GVU Trojaner legt PC lahm
Hallo liebe Trojaner kundigen !!
Habe mir gestern auch diesen GVU Trojaner eingefangen; dieser erscheint nun jedesmal sobald ich meinen PC hochfahre (allerdings nur wenn PC mit I-net verbunden ist).
Wäre super wenn ihr mir helfen würdet bzw. könnt; vorab schonmal vielen Danke
Ich poste nachfolgend die beiden log-files. Hoffe dass ich das richtig gemacht habe, bin nicht so bewndert in solchen Dingen.OTL Logfile: Code:
OTL logfile created on: 02.08.2012 21:56:06 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Wotan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 56,76% Memory free
15,96 Gb Paging File | 12,65 Gb Available in Paging File | 79,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 44,07 Gb Free Space | 18,06% Space Free | Partition Type: NTFS
Drive D: | 1618,87 Gb Total Space | 350,26 Gb Free Space | 21,64% Space Free | Partition Type: NTFS
Drive G: | 4,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 7,45 Gb Total Space | 0,70 Gb Free Space | 9,43% Space Free | Partition Type: FAT32
Computer Name: WOTAN-PC | User Name: Wotan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Wotan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (CLHNServiceForPowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (CyberLink)
SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ntk_PowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (Cyberlink Corp.)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 B9 ED 88 27 70 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.10.25 19:53:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.14 01:15:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.02 19:52:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2012.08.02 18:50:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 20:28:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.14 01:42:17 | 000,000,000 | ---D | M]
[2011.10.25 21:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wotan\AppData\Roaming\mozilla\Extensions
[2012.07.07 16:24:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wotan\AppData\Roaming\mozilla\Firefox\Profiles\qvionje7.default\extensions
[2011.12.10 14:38:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Wotan\AppData\Roaming\mozilla\Firefox\Profiles\qvionje7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.07 16:24:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wotan\AppData\Roaming\mozilla\Firefox\Profiles\qvionje7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.29 18:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.13 20:22:22 | 000,009,584 | ---- | M] () (No name found) -- D:\CYBETECH\APPS\KYLO\APP\EXTENSIONS\{34685145-442A-4A29-A33E-AF4FFA3DDAEB}.XPI
[2011.10.13 20:22:22 | 000,099,159 | ---- | M] () (No name found) -- D:\CYBETECH\APPS\KYLO\APP\EXTENSIONS\{448D473E-BEC6-11E0-8845-A93E4824019B}.XPI
[2012.07.20 20:28:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.14 01:42:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.29 18:11:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.29 18:11:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2012.04.29 18:11:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.29 18:11:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.29 18:11:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.29 18:11:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.10.25 19:43:28 | 000,002,402 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 27 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CybeSystems.lnk = D:\Cybetech\CybeSystems.exe (Microsoft)
O4 - Startup: C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK = C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V\registrationa1\RegistrationReminder.exe ()
O4 - Startup: C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK = C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe ()
O4 - Startup: C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Wotan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wotan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Wotan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wotan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E51C7A9-DC03-4151-B8F3-D7668B54981C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A3DF05E-6B30-4A13-AC56-0F5424D98D3B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\tbr - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.29 01:19:31 | 000,000,000 | ---D | M] - G:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - G:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.02 20:03:32 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Wotan\Desktop\OTLPENet.exe
[2012.08.02 18:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2012.08.02 18:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
