Karasu616 | 19.07.2012 16:28 | GVU Trojaner mit Webcamsteuerung Guten Tag.
Ich habe mir heute den GVU Trojaner eingefangen, der auch Zugriff auf meine Webcam hatte.
Anbei das Log von Malwarebytes
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.07.19.10
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
K1rt :: K1RT-PC [Administrator]
19.07.2012 14:11:44
mbam-log-2012-07-19 (14-11-44).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 444540
Laufzeit: 1 Stunde(n), 35 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 3
C:\Users\K1rt\AppData\Local\Temp\toip0_tmp.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\K1rt\Downloads\SoftonicDownloader_fuer_jdownloader.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\K1rt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Und die Log Dateien von OTL:OTL Logfile: Code:
OTL Extras logfile created on: 19.07.2012 17:17:48 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\K1rt\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 40,06% Memory free
6,74 Gb Paging File | 4,39 Gb Available in Paging File | 65,11% Paging File free
Paging file location(s): c:\pagefile.sys 0 0k:\pagefile.sys 16 4095 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,37 Gb Total Space | 4,58 Gb Free Space | 4,19% Space Free | Partition Type: NTFS
Drive K: | 188,72 Gb Total Space | 13,29 Gb Free Space | 7,04% Space Free | Partition Type: NTFS
Computer Name: K1RT-PC | User Name: K1rt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- k:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Betrachten mit XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Call Graph Browser\Call Graph Browser\xulrunner\xulrunner.exe" = C:\Program Files\Call Graph Browser\Call Graph Browser\xulrunner\xulrunner.exe:*:Enabled:Call Graph Browser
"C:\Program Files\Call Graph\CallGraph.exe" = C:\Program Files\Call Graph\CallGraph.exe:*:Enabled:Call Graph -- (Sedna Wireless Pvt. Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B66E11-A08A-408D-BE6A-451224855C00}" = rport=138 | protocol=17 | dir=out | app=system |
"{1BF1D4E2-C04C-413C-BB77-101A88856E0B}" = rport=137 | protocol=17 | dir=out | app=system |
"{24E565DB-1B0C-4A1F-8CA2-2815E7A49510}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3FAB2548-36DE-4064-A381-6F554153CA35}" = rport=445 | protocol=6 | dir=out | app=system |
"{44E21524-208D-4309-AFBC-5F7D8961F49D}" = rport=139 | protocol=6 | dir=out | app=system |
"{45CAF322-196B-4491-A2F3-54CEE0674AE7}" = lport=139 | protocol=6 | dir=in | app=system |
"{4D507F90-5278-4F5B-8658-8141D171B736}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{58E734DE-6124-44E6-8704-65AB71E5CE33}" = lport=445 | protocol=6 | dir=in | app=system |
"{6BD9F845-3E93-4E9F-B2A7-7A7B2CE13EE7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B8B9EE9-FE3A-4423-BC14-65164E8B0FF8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{84C08264-425F-4AEA-8899-97134E5580DA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8CB2569C-0DC6-43FE-A050-EFC421801422}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E18E070-D604-4760-AAFC-774244D9DB69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{920075EA-188D-45E2-8926-81E2FCBFEA36}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{994A826A-4D61-4FB2-894D-21660A1D11DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6BCD60E-8879-4E6A-9C29-5143DB695D8D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B11D8712-0232-4D7E-9BF3-7BF873BE9AA8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B5436944-B3C3-44D7-9DFD-6B76067CD46E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CA57577B-7FF1-4719-9867-C8E416FB4782}" = lport=137 | protocol=17 | dir=in | app=system |
"{D72DAB0A-214A-4F0B-BCB2-4F586B496D18}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1450F15-F44B-419B-9E57-0AD621C929A1}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB571D9D-DEB3-4B5F-B157-7E39C8E93BA0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C5603E-6264-404A-96F6-C18F7169EA3B}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{05D364A7-D9E0-46B5-A0D9-F07BC45EC734}" = protocol=17 | dir=in | app=k:\program files\ubisoft\related designs\anno1404\tools\anno4web.exe |
"{06FDA971-B7D3-40ED-BD16-6FCECF88D96B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0999C24F-DAF4-4FD3-AA6B-23094C48E765}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{0BD2FA4D-7CB9-44C5-A2A1-D220C72C1864}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mount and blade\runme.exe |
"{0E0DC884-EFDE-4A4B-8A51-7B1AB529DF15}" = protocol=6 | dir=in | app=c:\program files\efusion\blackshot\system\blackshot.exe |
"{0EB51BBD-B194-4765-8856-0257970E6BFA}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{0ED766F7-CA49-4523-A8DF-74489EC626FD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{0EF4B2D2-B1E6-4599-9C44-E899C11A3D76}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{10754C57-B348-4DDF-8E34-7BC4C1EDC329}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\dota 2 teaser\smp.exe |
"{10FBF1FA-BECE-4F4F-89BA-2E3A70DEB194}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{130F729B-4811-47AB-A7DF-C9217A88BAD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1441AD66-8DEC-4766-8654-A540EA5AA480}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{1482F68B-F002-4F97-83AA-7E3809570BD2}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{148AFEE4-411F-485D-90A0-3023668F5A0C}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{1632CAF0-5CC4-4424-8156-A74F5F734E10}" = protocol=17 | dir=in | app=k:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{19005DDE-F721-4BDC-BA36-A24EAD917C47}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{1AA5923D-AF34-4070-B7C9-7EEB332927FB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1C456B8F-B2C1-4884-8522-7BB68A9E28F5}" = protocol=17 | dir=in | app=k:\program files\ubisoft\related designs\anno1404\anno4.exe |
"{1DAD2BA3-7790-4D4D-B4E2-456024114FE8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{1DDB8F39-118F-418B-94D9-6D200EC56747}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1EC8AFC6-205A-4BED-A6EA-FED7E6E412BF}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{233A26A4-7E94-47B6-8C91-8640AA1BA092}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{23E170E1-949D-4E6D-A712-27D5471D8951}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{26AE7044-82C9-4BD6-8A96-789A1A0D7ECA}" = protocol=6 | dir=in | app=k:\steam\steamapps\k1rtx\counter-strike source\hl2.exe |
"{26DE5BE0-91B3-4395-9611-5A4EDC2E7673}" = protocol=6 | dir=in | app=k:\program files\ea games\battlefield 2\bf2.exe |
"{284B762F-3736-4873-B460-CB9CE10541E1}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2AFFAF99-04AF-461B-B591-DF07742E0A0C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\k1rtx\counter-strike\hl.exe |
