233-ABEE-9BE2BC0650B5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe | 
"{A8FC873B-8A5B-4DE9-9393-07F2A92049CA}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"{A9C4B97A-863D-437C-829A-AF3C235A87F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{AA9A46A8-3636-4B9F-98AC-24BD793AC900}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{AEF2D5C8-D5D0-44C7-9E3B-F44D2E2C534D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"{B537000F-867E-4589-B1F6-5E8F1886E51E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{B68D91F4-164A-4EB6-BA9F-5D59D913B13C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\der herr der ringe® - die eroberung™\conquest.exe | 
"{B7A5DE4F-B2A9-48C0-8D3B-21D8BD15013F}" = protocol=17 | dir=in | app=d:\gamez\batman - arkham asylum\binaries\shippingpc-bmgame.exe | 
"{B8CF6156-BFDD-41AA-A80A-AC4D5DB20E68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | 
"{BCF12AA5-5286-495E-9408-E17DBC34274E}" = protocol=6 | dir=in | app=d:\cybetech\apps\utorrent\app\app\utorrent\utorrent.exe | 
"{BDE2804D-0976-4EC7-BD2B-E278E7501FAB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{BE883716-65AA-4293-BEDF-95171B23966C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{C66567E7-0BEE-4251-ADD8-6EEF42B755B7}" = protocol=17 | dir=in | app=d:\gamez\battleforge\bootstrapper.exe | 
"{C8190219-D888-4B05-9CA4-3286BA6CF958}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{CB8FE8AE-BE5A-4FD0-9902-3C31DA5FE28F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC9E145B-25EA-401C-B5F1-E29033ECE78A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{CCE92F41-D677-40B1-A9D4-1A6834CEE809}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\der herr der ringe® - die eroberung™\conquest.exe | 
"{CF2EE987-2239-42AB-A5B2-EEB1AAB7A71D}" = protocol=6 | dir=in | app=d:\gamez\battleforge\battleforge.exe | 
"{CF3FF181-62BD-4467-A4A7-D257040C50FA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CF9003FA-6128-45A1-B4C4-ACE98F51F114}" = protocol=6 | dir=in | app=d:\gamez\die schlacht um mittelerde ii\game.dat | 
"{CFAC77DE-0B35-4CD1-81E3-6ECF6C7B4B36}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D11ACE64-FB50-4C8C-9CA9-AD95D72DF3BE}" = protocol=17 | dir=in | app=d:\gamez\resident evil 5\re5dx9.exe | 
"{D29BDB0D-5D28-497E-95E8-F971FAC7193D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2AE0A03-0849-41EE-B11C-6A5F285C6272}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe | 
"{D388D05E-F863-4138-A4D5-F112C6566C43}" = protocol=6 | dir=in | app=d:\gamez\stronghold 1 - crusader\stronghold_crusader_extreme.exe | 
"{D3A280D4-1051-4219-8533-70B25B794F4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D7CB6FE8-39E9-4BBB-9DE5-334546313756}" = protocol=6 | dir=in | app=d:\gamez\battleforge\bootstrapper.exe | 
"{DCF7D658-91E9-430E-8648-C2ACFA1E439A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | 
"{DD912348-0320-48BC-BD71-28EBDC9D626E}" = protocol=17 | dir=in | app=d:\gamez\stronghold 1 - crusader\stronghold crusader.exe | 
"{DE8D6B07-0168-41F0-AD65-FCB66C22F8C7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DEF9D653-A546-40B0-A0D3-C37C4B18B95F}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | 
"{E0D344F2-22F5-425C-A288-D523E60198B8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | 
"{E1A76F17-5CD9-4390-BD2D-39C8E3A7205A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E4B02695-E58E-427D-B7D1-1318782C2E81}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{E51F74A6-18E7-40D4-BE84-3710EA064CB2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E6A8092B-3257-40F0-9654-2D81AFB9F415}" = protocol=17 | dir=in | app=d:\gamez\die schlacht um mittelerde ii\game.dat | 
"{EDEC508C-7DF6-4550-A344-4043ECE345E6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{F02BD908-300D-4D5C-87C2-84A4B967F0FD}" = protocol=6 | dir=out | app=system | 