[2012.08.02 18:50:00 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.08.02 18:49:59 | 000,000,000 | ---D | C] -- C:\Users\Wotan\AppData\Roaming\Spyware Terminator
[2012.08.02 18:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.08.02 18:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.08.02 18:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2012.07.23 19:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2012.07.23 19:25:49 | 000,000,000 | ---D | C] -- C:\Users\Wotan\Documents\Stronghold 2
[2012.07.22 15:01:17 | 000,000,000 | ---D | C] -- C:\Users\Wotan\Desktop\Neuer Ordner
[2012.07.18 21:52:34 | 000,000,000 | ---D | C] -- C:\Users\Wotan\Documents\Stronghold 3
[2012.07.18 19:48:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.17 21:58:32 | 000,000,000 | ---D | C] -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.07.14 22:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports
[2012.07.12 03:00:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 03:00:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 03:00:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 03:00:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 03:00:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 03:00:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 03:00:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 03:00:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 03:00:49 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 03:00:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 03:00:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 03:00:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 03:00:48 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 23:22:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 23:22:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 23:21:58 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 23:21:53 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 23:21:52 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.07 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\Wotan\dwhelper
[2012.07.06 03:00:33 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.02 20:01:46 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 20:01:46 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 19:55:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.02 19:53:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.02 19:53:54 | 2132,430,847 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.02 19:52:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.08.02 18:50:00 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.08.02 18:49:58 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.08.02 12:52:32 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Wotan\Desktop\OTLPENet.exe
[2012.08.01 22:52:12 | 000,001,881 | ---- | M] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.29 13:25:22 | 000,000,124 | ---- | M] () -- C:\Users\Wotan\Documents\ax_files.xml
[2012.07.18 19:51:16 | 001,619,884 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.18 19:51:16 | 000,707,550 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.18 19:51:16 | 000,661,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.18 19:51:16 | 000,153,036 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.18 19:51:16 | 000,125,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.18 19:51:10 | 001,619,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.14 22:02:38 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 11.lnk
[2012.07.13 20:50:02 | 000,001,613 | ---- | M] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK
[2012.07.13 20:49:55 | 000,001,567 | ---- | M] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
[2012.07.13 20:49:48 | 000,001,714 | ---- | M] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK
[2012.07.12 03:20:23 | 004,831,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.02 18:49:58 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.08.01 22:52:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.08.01 22:52:12 | 000,001,881 | ---- | C] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.14 22:02:38 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 11.lnk
[2012.07.13 20:50:02 | 000,001,613 | ---- | C] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK
[2012.07.13 20:49:55 | 000,001,567 | ---- | C] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
[2012.07.13 20:49:48 | 000,001,714 | ---- | C] () -- C:\Users\Wotan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK
[2012.04.22 12:04:19 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.04.05 18:46:28 | 000,697,862 | ---- | C] () -- C:\Windows\unins000.exe
[2012.04.05 18:46:28 | 000,002,357 | ---- | C] () -- C:\Windows\unins000.dat