"{2C13C89A-E378-4419-8F66-FFD595A532AF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\k1rtx\counter-strike source\hl2.exe |
"{2C2219AA-683D-4C4A-98D8-A40D94F1AFA0}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{2C3AFE59-9A37-4F41-8125-8EB7FB39C40A}" = protocol=6 | dir=in | app=k:\program files\origin games\battlefield 3\bf3.exe |
"{2DA8B1DF-9E1B-40F5-B75B-BC259BBB1A90}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\k1rtx\counter-strike source\hl2.exe |
"{2FED8C6D-E4DE-41B2-B6AB-9E19243BF4F9}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{30DDF845-27F1-435C-ABC7-CDC64C8AF114}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"{318A2CAC-2841-433D-B6ED-22DA6284C96B}" = protocol=6 | dir=in | app=k:\program files\deus ex - invisible war\system\dx2.exe |
"{31C7CDEB-F1CA-40D9-875A-7C5032A3343F}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{3226C5A9-DAC0-41C0-9071-C43B78090095}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{332906DD-967C-4EF0-8956-3E79F3E524FD}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\waves\binaries\win32\waves.exe |
"{33353B68-079E-44E4-BA82-96C3F814C2DA}" = protocol=6 | dir=in | app=k:\program files\ubisoft\related designs\anno1404\anno4.exe |
"{343E82EA-1561-4E0B-90C7-038BDFE26A42}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{35831181-6178-4D35-85EB-256F35D83116}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\bit.trip runner\runner.exe |
"{37953750-A6F8-472E-BCF4-FAA1A134192A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{38EAC051-F5CF-487F-9795-E8740654B032}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{3905E487-DE4F-410B-8B2D-FF4D25BAC24D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3CBF7EB9-D26B-41C6-835E-333FDF91581A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{4382D83D-0DE3-4699-8D14-317819817267}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"{45946BD2-574B-4D40-8507-D9AB9405ABF6}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\dota 2 test\dota.exe |
"{47776600-A5FB-4BCA-8AE1-6D13823F1C58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{48709DAC-CF6C-468A-BC69-073E4B2126B3}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"{4891076A-EB50-418C-8406-EDA513A65CF2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{4920C709-B1E3-434F-88E7-3516BF23E666}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{4ACF8528-EB7E-4864-ADAF-4E5CF393838A}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{4B948A4E-F724-4109-8DFD-A399425569FC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4D38CC3E-6817-4FE7-BC5D-9F220B93B570}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4D6B38F1-E788-4E53-9A1D-9E5D3FBC15C0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{4F316B9D-D4B2-4CD9-A055-DAC18CC0E538}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{516A51B0-EAB1-482C-AE62-2E413DFA4CCF}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\dota 2 test\dota.exe |
"{51D3B84B-79BB-4F30-B1E8-91BED9795E2E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{5543217B-62B7-4BD3-BD0A-0A24C92B9ADD}" = protocol=17 | dir=in | app=c:\program files\efusion\blackshot\system\blackshot.exe |
"{56F6D8E5-257D-4120-A2C3-8AEAFB73CA90}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{591E15E7-C5F8-4EF0-86DE-4D13AD0EFC25}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{599C28CA-8E31-477E-B222-1D7527AE787A}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{5A305895-32AA-4763-8A79-A697035A0D09}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{5C46CDC9-0EC4-406B-998F-70A18A0BA083}" = protocol=6 | dir=in | app=k:\program files\ubisoft\related designs\anno1404\tools\anno4web.exe |
"{5D3555CE-43A5-4312-A061-106B3A1897D0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{6213CC1C-29FE-43C2-A6E7-384C45D16766}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{6215BBD7-A7A1-4811-ABC6-66A168BFB932}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6481C49F-747B-49A5-A810-36FA380867D5}" = protocol=6 | dir=in | app=k:\steam\steamapps\k1rtx\counter-strike source\hl2.exe |
"{662462CB-A42A-4032-939C-98740B23BA07}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{668B0845-1E23-425F-B6B1-04C293195DF9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{69D3A179-7913-4718-B14D-45DB2207B836}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6B277FCF-CDC1-4BDE-AB79-464567460ABC}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\titan quest\help.htm |
"{6D3274F5-C436-43CF-A041-2A3444874940}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{6DCD117D-A1DE-4F00-A84B-501725DA3DCE}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"{6E9A9D8A-1941-4B3F-A2D2-E15B26712208}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6EA14794-75B9-4BE4-BB2B-4664A776A137}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\nation red\nationred.exe |
"{7143BC23-72FC-42B6-850B-7613FCB98AC2}" = protocol=17 | dir=in | app=k:\steam\steamapps\k1rtx\counter-strike source\hl2.exe |
"{76AD16A5-C921-47C4-A45B-DAC4E9EE9B6E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{7722196B-AC7C-4648-ADE4-916929EB0FA5}" = protocol=6 | dir=in | app=k:\steam\steamapps\k1rtx\counter-strike\hl.exe |
"{779B407E-A046-461C-BCB4-AEDF0AF768BD}" = protocol=6 | dir=in | app=k:\ubisoft\addon\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"{786EE545-1383-4996-BB43-FE78FD1213D7}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{7A28B336-6533-4F34-B138-432A206C8BE2}" = protocol=6 | dir=in | app=k:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{7A564FB1-F2DF-4768-B877-8E67A5EA71D7}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{7B6A5348-1E99-4C9F-9BE4-235E63CDDE6C}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\titan quest immortal throne\help.htm |
"{7BD43C6B-C2A6-48BB-B5B5-99865B27C2AE}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{7C94343D-0A4C-457D-82F8-964B249A74C7}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{7CCC480F-DEFF-478C-A935-170D2B25066F}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\dota 2 beta\dota.exe |
"{7D6DC6C6-B7DB-41E3-83DA-17EB1B3BF751}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{800A8E17-427A-4332-92E7-2A02C294D0AC}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{82219590-736D-4151-9DD5-41839742C5C5}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"{828E991B-CD1B-4E9F-8C7F-3B2BC27F33BB}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{829DD22D-6BDB-4905-9815-303ACA27A23A}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\titan quest\titan quest.exe |
"{842497B6-4B11-45DC-95B3-1C5F4A783E80}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{84664244-41C5-4884-AEF0-3450B447F554}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{869A6C8A-67B2-43CA-8DB5-9BFE0FD164F9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{86C6153D-FC29-4459-8A31-1E0BC8725074}" = protocol=17 | dir=in | app=k:\program files\gameforge4d\elsword_de\data\x2.exe |