"{F1CFEB51-801A-49D8-AD83-C9778530CC85}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | 
"{F2D8E861-7666-4D6B-AFFB-D94340776897}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F4C8B66F-C12D-4F35-BAB5-FDE902E9FD8E}" = protocol=6 | dir=in | app=d:\gamez\die schlacht um mittelerde ii - der aufstieg des hexenkönigs\game.dat | 
"{F508FB4B-6D37-423C-B235-E65F1B45D5E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{F58FC871-1BBE-4620-9223-0B9017952A4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe | 
"{F86ADF9D-E43B-46D3-97F2-D4B94A4FCC5C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\moviemodule.exe | 
"{F9134A3F-212A-48C9-BD25-15D69B8AB54D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FB8D42C6-CD5E-41A2-9A05-3F24B0813B71}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{FE5B4AD7-E13E-4078-9D14-DA66AB7E5888}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{070A1370-8582-43EC-87B3-664A1DBCC54A}D:\cybetech\apps\xbmc\app\xbmc.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\xbmc\app\xbmc.exe | 
"TCP Query User{119A8772-DB24-46DB-86BD-109028DD84E8}D:\cybetech\apps\xbmc\app\xbmc.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\xbmc\app\xbmc.exe | 
"TCP Query User{3582D8A3-BB3B-4CDE-B436-7D16AE3A8C81}D:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe | 
"TCP Query User{4009BD1B-F959-4C05-A644-76F15E61DF51}D:\gamez\tq - immortal throne\tqit.exe" = protocol=6 | dir=in | app=d:\gamez\tq - immortal throne\tqit.exe | 
"TCP Query User{4AD1C25E-3513-4054-8CBA-9E6F344243EF}D:\gamez\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\gamez\warcraft iii\war3.exe | 
"TCP Query User{4DFE0946-F92C-4526-939B-DB0A90C145E2}D:\gamez\rise of the argonauts\binaries\riseoftheargonauts.exe" = protocol=6 | dir=in | app=d:\gamez\rise of the argonauts\binaries\riseoftheargonauts.exe | 
"TCP Query User{5C8EA372-591D-44C8-B68C-FD37C5A8AA2E}D:\shared\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\shared\anno 1404\tools\addonweb.exe | 
"TCP Query User{5FE2E26D-5229-4C44-9C46-E68B404C2DDE}C:\program files (x86)\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\der herr der ringe® - die eroberung™\conquest.exe | 
"TCP Query User{6A774DD5-6C0E-467C-9415-72B58589BBC5}U:\cybetech\apps\xbmc\app\xbmc.exe" = protocol=6 | dir=in | app=u:\cybetech\apps\xbmc\app\xbmc.exe | 
"TCP Query User{768DBDE5-C1EF-4FCD-A8A4-582549A36EF8}D:\cybetech\apps\eventghost\app\eventghost.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\eventghost\app\eventghost.exe | 
"TCP Query User{76CAEE81-95CD-46A1-AD3B-FC9A38129E1C}D:\shared\anno 1404\addon.exe" = protocol=6 | dir=in | app=d:\shared\anno 1404\addon.exe | 
"TCP Query User{848B13DF-CB8C-44E1-B329-98F1A33BDDEB}C:\program files (x86)\steamless left4dead pack\left4dead.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steamless left4dead pack\left4dead.exe | 
"TCP Query User{85D7A64A-E513-4866-906A-34C3B0BAB3CE}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe | 
"TCP Query User{86DFCF5E-F55B-4509-BC6C-E804C958B338}U:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe" = protocol=6 | dir=in | app=u:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe | 
"TCP Query User{950C23E2-D6BB-4E04-B4BF-CEE7D69371B6}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{97FDDCF1-4D5F-4E9E-891E-5D6D0896B5BA}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | 
"TCP Query User{9B488FC0-761A-4657-9A1F-37789B9083A0}D:\gamez\sacred 2\system\s2gs.exe" = protocol=6 | dir=in | app=d:\gamez\sacred 2\system\s2gs.exe | 
"TCP Query User{9E1B4780-C71A-4856-B858-592EAE4CD548}D:\shared\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\shared\anno 1404\tools\addonweb.exe | 