[2012.04.05 18:36:14 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2011.11.01 11:02:52 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.01 11:02:49 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.11.01 11:02:49 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.30 16:49:03 | 000,000,093 | ---- | C] () -- C:\Users\Wotan\AppData\Local\fusioncache.dat
[2011.10.25 22:56:27 | 001,619,884 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2007.06.21 17:11:24 | 000,000,266 | ---- | C] () -- C:\Program Files (x86)\Common Files\hama.de - Download-Area Gamecontroller.url
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 02.08.2012 21:56:06 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Wotan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 56,76% Memory free
15,96 Gb Paging File | 12,65 Gb Available in Paging File | 79,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 44,07 Gb Free Space | 18,06% Space Free | Partition Type: NTFS
Drive D: | 1618,87 Gb Total Space | 350,26 Gb Free Space | 21,64% Space Free | Partition Type: NTFS
Drive G: | 4,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 7,45 Gb Total Space | 0,70 Gb Free Space | 9,43% Space Free | Partition Type: FAT32
Computer Name: WOTAN-PC | User Name: Wotan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083F99C6-5227-425E-8B64-E75F8ACAA575}" = lport=10243 | protocol=6 | dir=in | app=system |
"{09C00565-D11B-4572-AB62-BD25ECD995C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0F01F07C-2204-4197-A054-52D26108D8E4}" = lport=58232 | protocol=6 | dir=in | name=pando media booster |
"{1761F213-8A72-47E6-B77E-945278D46405}" = lport=58232 | protocol=6 | dir=in | name=pando media booster |
"{37442C76-CB90-4541-9701-80EA4C13E09A}" = rport=445 | protocol=6 | dir=out | app=system |
"{3D72F8D5-8175-412E-9E1D-1369461E331C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4126EA9C-15EB-42C0-99ED-033FED56865E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43E66627-9023-43E4-914E-91C8A74B96D3}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
"{45872FA9-9F9D-4603-96BC-62B0CB56BD80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{471DDD51-CE32-4285-85B0-531E785257D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CBC277E-7004-4DDB-9030-86DA18F358A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B0A9B82-F292-43EB-AB39-907E91A824C8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5BD109D3-B398-4E15-B711-3E557C5DE704}" = lport=2869 | protocol=6 | dir=in | app=system |
"{64C1C04A-D896-4615-B1CD-DCD3E945BBB5}" = rport=139 | protocol=6 | dir=out | app=system |
"{653283B3-7101-4FD3-96A3-41DAF72467A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{678DB5C1-0379-4CC1-A478-EAC6C3BF83F2}" = lport=138 | protocol=17 | dir=in | app=system |
"{680DFBE2-69B3-4852-BD1C-6422E3E1F1B5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6FA0A9BD-ABA9-4250-9184-B87A4EAB52C4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{70AF299F-DE35-4436-AA84-D802C2EA63FF}" = rport=137 | protocol=17 | dir=out | app=system |
"{81510B2A-CED5-433C-8A78-85B9498E585A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{871020EC-AB66-47CD-AB25-EF7B8C2CC7E5}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B5E0903-68B1-4DA2-93C8-7B057CD59B36}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{9F69456B-AF35-40BE-9EEF-45823C5566CD}" = lport=139 | protocol=6 | dir=in | app=system |
"{A28BE798-1762-4D07-B2F3-4B6F6C2666BB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A377C6D2-A1EA-4928-9BC5-258352900E9B}" = rport=138 | protocol=17 | dir=out | app=system |
"{A4CEE47F-E3F8-4BD4-BE83-D6A242F7218A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A79EE648-86A1-4CC6-9D3D-9F9372D40104}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B02313F8-BC11-4776-B71B-9337F44AAFE7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4D94DD0-74E7-4DCD-A0A0-132660F5F293}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4117031-05BC-4CAE-900B-14B9A3F994EC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C850A8EE-73BE-49C9-B2D9-4F77B377BABF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D289B2C1-555F-463B-8F48-1A2AD9E3090B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D383D01A-9579-4DAA-80AC-A12EE6450491}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0EAD7ED-6188-4F96-B7A0-8E2C3CAD6524}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2C3E8A7-F28E-46B4-85FE-94420A09AAD3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F04246E1-DADF-4C90-8EE4-7A3E1B273BC3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F2B94574-7C46-4FDA-A027-0A0B75F9694B}" = lport=58232 | protocol=17 | dir=in | name=pando media booster |
"{F6CC924F-C651-4D66-9D9B-9101D5F93BCD}" = lport=58232 | protocol=17 | dir=in | name=pando media booster |