"{87779FE1-CCFC-42E1-8EE5-B4BE6CA9D630}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\portal 2\portal2.exe |
"{8856CF94-68A4-4BB3-907C-0D9990FCA65C}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\sid meiers civilization v teaser\smp.exe |
"{8970188F-C805-43FC-939E-6E2E62A598D5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{89FEEA50-71BA-42CB-922E-57E33DD0C70A}" = protocol=6 | dir=in | app=k:\starcraft ii\starcraft ii.exe |
"{8CCAA4F1-EA48-48C0-9D8F-E65269428556}" = protocol=17 | dir=in | app=c:\program files\blastshark\aika\blastshark.exe |
"{8DFD5CF1-08FB-4A70-9C4A-3F5AB33AC15C}" = protocol=17 | dir=in | app=k:\ubisoft\addon\ubisoft\related designs\anno 1404\addon.exe |
"{919D3A85-D8C5-49E2-9D9D-95402DB4BA96}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\k1rtx\counter-strike\hl.exe |
"{95216AA6-620A-4451-89F1-ED51636D5C1B}" = protocol=17 | dir=in | app=k:\program files\deus ex - invisible war\system\dx2.exe |
"{967C3949-2F8A-40FA-9F9C-42623B323EFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A55397B-070C-4027-8D94-7F5B9BE471F3}" = protocol=17 | dir=in | app=k:\ubisoft\related designs\anno 1404\anno4.exe |
"{9B02DCF8-0F28-41A0-B1D3-4819D48E0688}" = protocol=17 | dir=in | app=k:\steam\steamapps\k1rtx\counter-strike source\hl2.exe |
"{9CD2CB60-A1F0-4750-B96E-8DFD0944C4B4}" = protocol=6 | dir=in | app=k:\program files\ubisoft\related designs\anno1404\addon.exe |
"{9E498733-8439-4F49-B053-F2D83F20732E}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\nation red\nationred.exe |
"{A03B5691-4EFA-491E-B20C-B0B4E364778C}" = protocol=17 | dir=in | app=k:\starcraft ii\starcraft ii.exe |
"{A09B8FAA-826A-4A01-9CD8-5FC860AE3816}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{A1DDB98C-5B06-4106-AA38-413448230AB5}" = protocol=17 | dir=in | app=k:\steam\steamapps\k1rtx\counter-strike\hl.exe |
"{A5E7C267-A9E2-4A0A-BA99-B7CC25742C46}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{A64C0EE0-536C-439C-8D0B-DFFEFEB9FCC5}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\dxhrml\dxhrml.exe |
"{A73EEA9C-F0B5-4148-81B9-81FFB88D766B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{A880EAD5-D89B-41A4-9871-D60682194424}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\titan quest\titan quest.exe |
"{A9A77E71-28B0-4E08-BA83-8F3C7708638A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AA317552-E824-4856-B36A-76595B1E1FAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mount and blade\runme.exe |
"{AA739679-DA19-4B4E-A47A-0D37B9736C5D}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\dxhrml\dxhrml.exe |
"{AC9BF269-5AC4-48A3-8F86-EE6FCD3610ED}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\sid meiers civilization v teaser\smp.exe |
"{AD6A3699-5817-4EC5-BCD5-9ACD548F7FAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ADC5F4A5-AC39-4C39-A2C2-77404550E106}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{AEE10340-5214-4E5E-A5EA-31FC39DA2B2F}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{AF87C07C-A99E-4D7C-B7ED-9BCE59C5D644}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{B0673FC7-ABC0-4179-9C97-69C1C4E71B54}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\titan quest\help.htm |
"{B0F244E2-3F5E-4757-909E-89DF0FC59651}" = dir=in | app=k:\program files\electronic arts\kanes revenge\retailexe\1.2\cnc3ep1.dat |
"{B19E59D3-090A-4710-8E35-BADEE92110C8}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\waves\binaries\win32\waves.exe |
"{B6820CE1-CC43-44AA-8652-6255F05E9155}" = protocol=17 | dir=in | app=k:\ubisoft\addon\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"{B818681A-8BBF-4C08-95F0-1234F75B3679}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\portal 2\portal2.exe |
"{B86BD716-F9C3-4B1E-ACB7-4F37D87D787B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B92FFE6B-210E-4E22-BA3D-3F8107460E77}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B9A50A3A-FEF1-4835-807A-A154300108F7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{BA8D3E3F-0F19-464E-8487-1DDBB0CC37C3}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\bit.trip runner\runner.exe |
"{BB9814AF-CBA9-4BBB-87C6-6563F0942DBB}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\magic 2013\dotp_d13.exe |
"{BC30DD38-D184-49B3-B603-84719800291C}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{BE08FAC5-8451-47BB-9917-C3B24BBF8BB0}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\dota 2 beta\dota.exe |
"{BE975C30-6099-4330-A653-459A4C607A19}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\magicka\magicka.exe |
"{BF53196D-E46D-4C66-8E2F-F8B4DDABF3DE}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"{C23E9391-3D3D-4504-A622-0955889CD515}" = protocol=6 | dir=in | app=k:\program files\gameforge4d\elsword_de\data\x2.exe |
"{C28AF532-178B-45AE-B77E-EAB04B96C372}" = protocol=17 | dir=in | app=k:\program files\ubisoft\related designs\anno1404\tools\addonweb.exe |
"{C5FFB31A-3524-4736-9E99-8C22EF3318DA}" = protocol=17 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe |
"{C72FCDD1-B403-440D-8CFB-11E573538416}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\bit.trip runner\runner.exe |
"{C7A4B172-24B9-4530-802E-96DBFE336154}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CCF16B45-E1B0-4B71-9687-AFF848D98AF4}" = protocol=17 | dir=in | app=k:\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{CD316BBE-A3E0-4D03-8579-1255CF095901}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{CD78FB7F-E439-4339-B6D0-0E981084532C}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{D4B64D71-E269-40BE-8364-6FDDB90EE211}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{D5E065BE-B9C1-478A-B2CA-96EAD2480523}" = protocol=17 | dir=in | app=k:\program files\origin games\battlefield 3\bf3.exe |
"{D6119FD4-CA7F-4AD3-9EC0-35BCFD9FA099}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{D68E7745-FAF9-43F2-9995-A4A714C8E256}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D76B4F6A-A074-4AF7-A0D1-3069708E9E31}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{D86B09B0-59DB-4D6E-A214-CBCC79925EF6}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{DA0C8819-BA3A-4EEC-85CC-2442119F3025}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{DCB138F4-42D8-473F-ADB5-7638327B9292}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\sid meiers civilization v teaser\smp.exe |
"{DFAFADAE-0E2A-41D9-86F4-7AE6D5C7A69D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{E02FD56A-BD02-465E-B089-204DBF4241E7}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\world of goo\worldofgoo.exe |
"{E160C9DD-5060-4932-8789-A818C89CC88B}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\titan quest immortal throne\help.htm |