"TCP Query User{A1618474-DFB5-48A2-8745-F22C7E507A3F}C:\program files (x86)\steam\steamapps\groby82\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\groby82\team fortress 2\hl2.exe | 
"TCP Query User{A190845E-7907-42C9-A1F4-F0B9DD03AC91}D:\cybetech\apps\mysql\app\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\mysql\app\bin\mysqld-nt.exe | 
"TCP Query User{A9809462-D7CD-4508-8383-B79FB07DADA0}D:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe | 
"TCP Query User{B80FD5A5-64BD-4621-9297-B8D544C27BCE}D:\gamez\fifa 11\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\gamez\fifa 11\fifa 11\game\fifa.exe | 
"TCP Query User{E95F575D-D63B-4673-AA67-6F9A4F5AD50E}D:\shared\anno 1404\addon.exe" = protocol=6 | dir=in | app=d:\shared\anno 1404\addon.exe | 
"TCP Query User{FCEAEE31-B251-4DBE-9580-689895DDFC0E}D:\cybetech\apps\krento\app\krento.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\krento\app\krento.exe | 
"UDP Query User{0B8FA923-D521-4095-B178-4B09C97E85FD}D:\gamez\rise of the argonauts\binaries\riseoftheargonauts.exe" = protocol=17 | dir=in | app=d:\gamez\rise of the argonauts\binaries\riseoftheargonauts.exe | 
"UDP Query User{0BE9E10A-B341-41AD-940D-95EBAB28B5E6}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{32FE5490-8E4A-4F89-A80F-49F6604F3620}D:\shared\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\shared\anno 1404\tools\addonweb.exe | 
"UDP Query User{3AAB3E60-474D-458D-B3D8-D95CCEE2E433}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe | 
"UDP Query User{44040D15-E82F-4B1A-9503-267DBB24D5DB}U:\cybetech\apps\xbmc\app\xbmc.exe" = protocol=17 | dir=in | app=u:\cybetech\apps\xbmc\app\xbmc.exe | 
"UDP Query User{53B787E9-BFEF-438E-ABA9-0345F1CEA8E1}C:\program files (x86)\steamless left4dead pack\left4dead.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steamless left4dead pack\left4dead.exe | 
"UDP Query User{5A9BC7CC-136E-4764-8C7D-345F834C365E}D:\cybetech\apps\xbmc\app\xbmc.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\xbmc\app\xbmc.exe | 
"UDP Query User{5D82F561-B3B5-464F-A4B9-AC0A1E0AE76D}D:\shared\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\shared\anno 1404\tools\addonweb.exe | 
"UDP Query User{690528A8-D683-4BEC-81C8-BD3B0D34FBA1}U:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe" = protocol=17 | dir=in | app=u:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe | 
"UDP Query User{77248834-1AED-46F4-A3A7-B0B3CD7A4CD9}D:\gamez\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\gamez\warcraft iii\war3.exe | 
"UDP Query User{7EDC065A-BEEC-4216-B137-52704ADFBC8F}D:\cybetech\apps\mysql\app\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\mysql\app\bin\mysqld-nt.exe | 
"UDP Query User{85ACFFAC-6B63-4CAB-9638-11AF69A20D65}D:\cybetech\apps\xbmc\app\xbmc.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\xbmc\app\xbmc.exe | 
"UDP Query User{950A98C1-E23E-4396-890D-A7BCB78CE541}D:\shared\anno 1404\addon.exe" = protocol=17 | dir=in | app=d:\shared\anno 1404\addon.exe | 
"UDP Query User{A9586B6F-19DB-4E88-B439-9B8870442337}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | 
"UDP Query User{B009B246-9012-4FF5-8381-EEE4B91C1ACF}D:\gamez\fifa 11\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\gamez\fifa 11\fifa 11\game\fifa.exe | 
"UDP Query User{B0512161-0383-4B2E-8355-ABCC9731CBAA}C:\program files (x86)\steam\steamapps\groby82\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\groby82\team fortress 2\hl2.exe | 
"UDP Query User{BC753977-0832-4C31-AAB5-AB66615EF327}D:\cybetech\apps\eventghost\app\eventghost.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\eventghost\app\eventghost.exe | 
"UDP Query User{BEEB8669-82B1-4C4B-90ED-7D77BC0B73CE}D:\gamez\tq - immortal throne\tqit.exe" = protocol=17 | dir=in | app=d:\gamez\tq - immortal throne\tqit.exe | 