"{FDD049D9-6A35-424B-AAAF-E71C3A422430}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045CC36C-289E-4105-8A9F-3C63AC1B1408}" = protocol=17 | dir=in | app=d:\gamez\tq - immortal throne\tqit.exe |
"{047C222B-8724-495C-AE96-9C3C91094C26}" = protocol=17 | dir=in | app=d:\gamez\stronghold 1\stronghold.exe |
"{07C547F8-00A4-4808-A8DB-B96D272F2759}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{083A3621-5E59-4246-9FC1-62476F18ED5B}" = protocol=17 | dir=in | app=d:\gamez\stronhgold legends\strongholdlegends.exe |
"{08AD65E2-EF28-4DD5-AC29-E89BBC3E310B}" = protocol=6 | dir=in | app=d:\gamez\die schlacht um mittelerde ii - der aufstieg des hexenkönigs\game.dat |
"{0A6290C4-AA7F-40CE-BB76-5873B59C4115}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{0E7C95CB-2B89-442D-B2A1-0B6128E02560}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{12317A31-4C96-45C8-93E6-8A9F1D0AD6FC}" = protocol=17 | dir=in | app=d:\gamez\battleforge\battleforge.exe |
"{1CACB76B-CCED-428E-8F54-D082FC4D994C}" = protocol=17 | dir=in | app=d:\gamez\diablo iii\diablo iii\diablo iii.exe |
"{1DA33912-50BD-4725-99B7-BA54755B1375}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{1F6FD4E1-0CF8-4790-B846-C61B4F101FEC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of battles\release\launcher.exe |
"{26109926-4B9E-458B-B329-1281173380AF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{266E0077-8349-4409-9BF3-CEF93AB446E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe |
"{26D20554-5CDA-4FE5-94C0-42AB64934E6E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{2A8DC2F2-8EBD-4683-8F84-7D89A104E541}" = protocol=6 | dir=in | app=d:\gamez\resident evil 5\re5dx9.exe |
"{30516F06-5FEC-4496-9C13-C158DA656B70}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{30C96685-3EDD-464A-B2C9-32789C4E09C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{330B1022-4BEC-41F2-A1B4-5B4E8C900229}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{336C6148-1600-4B83-985E-223FA078AEBF}" = protocol=6 | dir=in | app=d:\gamez\resident evil 5\re5dx10.exe |
"{34C0D79C-4A43-4A0B-B666-E9B4A6641C3F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{34ECF543-D29C-4BAC-BC87-4D3252A352AE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe |
"{3551F2CC-A7EA-4350-887E-1314704D9FEB}" = protocol=6 | dir=in | app=d:\gamez\tq - immortal throne\tqit.exe |
"{3BCE0140-4A42-41CC-9E91-9A35307B9EC5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{3EA085CF-C4E9-4241-A09F-E0643DCCC243}" = protocol=6 | dir=in | app=d:\gamez\batman - arkham asylum\binaries\shippingpc-bmgame.exe |
"{3FEE07F1-5DF6-4E6A-8482-ED0F030B9D24}" = protocol=17 | dir=in | app=d:\gamez\resident evil 5\re5dx10.exe |
"{4386D938-D502-4DB2-8F0C-FB01DD65E25A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe |
"{45A49146-7174-4613-B413-26DB7C9F44AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4998C9C5-87C2-4618-9098-71D64DE2E1CD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe |
"{4F0F3C07-5D8A-4882-AABB-31877E430529}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5410CC6B-724F-4878-A409-E4892A1E8838}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{56D04746-34D6-4188-8C48-A2DE1A4704A7}" = protocol=6 | dir=in | app=d:\gamez\stronghold 1 - crusader\stronghold crusader.exe |
"{57099FFA-C8D2-49AE-BE3B-4184F9847EAB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of battles\release\launcher.exe |
"{57C20600-F173-4C7A-8FE4-E9CF292E3912}" = protocol=17 | dir=in | app=d:\gamez\die schlacht um mittelerde ii - der aufstieg des hexenkönigs\game.dat |
"{58FDB912-19F7-4F9A-9443-977B9BE7F05A}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{599D9230-53AE-4202-A31B-3AADE31A1B50}" = protocol=17 | dir=in | app=d:\gamez\stronghold 1 - crusader\stronghold_crusader_extreme.exe |
"{5C87EDD1-B4D2-46D8-B7A8-92A71409994B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63702DFA-E271-44FC-83DB-E879B969B3BE}" = protocol=6 | dir=in | app=d:\gamez\stronghold 2\stronghold2.exe |
"{659D4CCB-F6E9-431D-B3D5-295DE085376A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67DDC725-F020-44F5-BC79-ABEAA19B423F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{687A545E-1087-41BF-91E2-C24FB3F4D93F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{688618DF-988F-4F84-BE7D-D2096C0A8C13}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{68E27E36-C22B-4E94-9F4B-032A600065D9}" = protocol=17 | dir=in | app=d:\cybetech\apps\utorrent\app\app\utorrent\utorrent.exe |
"{6A427219-5ED5-48E7-B4BE-3D8DD0CD2549}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"{6A6D7262-CDEC-4BE0-8A6F-2ED8493C7AD4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6EBEED7A-4EFE-4934-B5E7-956E464F87EF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6F69B536-F0C9-482F-8C57-691ACDDD3AD7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe |
"{70BA2998-BE9F-4D5B-9B2D-5850E0ECBED9}" = protocol=17 | dir=in | app=d:\gamez\die schlacht um mittelerde ii - der aufstieg des hexenkönigs\game.dat |
"{73E0416C-45D7-4D22-89C5-8AF0F33A9398}" = protocol=6 | dir=in | app=d:\gamez\stronhgold legends\strongholdlegends.exe |
"{7416938F-47D9-4E15-A723-D4CB1241DAE7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{7419E1C6-0B28-4A41-B450-99CF049BF2EA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7527DA0C-2648-4587-8D42-11942A011D9B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe |
"{78853808-25AF-4488-B2CB-0459BE120052}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{78FFD5DF-51DF-4CE5-AC55-73A60F11A9C1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserver.exe |
"{7FB93290-8C00-4334-A055-9DE2A577655F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{817D9B8F-D6CB-4661-AF44-9EDAB2582BDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{825D8392-7A4D-481E-8B2A-62D96CFFA9E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{82A52AD0-ADA1-4096-90AD-2E111F533478}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{84544764-6C1D-46CB-9836-391A89B6DECC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{8605FF1B-EBF1-44CF-B89E-1A60054F3C65}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{875AA9DC-C1F1-4F1D-8CA3-4366171709F9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe |
"{8787FE05-76D8-41D7-ADC6-64C3B8E7BBF3}" = protocol=6 | dir=in | app=d:\gamez\stronghold 1\stronghold.exe |
"{889F70FE-5066-480C-9D7D-9D1D08162FB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe |
"{8C6682F4-4DD3-4560-91E8-101C3F5445D2}" = protocol=6 | dir=in | app=d:\gamez\diablo iii\diablo iii\diablo iii.exe |
"{9163240E-E05E-4A6C-90D0-A60C9F8E4BEB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{94194D05-D549-4601-8112-E2A382A6F5E2}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{95CC710B-74CF-4A8D-8383-354004562069}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BAFD1BC-4966-4B66-A29D-6229A897B49C}" = protocol=17 | dir=in | app=d:\gamez\stronghold 2\stronghold2.exe |
"{9C59968C-B5D1-402C-BF7F-842937356CC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9C5FF772-09D1-4639-9BB4-D26FEF166C19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{9E04CED4-3EBC-4A97-A5DD-937C86D5EB95}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E593D6D-6F09-43F0-871E-616C94E41C2D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe |
"{9EA65127-E951-4F4B-AB0D-66859299C177}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{A1589430-0E48-4B1A-A2E1-31A8F142C5E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
"{A7510513-5631-4186-9F5A-B612C73488E1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{A89FFA7B-CD86-4233-ABEE-9BE2BC0650B5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe |
"{A8FC873B-8A5B-4DE9-9393-07F2A92049CA}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{A9C4B97A-863D-437C-829A-AF3C235A87F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{AA9A46A8-3636-4B9F-98AC-24BD793AC900}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{AEF2D5C8-D5D0-44C7-9E3B-F44D2E2C534D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"{B537000F-867E-4589-B1F6-5E8F1886E51E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{B68D91F4-164A-4EB6-BA9F-5D59D913B13C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\der herr der ringe® - die eroberung™\conquest.exe |
"{B7A5DE4F-B2A9-48C0-8D3B-21D8BD15013F}" = protocol=17 | dir=in | app=d:\gamez\batman - arkham asylum\binaries\shippingpc-bmgame.exe |
"{B8CF6156-BFDD-41AA-A80A-AC4D5DB20E68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
"{BCF12AA5-5286-495E-9408-E17DBC34274E}" = protocol=6 | dir=in | app=d:\cybetech\apps\utorrent\app\app\utorrent\utorrent.exe |
"{BDE2804D-0976-4EC7-BD2B-E278E7501FAB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{BE883716-65AA-4293-BEDF-95171B23966C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{C66567E7-0BEE-4251-ADD8-6EEF42B755B7}" = protocol=17 | dir=in | app=d:\gamez\battleforge\bootstrapper.exe |
"{C8190219-D888-4B05-9CA4-3286BA6CF958}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{CB8FE8AE-BE5A-4FD0-9902-3C31DA5FE28F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC9E145B-25EA-401C-B5F1-E29033ECE78A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{CCE92F41-D677-40B1-A9D4-1A6834CEE809}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\der herr der ringe® - die eroberung™\conquest.exe |
"{CF2EE987-2239-42AB-A5B2-EEB1AAB7A71D}" = protocol=6 | dir=in | app=d:\gamez\battleforge\battleforge.exe |
"{CF3FF181-62BD-4467-A4A7-D257040C50FA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CF9003FA-6128-45A1-B4C4-ACE98F51F114}" = protocol=6 | dir=in | app=d:\gamez\die schlacht um mittelerde ii\game.dat |
"{CFAC77DE-0B35-4CD1-81E3-6ECF6C7B4B36}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D11ACE64-FB50-4C8C-9CA9-AD95D72DF3BE}" = protocol=17 | dir=in | app=d:\gamez\resident evil 5\re5dx9.exe |