"{E1C63022-A38F-4103-9503-2DB4481695A5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{E1DAA1EE-82C0-47FF-8BF0-D1B3CA4EFE8D}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\magic 2013\dotp_d13.exe |
"{E1F1CD89-C978-49A6-9BEC-9E58D6139C9F}" = protocol=17 | dir=in | app=k:\program files\ea games\battlefield 2\bf2.exe |
"{E249DCE9-F198-4E98-86DF-121890EB42B5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E354F8AC-2CDB-4A2C-81F8-1E36CC7C17EB}" = protocol=6 | dir=in | app=k:\ubisoft\addon\ubisoft\related designs\anno 1404\addon.exe |
"{E475305B-85AF-45DF-91C1-BD98D3DDC7D9}" = protocol=6 | dir=in | app=c:\program files\blastshark\aika\blastshark.exe |
"{E54BD352-1288-441C-BC45-66830E995D83}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{E5DFB062-0DD1-4B46-8C89-A6C1B5C66205}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E847B762-673E-4D98-91D2-A25ADAB2445C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E863A0CB-23FD-4C27-B0DB-DC07A9551EC0}" = protocol=6 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe |
"{E8E738CB-9040-471F-B7C4-AC337703EE5B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{EB601AFA-EDEE-4501-A78A-4322E71BA677}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\dota 2 teaser\smp.exe |
"{EB971C81-9909-4A9C-978A-1F718EBA7D7F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip runner\runner.exe |
"{EBAD71B9-9535-4DFD-B0B2-4CAE6AECC06B}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\sid meiers civilization v teaser\smp.exe |
"{ED2EA672-7E17-4B1F-A202-EC896989C7B6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip runner\runner.exe |
"{ED72374D-79DF-47C0-A9AC-09735D5D732A}" = protocol=6 | dir=in | app=k:\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{F0412147-06C7-4E4D-88F1-1F6074298E3C}" = protocol=17 | dir=in | app=k:\program files\ubisoft\related designs\anno1404\addon.exe |
"{F0520D29-72C2-4769-8C7C-8F9E400FF442}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F2F83144-3ED6-4744-A69F-CE787DED89D5}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{F3B5E814-79A7-4AEC-BBDE-6BBC88FCBA51}" = protocol=6 | dir=in | app=k:\steam\steamapps\k1rtx\counter-strike\hl.exe |
"{F4BB6F9A-338B-4F5D-A8B8-17BE744F72D3}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{F7041874-4B37-4959-AA0B-FA9B371E4FD3}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{F7B68733-39E5-410A-99E2-C61A03960500}" = protocol=17 | dir=in | app=k:\steam\steamapps\common\world of goo\worldofgoo.exe |
"{F89F1B0D-2AE3-4F4F-BB35-89158C97878A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F9B49A37-EF11-485D-B682-93AEF9B4695C}" = protocol=6 | dir=in | app=k:\program files\ubisoft\related designs\anno1404\tools\addonweb.exe |
"{F9CEB87C-160D-40EA-A64F-9F90F099FB9F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{FD1BE36A-5EF8-48FF-94BB-D95966B00BD4}" = protocol=17 | dir=in | app=k:\steam\steamapps\k1rtx\counter-strike\hl.exe |
"{FDD7DB29-9459-4D8C-9A3D-2FE0814C3487}" = protocol=6 | dir=in | app=k:\ubisoft\related designs\anno 1404\anno4.exe |
"{FDE3B28B-28B8-4B2B-9797-0AF165489FDD}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\magicka\magicka.exe |
"{FF1D4ACF-DE5D-4160-9239-E2F1848BDEB8}" = protocol=6 | dir=in | app=k:\steam\steamapps\common\bit.trip runner\runner.exe |
"TCP Query User{0061D985-6CAC-436D-98A5-65309C3DC6B3}C:\users\k1rt\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\k1rt\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{03D8AE7F-D7CB-4B0A-B554-1723C9C2B3E4}K:\program files\spacialaudio\sambc\sambc.exe" = protocol=6 | dir=in | app=k:\program files\spacialaudio\sambc\sambc.exe |
"TCP Query User{042D6452-9813-4878-AEF2-8726F2275175}C:\users\k1rt\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\k1rt\appdata\local\temp\electronicarts_patcher_000.exe |
"TCP Query User{04E334A8-4313-4B75-B48E-70C32F36C50F}C:\users\k1rt\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\k1rt\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{06A01A7E-BD1D-4E0E-A61B-EEAE539CBF7D}K:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=k:\warcraft iii\war3.exe |
"TCP Query User{0928D1EE-D2A9-4E01-8616-723FD71A9F36}K:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=k:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"TCP Query User{092BDBE7-16A4-4E67-B495-039748E4214C}C:\users\k1rt\downloads\ct\ct.exe" = protocol=6 | dir=in | app=c:\users\k1rt\downloads\ct\ct.exe |
"TCP Query User{0C9E4BAD-8462-4CC5-A011-6380F75C8B88}K:\chicken\ct.exe" = protocol=6 | dir=in | app=k:\chicken\ct.exe |
"TCP Query User{0FC3A225-50BF-460F-8406-044270B4CDE8}C:\program files\sid meier's civilization v\civilizationv.exe" = protocol=6 | dir=in | app=c:\program files\sid meier's civilization v\civilizationv.exe |
"TCP Query User{12FC0AE3-B545-484B-8E6A-CCECFC3FD98E}K:\program files\ubisoft\related designs\anno1404\tools\addonweb.exe" = protocol=6 | dir=in | app=k:\program files\ubisoft\related designs\anno1404\tools\addonweb.exe |
"TCP Query User{1877AC99-3DBB-40F6-A521-F50F2026CD3C}C:\program files\garena hostbot\garenahostbot.exe" = protocol=6 | dir=in | app=c:\program files\garena hostbot\garenahostbot.exe |
"TCP Query User{227286A3-81B6-4F65-9A40-49135A70B519}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{2508EBB4-827C-4FA8-A56F-40CB8B9471EB}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{27F6CE82-A62E-4D21-857F-5BBF387B4B88}K:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=k:\warcraft iii\war3.exe |
"TCP Query User{2A2434EE-DBA9-4C11-8421-773DB52999D1}F:\trackmania\tmforever.exe" = protocol=6 | dir=in | app=f:\trackmania\tmforever.exe |
"TCP Query User{306EAD48-45C3-4829-B931-FF01963A1FC6}C:\program files\bontago\bontago.exe" = protocol=6 | dir=in | app=c:\program files\bontago\bontago.exe |
"TCP Query User{30C5C328-7401-463D-8860-BFF3E43F524A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{339F451E-4887-440F-A8BF-B98CAA280D72}K:\program files\mektek.net\mtx\mtx.exe" = protocol=6 | dir=in | app=k:\program files\mektek.net\mtx\mtx.exe |
"TCP Query User{3F62052D-8BB4-4D6C-A996-871CF90F5B59}K:\program files\the creative assembly\rome - total war\rometw.exe" = protocol=6 | dir=in | app=k:\program files\the creative assembly\rome - total war\rometw.exe |
"TCP Query User{3F93CB53-04AC-45E1-8155-26CB11B6318E}C:\program files\trackmania\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\trackmania\tmforever.exe |
"TCP Query User{432E8E2E-1F84-450D-8D30-9AEBFE809A64}C:\users\k1rt\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\k1rt\temp\teamviewer\version4\teamviewer.exe |