"UDP Query User{D289AA0D-F6AF-4C38-B9F6-7B798086AE78}D:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe | 
"UDP Query User{D2C3D093-9F87-4F4C-B97E-9B9AED372F4F}D:\shared\anno 1404\addon.exe" = protocol=17 | dir=in | app=d:\shared\anno 1404\addon.exe | 
"UDP Query User{D58B0DB5-70F5-411D-B17D-34F0C49C8198}C:\program files (x86)\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\der herr der ringe® - die eroberung™\conquest.exe | 
"UDP Query User{EBAE786D-03D2-466A-AA37-142C1CD9B07D}D:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe | 
"UDP Query User{F8165A13-E4C9-4407-B413-77E93C886396}D:\cybetech\apps\krento\app\krento.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\krento\app\krento.exe | 
"UDP Query User{FF80B958-D635-4CEC-83F9-DEDA6203DCD8}D:\gamez\sacred 2\system\s2gs.exe" = protocol=17 | dir=in | app=d:\gamez\sacred 2\system\s2gs.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Theme Resource Changer X64 v1.0" = Theme Resource Changer X64 v1.0
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1E58B969-9BB4-4012-8D8B-D06005D1CD24}" = TP-LINK Wireless Client Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D0AEAD8-07FA-4C4D-9347-E7FBC5534B73}" = Sacred 2 - Fallen Angel
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C542173-96F0-435D-A95C-468CAAC75EA0}" = Adobe Flash Player 10 Plugin
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EC7EBCD9-0CB4-472B-BC64-364CDC3CAC4C}" = Rise of the Argonauts
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.03.05.8039
"Adobe AIR" = Adobe AIR
"AnyDVD" = AnyDVD
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"CToolbar_UNINSTALL" = Web Security Guard with Crawler Toolbar
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Dungeon Siege III_is1" = Dungeon Siege III
"FIFA 11_is1" = FIFA 11
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"Hama Gamepad FIFA08 Patch" = Hama Gamepad FIFA08 Patch
"InstallShield_{EC7EBCD9-0CB4-472B-BC64-364CDC3CAC4C}" = Rise of the Argonauts
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"IrfanView" = IrfanView (remove only)
"Lilith The Will of Demon : Battles of Jalavia v1.1_is1" = Lilith The Will of Demon : Battles of Jalavia v1.1
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Steam App 113900" = World of Battles
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 201190" = Magic: The Gathering – Tactics
"Steam App 440" = Team Fortress 2
"Steam App 47400" = Stronghold 3
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steamless Left4Dead Pack" = Steamless Left4Dead Pack
"Super Mario: Blue Twilight DX (v1.04.1)" = Super Mario: Blue Twilight DX (v1.04.1)
"Synergy" = Synergy
"Underlord15" = Underlord 1.5
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WM Recorder14.11.4" = WM Recorder
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.07.2012 13:15:46 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.07.2012 14:59:45 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.07.2012 17:19:19 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.07.2012 18:49:40 | Computer Name = Wotan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FLVPlayer.exe, Version: 0.0.0.0, 
Zeitstempel: 0x48374e32  Name des fehlerhaften Moduls: FlashPlayer.3.1.1k.ocx, Version:
 9.0.124.0, Zeitstempel: 0x47e8643e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000c274c
ID
 des fehlerhaften Prozesses: 0x40c  Startzeit der fehlerhaften Anwendung: 0x01cd6f6ebd7664b3
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\FLV Player\FLVPlayer.exe  Pfad
 des fehlerhaften Moduls: C:\Users\Wotan\AppData\Local\Temp\mProjector3175261488\FlashPlayer.3.1.1k.ocx
Berichtskennung:
 02b0da9d-db62-11e1-86be-8c89a555bfee
 