"{D29BDB0D-5D28-497E-95E8-F971FAC7193D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D2AE0A03-0849-41EE-B11C-6A5F285C6272}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe |
"{D388D05E-F863-4138-A4D5-F112C6566C43}" = protocol=6 | dir=in | app=d:\gamez\stronghold 1 - crusader\stronghold_crusader_extreme.exe |
"{D3A280D4-1051-4219-8533-70B25B794F4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D7CB6FE8-39E9-4BBB-9DE5-334546313756}" = protocol=6 | dir=in | app=d:\gamez\battleforge\bootstrapper.exe |
"{DCF7D658-91E9-430E-8648-C2ACFA1E439A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{DD912348-0320-48BC-BD71-28EBDC9D626E}" = protocol=17 | dir=in | app=d:\gamez\stronghold 1 - crusader\stronghold crusader.exe |
"{DE8D6B07-0168-41F0-AD65-FCB66C22F8C7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEF9D653-A546-40B0-A0D3-C37C4B18B95F}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{E0D344F2-22F5-425C-A288-D523E60198B8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe |
"{E1A76F17-5CD9-4390-BD2D-39C8E3A7205A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E4B02695-E58E-427D-B7D1-1318782C2E81}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{E51F74A6-18E7-40D4-BE84-3710EA064CB2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E6A8092B-3257-40F0-9654-2D81AFB9F415}" = protocol=17 | dir=in | app=d:\gamez\die schlacht um mittelerde ii\game.dat |
"{EDEC508C-7DF6-4550-A344-4043ECE345E6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{F02BD908-300D-4D5C-87C2-84A4B967F0FD}" = protocol=6 | dir=out | app=system |
"{F1CFEB51-801A-49D8-AD83-C9778530CC85}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe |
"{F2D8E861-7666-4D6B-AFFB-D94340776897}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4C8B66F-C12D-4F35-BAB5-FDE902E9FD8E}" = protocol=6 | dir=in | app=d:\gamez\die schlacht um mittelerde ii - der aufstieg des hexenkönigs\game.dat |
"{F508FB4B-6D37-423C-B235-E65F1B45D5E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{F58FC871-1BBE-4620-9223-0B9017952A4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe |
"{F86ADF9D-E43B-46D3-97F2-D4B94A4FCC5C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\moviemodule.exe |
"{F9134A3F-212A-48C9-BD25-15D69B8AB54D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB8D42C6-CD5E-41A2-9A05-3F24B0813B71}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{FE5B4AD7-E13E-4078-9D14-DA66AB7E5888}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{070A1370-8582-43EC-87B3-664A1DBCC54A}D:\cybetech\apps\xbmc\app\xbmc.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\xbmc\app\xbmc.exe |
"TCP Query User{119A8772-DB24-46DB-86BD-109028DD84E8}D:\cybetech\apps\xbmc\app\xbmc.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\xbmc\app\xbmc.exe |
"TCP Query User{3582D8A3-BB3B-4CDE-B436-7D16AE3A8C81}D:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe |
"TCP Query User{4009BD1B-F959-4C05-A644-76F15E61DF51}D:\gamez\tq - immortal throne\tqit.exe" = protocol=6 | dir=in | app=d:\gamez\tq - immortal throne\tqit.exe |
"TCP Query User{4AD1C25E-3513-4054-8CBA-9E6F344243EF}D:\gamez\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\gamez\warcraft iii\war3.exe |
"TCP Query User{4DFE0946-F92C-4526-939B-DB0A90C145E2}D:\gamez\rise of the argonauts\binaries\riseoftheargonauts.exe" = protocol=6 | dir=in | app=d:\gamez\rise of the argonauts\binaries\riseoftheargonauts.exe |
"TCP Query User{5C8EA372-591D-44C8-B68C-FD37C5A8AA2E}D:\shared\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\shared\anno 1404\tools\addonweb.exe |
"TCP Query User{5FE2E26D-5229-4C44-9C46-E68B404C2DDE}C:\program files (x86)\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\der herr der ringe® - die eroberung™\conquest.exe |
"TCP Query User{6A774DD5-6C0E-467C-9415-72B58589BBC5}U:\cybetech\apps\xbmc\app\xbmc.exe" = protocol=6 | dir=in | app=u:\cybetech\apps\xbmc\app\xbmc.exe |
"TCP Query User{768DBDE5-C1EF-4FCD-A8A4-582549A36EF8}D:\cybetech\apps\eventghost\app\eventghost.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\eventghost\app\eventghost.exe |
"TCP Query User{76CAEE81-95CD-46A1-AD3B-FC9A38129E1C}D:\shared\anno 1404\addon.exe" = protocol=6 | dir=in | app=d:\shared\anno 1404\addon.exe |
"TCP Query User{848B13DF-CB8C-44E1-B329-98F1A33BDDEB}C:\program files (x86)\steamless left4dead pack\left4dead.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steamless left4dead pack\left4dead.exe |
"TCP Query User{85D7A64A-E513-4866-906A-34C3B0BAB3CE}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe |
"TCP Query User{86DFCF5E-F55B-4509-BC6C-E804C958B338}U:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe" = protocol=6 | dir=in | app=u:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe |
"TCP Query User{950C23E2-D6BB-4E04-B4BF-CEE7D69371B6}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{97FDDCF1-4D5F-4E9E-891E-5D6D0896B5BA}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"TCP Query User{9B488FC0-761A-4657-9A1F-37789B9083A0}D:\gamez\sacred 2\system\s2gs.exe" = protocol=6 | dir=in | app=d:\gamez\sacred 2\system\s2gs.exe |
"TCP Query User{9E1B4780-C71A-4856-B858-592EAE4CD548}D:\shared\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\shared\anno 1404\tools\addonweb.exe |
"TCP Query User{A1618474-DFB5-48A2-8745-F22C7E507A3F}C:\program files (x86)\steam\steamapps\groby82\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\groby82\team fortress 2\hl2.exe |
"TCP Query User{A190845E-7907-42C9-A1F4-F0B9DD03AC91}D:\cybetech\apps\mysql\app\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\mysql\app\bin\mysqld-nt.exe |
"TCP Query User{A9809462-D7CD-4508-8383-B79FB07DADA0}D:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe |
"TCP Query User{B80FD5A5-64BD-4621-9297-B8D544C27BCE}D:\gamez\fifa 11\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\gamez\fifa 11\fifa 11\game\fifa.exe |
"TCP Query User{E95F575D-D63B-4673-AA67-6F9A4F5AD50E}D:\shared\anno 1404\addon.exe" = protocol=6 | dir=in | app=d:\shared\anno 1404\addon.exe |
"TCP Query User{FCEAEE31-B251-4DBE-9580-689895DDFC0E}D:\cybetech\apps\krento\app\krento.exe" = protocol=6 | dir=in | app=d:\cybetech\apps\krento\app\krento.exe |
"UDP Query User{0B8FA923-D521-4095-B178-4B09C97E85FD}D:\gamez\rise of the argonauts\binaries\riseoftheargonauts.exe" = protocol=17 | dir=in | app=d:\gamez\rise of the argonauts\binaries\riseoftheargonauts.exe |
"UDP Query User{0BE9E10A-B341-41AD-940D-95EBAB28B5E6}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{32FE5490-8E4A-4F89-A80F-49F6604F3620}D:\shared\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\shared\anno 1404\tools\addonweb.exe |
"UDP Query User{3AAB3E60-474D-458D-B3D8-D95CCEE2E433}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe |
"UDP Query User{44040D15-E82F-4B1A-9503-267DBB24D5DB}U:\cybetech\apps\xbmc\app\xbmc.exe" = protocol=17 | dir=in | app=u:\cybetech\apps\xbmc\app\xbmc.exe |
"UDP Query User{53B787E9-BFEF-438E-ABA9-0345F1CEA8E1}C:\program files (x86)\steamless left4dead pack\left4dead.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steamless left4dead pack\left4dead.exe |
"UDP Query User{5A9BC7CC-136E-4764-8C7D-345F834C365E}D:\cybetech\apps\xbmc\app\xbmc.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\xbmc\app\xbmc.exe |
"UDP Query User{5D82F561-B3B5-464F-A4B9-AC0A1E0AE76D}D:\shared\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\shared\anno 1404\tools\addonweb.exe |
"UDP Query User{690528A8-D683-4BEC-81C8-BD3B0D34FBA1}U:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe" = protocol=17 | dir=in | app=u:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe |
"UDP Query User{77248834-1AED-46F4-A3A7-B0B3CD7A4CD9}D:\gamez\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\gamez\warcraft iii\war3.exe |
"UDP Query User{7EDC065A-BEEC-4216-B137-52704ADFBC8F}D:\cybetech\apps\mysql\app\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\mysql\app\bin\mysqld-nt.exe |
"UDP Query User{85ACFFAC-6B63-4CAB-9638-11AF69A20D65}D:\cybetech\apps\xbmc\app\xbmc.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\xbmc\app\xbmc.exe |
"UDP Query User{950A98C1-E23E-4396-890D-A7BCB78CE541}D:\shared\anno 1404\addon.exe" = protocol=17 | dir=in | app=d:\shared\anno 1404\addon.exe |
"UDP Query User{A9586B6F-19DB-4E88-B439-9B8870442337}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{B009B246-9012-4FF5-8381-EEE4B91C1ACF}D:\gamez\fifa 11\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\gamez\fifa 11\fifa 11\game\fifa.exe |
"UDP Query User{B0512161-0383-4B2E-8355-ABCC9731CBAA}C:\program files (x86)\steam\steamapps\groby82\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\groby82\team fortress 2\hl2.exe |
"UDP Query User{BC753977-0832-4C31-AAB5-AB66615EF327}D:\cybetech\apps\eventghost\app\eventghost.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\eventghost\app\eventghost.exe |
"UDP Query User{BEEB8669-82B1-4C4B-90ED-7D77BC0B73CE}D:\gamez\tq - immortal throne\tqit.exe" = protocol=17 | dir=in | app=d:\gamez\tq - immortal throne\tqit.exe |
"UDP Query User{D289AA0D-F6AF-4C38-B9F6-7B798086AE78}D:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe |
"UDP Query User{D2C3D093-9F87-4F4C-B97E-9B9AED372F4F}D:\shared\anno 1404\addon.exe" = protocol=17 | dir=in | app=d:\shared\anno 1404\addon.exe |
"UDP Query User{D58B0DB5-70F5-411D-B17D-34F0C49C8198}C:\program files (x86)\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\der herr der ringe® - die eroberung™\conquest.exe |
"UDP Query User{EBAE786D-03D2-466A-AA37-142C1CD9B07D}D:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\cybesystems\app\lighttpd\lighttpd.exe |