"TCP Query User{462A81C7-5438-4B3B-BB6C-4772F7097EC6}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{4A220259-07EE-479D-B366-B0CB0E1EB086}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{50462EEC-0069-461C-9801-3281FEAC36B8}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{5D9F2E1A-1D80-4F4F-AF11-635F1D8686D4}C:\program files\qip 2010 psynova-edition\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip 2010 psynova-edition\qip.exe |
"TCP Query User{63CDA3B4-EB8D-4DDF-9716-A9F673F2B192}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{68624EB9-586C-4948-9B33-850A90BEBBFF}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{6A7309E6-BF70-47FD-BBE6-0BDFC8B321B7}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{6F0F879B-00AC-4D97-8DA7-90454063A83F}K:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=k:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"TCP Query User{70E709DD-77A2-454B-AF36-EC0A09EE54E7}C:\users\k1rt\downloads\sro_l5.5_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\k1rt\downloads\sro_l5.5_full_client_downloader.exe |
"TCP Query User{7BF6D9E8-BA1A-4B19-A2CC-2A013F99A7E3}K:\program files\the creative assembly\rome - total war\rometw-bi.exe" = protocol=6 | dir=in | app=k:\program files\the creative assembly\rome - total war\rometw-bi.exe |
"TCP Query User{8223A147-1E4C-4D0E-84B1-9DF7ED7BF96B}C:\users\k1rt\downloads\descent\d1x-rebirth_v0.56-win\d1x-rebirth-gl.exe" = protocol=6 | dir=in | app=c:\users\k1rt\downloads\descent\d1x-rebirth_v0.56-win\d1x-rebirth-gl.exe |
"TCP Query User{857F5E10-3513-44C4-AF33-ABC91BC23699}K:\steam\steamapps\k1rtx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=k:\steam\steamapps\k1rtx\team fortress 2\hl2.exe |
"TCP Query User{8972B231-3321-43D9-98DC-20FC16A52DE4}K:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=k:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{92AC8DC7-4E25-4626-80CB-C9C956DD02E3}K:\program files\ubisoft\related designs\anno1404\addon.exe" = protocol=6 | dir=in | app=k:\program files\ubisoft\related designs\anno1404\addon.exe |
"TCP Query User{9495F1C1-4E7F-43F0-B682-BC397BB773EA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{976005E0-39EB-4AE3-A04B-7A0A62D6CE58}K:\yugi\yu-gi-oh! power of chaos joey the passion\joey\joey_pc.exe" = protocol=6 | dir=in | app=k:\yugi\yu-gi-oh! power of chaos joey the passion\joey\joey_pc.exe |
"TCP Query User{BDCCB890-6984-47F5-966C-0AC38D3A9200}K:\rgc\ranked gaming client\rgc.exe" = protocol=6 | dir=in | app=k:\rgc\ranked gaming client\rgc.exe |
"TCP Query User{C0944DE1-3529-47B0-8207-10DF37275163}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{C302B5DC-040A-4676-B363-6F6655B9F4EC}C:\program files\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files\trackmania united\tmunited.exe |
"TCP Query User{C38AD9DB-5795-4E04-BDC5-B43849FD948B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{C65CAE68-FE5B-4F86-9A37-B684A58AABC8}K:\program files\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=6 | dir=in | app=k:\program files\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"TCP Query User{DCB50D13-7708-4C9C-AB54-EBBBAA606CEB}K:\warzone 2100\warzone2100.exe" = protocol=6 | dir=in | app=k:\warzone 2100\warzone2100.exe |
"TCP Query User{DCE5EEAC-4912-465D-8346-A91DDF98C545}K:\command & conquer die ersten 10 jahre\command & conquer(tm) generals zero hour\generals.exe" = protocol=6 | dir=in | app=k:\command & conquer die ersten 10 jahre\command & conquer(tm) generals zero hour\generals.exe |
"TCP Query User{F1252F87-B7B5-4830-883D-EAE007C6A9B3}C:\program files\garena hostbot\ghost.exe" = protocol=6 | dir=in | app=c:\program files\garena hostbot\ghost.exe |
"TCP Query User{F50DF098-A9A9-44C7-AC00-7DA56814AFAD}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{02D77DF1-8260-4D43-A01F-40FA8995084A}K:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=k:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{059D9EB3-C87E-4BE7-A7A4-E086DD4EF5AC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{119A465E-91F4-4AC6-8F02-F3DB67EF38F8}K:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=k:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{1B7C391D-30D7-413E-8872-4E7A8FEB2C0F}C:\users\k1rt\downloads\descent\d1x-rebirth_v0.56-win\d1x-rebirth-gl.exe" = protocol=17 | dir=in | app=c:\users\k1rt\downloads\descent\d1x-rebirth_v0.56-win\d1x-rebirth-gl.exe |
"UDP Query User{26FB5046-2BC2-404E-955E-82F2270C896F}C:\program files\garena hostbot\garenahostbot.exe" = protocol=17 | dir=in | app=c:\program files\garena hostbot\garenahostbot.exe |
"UDP Query User{287D5DC7-9027-4F06-AA50-66C3B7ED0C22}K:\steam\steamapps\k1rtx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=k:\steam\steamapps\k1rtx\team fortress 2\hl2.exe |
"UDP Query User{2A36A3D6-680C-4564-9137-D0CB89FC6ECB}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{2E374837-CC11-4ECB-B784-B4AAC1CFEF33}C:\program files\sid meier's civilization v\civilizationv.exe" = protocol=17 | dir=in | app=c:\program files\sid meier's civilization v\civilizationv.exe |
"UDP Query User{2EE3E8A2-B6B8-4412-8960-93CDFFF45056}C:\users\k1rt\downloads\sro_l5.5_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\k1rt\downloads\sro_l5.5_full_client_downloader.exe |
"UDP Query User{2F38DE5F-4914-4BFC-83EC-9D6B777B64E3}K:\program files\mektek.net\mtx\mtx.exe" = protocol=17 | dir=in | app=k:\program files\mektek.net\mtx\mtx.exe |
"UDP Query User{304AED8C-C94C-4A60-9EC8-11D38E6A5454}K:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=k:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{343AD7B9-C192-4034-9916-183F4A7941D8}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3874BA8D-75E4-4965-895D-26A704D8F52D}K:\program files\the creative assembly\rome - total war\rometw-bi.exe" = protocol=17 | dir=in | app=k:\program files\the creative assembly\rome - total war\rometw-bi.exe |
"UDP Query User{401A84D1-5FD9-42E1-A680-90DE9D23D4E9}K:\program files\spacialaudio\sambc\sambc.exe" = protocol=17 | dir=in | app=k:\program files\spacialaudio\sambc\sambc.exe |
"UDP Query User{401D175F-2550-4D33-B466-C31AEFD2FEF9}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{40E66088-3D6F-47FE-8A7F-8DA70F8AF5D4}C:\program files\trackmania\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\trackmania\tmforever.exe |
"UDP Query User{436AFC10-A605-471D-98B3-0D6A0DFF0AEF}K:\program files\ubisoft\related designs\anno1404\addon.exe" = protocol=17 | dir=in | app=k:\program files\ubisoft\related designs\anno1404\addon.exe |
"UDP Query User{4CF6D4BD-F693-467D-A931-2087D162DA69}K:\program files\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=17 | dir=in | app=k:\program files\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"UDP Query User{534C279E-01C8-4AB7-B835-B90F8E1C7931}K:\warzone 2100\warzone2100.exe" = protocol=17 | dir=in | app=k:\warzone 2100\warzone2100.exe |