Error - 01.08.2012 15:28:04 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.08.2012 16:57:17 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.08.2012 17:02:53 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.08.2012 17:07:06 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.08.2012 12:32:59 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.08.2012 13:55:42 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.03.2012 15:11:57 | Computer Name = Wotan-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.03.2012 12:06:43 | Computer Name = Wotan-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.03.2012 14:14:16 | Computer Name = Wotan-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 01.04.2012 05:32:29 | Computer Name = Wotan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?04.?2012 um 11:24:07 unerwartet heruntergefahren.
 
Error - 05.04.2012 11:49:01 | Computer Name = Wotan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?04.?2012 um 17:31:03 unerwartet heruntergefahren.
 
Error - 06.04.2012 03:50:22 | Computer Name = Wotan-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 07.04.2012 12:36:39 | Computer Name = Wotan-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 08.04.2012 12:33:16 | Computer Name = Wotan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?04.?2012 um 04:12:28 unerwartet heruntergefahren.
 
Error - 09.04.2012 17:21:32 | Computer Name = Wotan-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11.04.2012 17:17:48 | Computer Name = Wotan-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---

Alt 03.08.2012, 15:39   #2
t'john
/// Helfer-Team
 
GVU Trojaner legt PC lahm - Standard

GVU Trojaner legt PC lahm





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - user.js - File not found 
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found 
O4 - Startup: C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CybeSystems.lnk = D:\Cybetech\CybeSystems.exe (Microsoft) 
O4 - Startup: C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK = C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V\registrationa1\RegistrationReminder.exe () 
O4 - Startup: C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK = C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe () 
O4 - Startup: C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) 
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) 
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) 
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - G:\autorun.dat -- [ CDFS ] 
O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - G:\autorun.inf -- [ CDFS ] 
[2012.08.02 20:03:32 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Wotan\Desktop\OTLPENet.exe 
[2012.08.02 18:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar 
[2012.08.02 19:55:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad 

[2012.08.01 22:52:12 | 000,001,881 | ---- | M] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 


:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 06.08.2012, 10:59   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner legt PC lahm - Standard

GVU Trojaner legt PC lahm



Code:
ATTFilter
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
         
__________________
__________________

Antwort

Themen zu GVU Trojaner legt PC lahm
adobe, antivirus, avast, battle.net, bho, black, browser, converter, error, firefox, flash player, format, hängen, install.exe, langs, logfile, mozilla, mp3, nvidia update, pando media booster, realtek, registry, rundll, scan, security, software, spyware, super, svchost.exe, trojaner, udp, usb 3.0, windows



Ähnliche Themen: GVU Trojaner legt PC lahm


  1. BKA-Trojaner/Österreich legt Windows XP lahm
    Log-Analyse und Auswertung - 29.09.2013 (7)
  2. Interpol Trojaner legt meinen PC lahm
    Log-Analyse und Auswertung - 17.09.2013 (8)
  3. Trojaner legt Windows 7 PC lahm
    Log-Analyse und Auswertung - 09.08.2013 (3)
  4. GVU Trojaner legt Computer lahm
    Plagegeister aller Art und deren Bekämpfung - 21.04.2013 (29)
  5. Trojaner legt onlinebanking lahm
    Log-Analyse und Auswertung - 13.12.2012 (1)
  6. GVU Trojaner legt Geschäfts PC lahm
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (49)
  7. GVU-Trojaner legt Benutzer lahm
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (9)
  8. BKA Trojaner legt alles lahm
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  9. GEMA Trojaner legt Laptop lahm
    Plagegeister aller Art und deren Bekämpfung - 24.12.2011 (4)
  10. Trojaner legt alles lahm
    Plagegeister aller Art und deren Bekämpfung - 30.08.2009 (6)
  11. Trojaner legt Firefox lahm
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (1)
  12. Trojaner? IExplore.exe legt System lahm
    Log-Analyse und Auswertung - 12.04.2009 (1)
  13. Trojaner legt alles lahm
    Log-Analyse und Auswertung - 14.01.2009 (4)
  14. Trojaner legt alles lahm
    Plagegeister aller Art und deren Bekämpfung - 29.12.2008 (0)
  15. trojaner/virus legt pc lahm
    Log-Analyse und Auswertung - 23.09.2008 (35)
  16. Trojaner legt Pc lahm....need Help
    Log-Analyse und Auswertung - 02.04.2008 (4)
  17. Trojaner der AntivirXP lahm legt
    Plagegeister aller Art und deren Bekämpfung - 02.01.2005 (10)

Zum Thema GVU Trojaner legt PC lahm - Hallo liebe Trojaner kundigen !! Habe mir gestern auch diesen GVU Trojaner eingefangen; dieser erscheint nun jedesmal sobald ich meinen PC hochfahre (allerdings nur wenn PC mit I-net verbunden ist). - GVU Trojaner legt PC lahm...
Archiv
Du betrachtest: GVU Trojaner legt PC lahm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.