"UDP Query User{F8165A13-E4C9-4407-B413-77E93C886396}D:\cybetech\apps\krento\app\krento.exe" = protocol=17 | dir=in | app=d:\cybetech\apps\krento\app\krento.exe |
"UDP Query User{FF80B958-D635-4CEC-83F9-DEDA6203DCD8}D:\gamez\sacred 2\system\s2gs.exe" = protocol=17 | dir=in | app=d:\gamez\sacred 2\system\s2gs.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Theme Resource Changer X64 v1.0" = Theme Resource Changer X64 v1.0
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1E58B969-9BB4-4012-8D8B-D06005D1CD24}" = TP-LINK Wireless Client Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D0AEAD8-07FA-4C4D-9347-E7FBC5534B73}" = Sacred 2 - Fallen Angel
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C542173-96F0-435D-A95C-468CAAC75EA0}" = Adobe Flash Player 10 Plugin
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EC7EBCD9-0CB4-472B-BC64-364CDC3CAC4C}" = Rise of the Argonauts
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.03.05.8039
"Adobe AIR" = Adobe AIR
"AnyDVD" = AnyDVD
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"CToolbar_UNINSTALL" = Web Security Guard with Crawler Toolbar
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Dungeon Siege III_is1" = Dungeon Siege III
"FIFA 11_is1" = FIFA 11
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"Hama Gamepad FIFA08 Patch" = Hama Gamepad FIFA08 Patch
"InstallShield_{EC7EBCD9-0CB4-472B-BC64-364CDC3CAC4C}" = Rise of the Argonauts
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"IrfanView" = IrfanView (remove only)
"Lilith The Will of Demon : Battles of Jalavia v1.1_is1" = Lilith The Will of Demon : Battles of Jalavia v1.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Steam App 113900" = World of Battles
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 201190" = Magic: The Gathering – Tactics
"Steam App 440" = Team Fortress 2
"Steam App 47400" = Stronghold 3
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steamless Left4Dead Pack" = Steamless Left4Dead Pack
"Super Mario: Blue Twilight DX (v1.04.1)" = Super Mario: Blue Twilight DX (v1.04.1)
"Synergy" = Synergy
"Underlord15" = Underlord 1.5
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WM Recorder14.11.4" = WM Recorder
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.07.2012 13:15:46 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.07.2012 14:59:45 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.07.2012 17:19:19 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.07.2012 18:49:40 | Computer Name = Wotan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FLVPlayer.exe, Version: 0.0.0.0,
Zeitstempel: 0x48374e32 Name des fehlerhaften Moduls: FlashPlayer.3.1.1k.ocx, Version:
9.0.124.0, Zeitstempel: 0x47e8643e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000c274c
ID
des fehlerhaften Prozesses: 0x40c Startzeit der fehlerhaften Anwendung: 0x01cd6f6ebd7664b3
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\FLV Player\FLVPlayer.exe Pfad
des fehlerhaften Moduls: C:\Users\Wotan\AppData\Local\Temp\mProjector3175261488\FlashPlayer.3.1.1k.ocx
Berichtskennung:
02b0da9d-db62-11e1-86be-8c89a555bfee
Error - 01.08.2012 15:28:04 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.08.2012 16:57:17 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.08.2012 17:02:53 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.08.2012 17:07:06 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.08.2012 12:32:59 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.08.2012 13:55:42 | Computer Name = Wotan-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 26.03.2012 15:11:57 | Computer Name = Wotan-PC | Source = DCOM | ID = 10010
Description =
Error - 27.03.2012 12:06:43 | Computer Name = Wotan-PC | Source = DCOM | ID = 10010
Description =
Error - 28.03.2012 14:14:16 | Computer Name = Wotan-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 01.04.2012 05:32:29 | Computer Name = Wotan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?04.?2012 um 11:24:07 unerwartet heruntergefahren.
Error - 05.04.2012 11:49:01 | Computer Name = Wotan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?04.?2012 um 17:31:03 unerwartet heruntergefahren.
Error - 06.04.2012 03:50:22 | Computer Name = Wotan-PC | Source = DCOM | ID = 10010
Description =
Error - 07.04.2012 12:36:39 | Computer Name = Wotan-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 08.04.2012 12:33:16 | Computer Name = Wotan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?04.?2012 um 04:12:28 unerwartet heruntergefahren.
Error - 09.04.2012 17:21:32 | Computer Name = Wotan-PC | Source = DCOM | ID = 10010
Description =
Error - 11.04.2012 17:17:48 | Computer Name = Wotan-PC | Source = DCOM | ID = 10010
Description =
< End of report >
--- --- --- |