"UDP Query User{5426BD5E-64B5-4FAC-9BAD-2413AFACDE0B}K:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=k:\warcraft iii\war3.exe |
"UDP Query User{54B605E2-0E16-4D01-938C-D973282E10A9}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{559FE95B-25D2-4CEF-89A1-26C269A6A0D5}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{576E338B-B1A5-41BD-B37B-A20B394CECBC}C:\program files\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files\trackmania united\tmunited.exe |
"UDP Query User{6B08C94E-82AC-403B-8B76-664CF9699C5F}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{73B71D54-9ED7-476A-A857-A0202F55B5A8}C:\program files\bontago\bontago.exe" = protocol=17 | dir=in | app=c:\program files\bontago\bontago.exe |
"UDP Query User{772DECE3-6085-4AAD-A633-AD49AF70FDEE}K:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=k:\warcraft iii\war3.exe |
"UDP Query User{7797D007-B38D-4AA8-938A-82FDF9A03B71}K:\command & conquer die ersten 10 jahre\command & conquer(tm) generals zero hour\generals.exe" = protocol=17 | dir=in | app=k:\command & conquer die ersten 10 jahre\command & conquer(tm) generals zero hour\generals.exe |
"UDP Query User{7CCAF8BC-DF40-4CD8-BA71-B0ED669BDC87}K:\yugi\yu-gi-oh! power of chaos joey the passion\joey\joey_pc.exe" = protocol=17 | dir=in | app=k:\yugi\yu-gi-oh! power of chaos joey the passion\joey\joey_pc.exe |
"UDP Query User{851FBF33-8E1E-483B-9E9C-68260E4711A8}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{87217AB9-866A-4D59-906F-549052A1DF0B}F:\trackmania\tmforever.exe" = protocol=17 | dir=in | app=f:\trackmania\tmforever.exe |
"UDP Query User{8E93BAEC-652F-4C80-8224-F59CB1E6AD5A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8E94D3C8-F85A-48F0-98D8-6C79FB38FCB9}K:\rgc\ranked gaming client\rgc.exe" = protocol=17 | dir=in | app=k:\rgc\ranked gaming client\rgc.exe |
"UDP Query User{909774A3-A437-451B-8D07-CD359B287972}K:\program files\the creative assembly\rome - total war\rometw.exe" = protocol=17 | dir=in | app=k:\program files\the creative assembly\rome - total war\rometw.exe |
"UDP Query User{990DF7C2-1700-4B24-A94D-ED1CAE2E5D31}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{9CD8A609-AC97-4722-ABDB-DDA670E13397}K:\program files\ubisoft\related designs\anno1404\tools\addonweb.exe" = protocol=17 | dir=in | app=k:\program files\ubisoft\related designs\anno1404\tools\addonweb.exe |
"UDP Query User{A61A2BE5-74FA-4489-8F20-E085A88FB1E2}C:\users\k1rt\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\k1rt\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{AA676D9E-DD73-4C19-8C57-E6E43100D446}C:\users\k1rt\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\k1rt\temp\teamviewer\version4\teamviewer.exe |
"UDP Query User{AA7E1C47-5630-4B6F-BE75-7C18F303703F}C:\users\k1rt\downloads\ct\ct.exe" = protocol=17 | dir=in | app=c:\users\k1rt\downloads\ct\ct.exe |
"UDP Query User{AE37C060-46DD-4586-BF9E-D7FE5DD32D2D}C:\program files\garena hostbot\ghost.exe" = protocol=17 | dir=in | app=c:\program files\garena hostbot\ghost.exe |
"UDP Query User{B46D5C17-4B77-41CA-8DDF-3EC9B6D7C1D3}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{C79538A8-EB61-42F0-A81A-3241927B5760}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{CD862968-3A48-43AA-9288-367098ED208F}C:\users\k1rt\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\k1rt\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{D4A684AC-08AD-4B89-904D-1003BE65C50A}C:\users\k1rt\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\k1rt\appdata\local\temp\electronicarts_patcher_000.exe |
"UDP Query User{DDA0EB09-0535-4920-AFC1-FD000954B885}C:\program files\qip 2010 psynova-edition\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip 2010 psynova-edition\qip.exe |
"UDP Query User{E4BFFC93-C18E-48B4-B740-50DCD2FDAF7C}K:\chicken\ct.exe" = protocol=17 | dir=in | app=k:\chicken\ct.exe |
"UDP Query User{F10BA628-1C95-4D30-B11A-3CEFD3BA8A64}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15C49338-59E5-472E-94F7-D5AE15EE23C9}" = XSplit
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CA5E31B-3294-4352-A7D7-A156763779E9}" = NavyFIELD Europa
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F2B3914-A927-4D1E-8417-E7B7C3339434}" = YouTube Downloader Toolbar v4.7
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}" = Paragon Partition Manager 9.0 Personal
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{6E0E4D61-11EC-11E0-B454-0013D3D69929}" = Vegas Pro 10.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D155D300-C235-44FC-981C-F7B34683439C}" = Paragon Drive Backup 8.51 Professional Trial
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEAD48E5-E36C-431E-B83C-E61CE71AA13F}" = Livestream Procaster
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA11B681-D0F1-4675-BEFC-59BF222844F0}_is1" = Sins Of A Solar Empire: Diplomacy v1.34 Ironclad Online
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Atlantica_EU" = Atlantica_EU
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Call Graph" = Call Graph
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Deus Ex" = Deus Ex
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"DotAlicious Gaming Client" = DotAlicious Gaming Client
"DotAzilla" = DotAzilla
"EPSON Scanner" = EPSON Scan
"EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall
"ESN Sonar-0.70.4" = ESN Sonar
"FBDBServer_2_0_is1" = Firebird 2.1.0.16780 (Win32)
"Fraps" = Fraps (remove only)
"Garena" = Garena 2010
"Guild Wars 2" = Guild Wars 2
"Icy Tower_is1" = Icy Tower v1.2 (22kHz)
"IncrediMail" = IncrediMail 2.0
"InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"JDownloader" = JDownloader
"KnightsAndMerchants" = KnightsAndMerchants
"LastFM_is1" = Last.fm 1.5.4.27091
"Logitech Vid" = Logitech Vid HD
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mIRC" = mIRC
"Mozilla Firefox 14.0 (x86 de)" = Mozilla Firefox 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mp3Tag_is1" = mp3Tag 5.91
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PC Wizard 2010_is1" = PC Wizard 2010.1.96
"PhotoMail" = PhotoMail Maker
"PokerStars.net" = PokerStars.net
"PrettyMay Call Recorder for Skype - Basic" = PrettyMay Call Recorder for Skype - Basic 4.0.0.226
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"S2TNG" = Die Siedler II - Die nächste Generation
"SAM3" = SAM Broadcaster (remove only)
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SprayR" = SprayR 1.0 RC7b
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 107600" = Waves
"Steam App 15100" = Assassin's Creed
"Steam App 17460" = Mass Effect
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 205790" = Dota 2 Test
"Steam App 220" = Half-Life 2
"Steam App 22000" = World of Goo
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 380" = Half-Life 2: Episode One
"Steam App 39800" = Nation Red
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42910" = Magicka
"Steam App 570" = Dota 2
"Steam App 620" = Portal 2
"Steam App 63200" = Monday Night Combat
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 97330" = Magic: The Gathering - Duels of the Planeswalkers 2013
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"TmUnited_is1" = TrackMania United 0.2.0.8
"UDK-42adda2b-c5ae-477b-93ed-4bceb780819d" = My Game Long Name
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"XnView_is1" = XnView 1.97.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
"GameRanger" = GameRanger
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.07.2012 11:53:24 | Computer Name = K1rt-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 08:10:39 | Computer Name = K1rt-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 12:33:31 | Computer Name = K1rt-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.07.2012 09:02:08 | Computer Name = K1rt-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.07.2012 17:33:46 | Computer Name = K1rt-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.07.2012 17:33:48 | Computer Name = K1rt-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05.07.2012 10:05:22 | Computer Name = K1rt-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.07.2012 07:21:28 | Computer Name = K1rt-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.07.2012 11:20:37 | Computer Name = K1rt-PC | Source = VSS | ID = 8194
Description =
Error - 08.07.2012 11:22:03 | Computer Name = K1rt-PC | Source = System Restore | ID = 8193
Description =
Error - 08.07.2012 18:01:23 | Computer Name = K1rt-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11.07.2012 15:16:36 | Computer Name = K1rt-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 11.07.2012 15:17:17 | Computer Name = K1rt-PC | Source = DCOM | ID = 10016
Description =
Error - 12.07.2012 14:26:44 | Computer Name = K1rt-PC | Source = bowser | ID = 8003
Description =
Error - 12.07.2012 14:27:02 | Computer Name = K1rt-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.07.2012 14:27:02 | Computer Name = K1rt-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12.07.2012 14:27:57 | Computer Name = K1rt-PC | Source = DCOM | ID = 10016
Description =
Error - 12.07.2012 14:28:06 | Computer Name = K1rt-PC | Source = DCOM | ID = 10016
Description =
Error - 13.07.2012 03:44:28 | Computer Name = K1rt-PC | Source = bowser | ID = 8003
Description =
Error - 16.07.2012 14:50:09 | Computer Name = K1rt-PC | Source = bowser | ID = 8003
Description =
Error - 18.07.2012 15:10:14 | Computer Name = K1rt-PC | Source = bowser | ID = 8003
Description =
< End of report > --- --- ---
2.OTL Logfile: Code:
OTL logfile created on: 19.07.2012 17:17:48 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\K1rt\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 40,06% Memory free
6,74 Gb Paging File | 4,39 Gb Available in Paging File | 65,11% Paging File free
Paging file location(s): c:\pagefile.sys 0 0k:\pagefile.sys 16 4095 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,37 Gb Total Space | 4,58 Gb Free Space | 4,19% Space Free | Partition Type: NTFS
Drive K: | 188,72 Gb Total Space | 13,29 Gb Free Space | 7,04% Space Free | Partition Type: NTFS
Computer Name: K1RT-PC | User Name: K1rt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\K1rt\Downloads\OTL.exe (OldTimer Tools)
PRC - K:\Program Files\Origin\Origin.exe (Electronic Arts)
PRC - K:\Program Files\Origin\OriginClientService.exe (Electronic Arts)
PRC - C:\Programme\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - k:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe (Mozilla Corporation)
PRC - k:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - K:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - K:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe (FirebirdSQL Project)
PRC - C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe (FirebirdSQL Project)
PRC - K:\Program Files\Mouse Driver\KMWDSrv.exe (UASSOFT.COM)
PRC - K:\Program Files\Mouse Driver\KMProcess.exe (UASSOFT.COM)
PRC - K:\Program Files\Mouse Driver\KMCONFIG.exe (UASSOFT.COM)
PRC - K:\Program Files\Mouse Driver\StartAutorun.exe (UASSOFT.COM)
========== Modules (No Company Name) ==========
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\winamp.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\vis_milk2.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\vis_avs.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\pmp_wifi.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\pmp_usb.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\vis_nsfs.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\tagz.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\winampa.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\pmp_p4s.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_pmp.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\pmp_ipod.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ombrowser.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_plg.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\pmp_android.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\out_ds.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_wire.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_playlists.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_transcode.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\out_wave.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\out_disk.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_rg.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\pmp_activesync.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\pmp_njb.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\playlist.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_local.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_disc.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_mp3.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_wm.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_online.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_nsv.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_vorbis.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_downloads.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_history.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_devices.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_autotag.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_wav.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_wave.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_impex.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_bookmarks.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_mp4.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_enqplay.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_wv.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_orb.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_nowplaying.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\ml_addons.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_swf.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\gen_jumpex.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\gen_ml.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_midi.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_mod.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_cdda.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\gen_skinmanager.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\gen_hotkeys.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\gen_undo.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\gen_timerestore.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\gen_nopro.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\gen_tray.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\gen_orgler.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_dshow.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_flac.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_avi.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_mkv.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_linein.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\in_flv.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\burnlib.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\gen_classicart.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\gen_ff.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\dsp_sps.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\auth.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\gen_crasher.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\enc_fhgaac.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\enc_wma.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\enc_lame.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\gen_find_on_disk.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\enc_wav.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\enc_vorbis.lng ()
MOD - C:\Users\K1rt\AppData\Local\Temp\WLZ6F04.tmp\enc_flac.lng ()
MOD - K:\Program Files\Origin\QtWebKit4.dll ()
MOD - K:\Program Files\Origin\QtGui4.dll ()
MOD - K:\Program Files\Origin\QtXmlPatterns4.dll ()
MOD - K:\Program Files\Origin\QtCore4.dll ()
MOD - K:\Program Files\Origin\QtNetwork4.dll ()
MOD - K:\Program Files\Origin\QtXml4.dll ()
MOD - K:\Program Files\Origin\imageformats\qtiff4.dll ()
MOD - K:\Program Files\Origin\imageformats\qmng4.dll ()
MOD - K:\Program Files\Origin\imageformats\qjpeg4.dll ()
MOD - K:\Program Files\Origin\imageformats\qico4.dll ()
MOD - K:\Program Files\Origin\imageformats\qgif4.dll ()
MOD - C:\Programme\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll ()
MOD - C:\Programme\TeamSpeak 3 Client\plugins\clientquery_plugin.dll ()
MOD - C:\Programme\TeamSpeak 3 Client\plugins\appscanner_plugin.dll ()
MOD - k:\Program Files\Mozilla Firefox 4.0 Beta 12\mozjs.dll ()
MOD - C:\Programme\TeamSpeak 3 Client\soundbackends\directsound_win32.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
MOD - C:\Programme\Winamp\Plugins\gen_ff.dll ()
MOD - C:\Programme\Winamp\System\jnetlib.w5s ()
MOD - C:\Programme\Winamp\nsutil.dll ()
MOD - C:\Programme\Winamp\Plugins\freeform\wacs\freetype\freetype.wac ()
MOD - C:\Programme\Winamp\Plugins\gen_ml.dll ()
MOD - C:\Programme\Winamp\Plugins\in_wm.dll ()
MOD - C:\Programme\Winamp\Plugins\ml_local.dll ()
MOD - C:\Programme\Winamp\Plugins\in_mp3.dll ()
MOD - C:\Programme\Winamp\libsndfile.dll ()
MOD - C:\Programme\Winamp\Plugins\in_vorbis.dll ()
MOD - C:\Programme\Winamp\Plugins\ml_devices.dll ()
MOD - C:\Programme\Winamp\Plugins\ml_pmp.dll ()
MOD - C:\Programme\Winamp\Plugins\ml_disc.dll ()
MOD - C:\Programme\Winamp\Plugins\gen_jumpex.dll ()
MOD - C:\Programme\Winamp\System\auth.w5s ()
MOD - C:\Programme\Winamp\Plugins\pmp_ipod.dll ()
MOD - C:\Programme\Winamp\Plugins\in_mod.dll ()
MOD - C:\Programme\Winamp\System\jpeg.w5s ()
MOD - C:\Programme\Winamp\Plugins\ml_online.dll ()
MOD - C:\Programme\Winamp\Plugins\pmp_p4s.dll ()
MOD - C:\Programme\Winamp\Plugins\pmp_wifi.dll ()
MOD - C:\Programme\Winamp\Plugins\in_midi.dll ()
MOD - C:\Programme\Winamp\System\png.w5s ()
MOD - C:\Programme\Winamp\Plugins\in_cdda.dll ()
MOD - C:\Programme\Winamp\System\xml.w5s ()
MOD - C:\Programme\Winamp\System\playlist.w5s ()
MOD - C:\Programme\Winamp\tataki.dll ()
MOD - C:\Programme\Winamp\Plugins\ml_plg.dll ()
MOD - C:\Programme\Winamp\Plugins\ml_playlists.dll ()
MOD - C:\Programme\Winamp\nde.dll ()
MOD - C:\Programme\Winamp\Plugins\in_nsv.dll ()
MOD - C:\Programme\Winamp\Plugins\in_dshow.dll ()
MOD - C:\Programme\Winamp\Plugins\in_avi.dll ()
MOD - C:\Programme\Winamp\Plugins\in_flac.dll ()
MOD - C:\Programme\Winamp\Plugins\pmp_android.dll ()
MOD - C:\Programme\Winamp\Plugins\ml_impex.dll ()
MOD - C:\Programme\Winamp\Plugins\gen_orgler.dll ()
MOD - C:\Programme\Winamp\Plugins\pmp_usb.dll ()
MOD - C:\Programme\Winamp\Plugins\in_mp4.dll ()
MOD - C:\Programme\Winamp\Plugins\out_ds.dll ()
MOD - C:\Programme\Winamp\Plugins\ml_history.dll ()
MOD - C:\Programme\Winamp\Plugins\in_mkv.dll ()
MOD - C:\Programme\Winamp\zlib.dll ()
MOD - C:\Programme\Winamp\System\devices.w5s ()
MOD - C:\Programme\Winamp\Plugins\in_flv.dll ()
MOD - C:\Programme\Winamp\System\timer.w5s ()
MOD - C:\Programme\Winamp\Plugins\ml_rg.dll ()
MOD - C:\Programme\Winamp\Plugins\ml_transcode.dll ()
MOD - C:\Programme\Winamp\Plugins\ml_autotag.dll ()
MOD - C:\Programme\Winamp\Plugins\ml_bookmarks.dll ()
MOD - C:\Programme\Winamp\Plugins\gen_hotkeys.dll ()
MOD - C:\Programme\Winamp\Plugins\gen_tray.dll ()
MOD - C:\Programme\Winamp\Plugins\in_swf.dll ()
MOD - C:\Programme\Winamp\System\albumart.w5s ()
MOD - C:\Programme\Winamp\Plugins\out_disk.dll ()
MOD - C:\Programme\Winamp\System\tagz.w5s ()
MOD - C:\Programme\Winamp\Plugins\pmp_njb.dll ()
MOD - C:\Programme\Winamp\System\gif.w5s ()
MOD - C:\Programme\Winamp\System\bmp.w5s ()
MOD - C:\Programme\Winamp\Plugins\out_wave.dll ()
MOD - C:\Programme\Winamp\Plugins\in_wave.dll ()
MOD - C:\Programme\Winamp\System\dlmgr.w5s ()
MOD - C:\Programme\Winamp\System\gracenote.w5s ()
MOD - C:\Programme\Winamp\System\filereader.w5s ()
MOD - C:\Programme\Winamp\System\primo.w5s ()
MOD - C:\Programme\Winamp\Plugins\in_linein.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - K:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - K:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - K:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - K:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - K:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - K:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe ()
MOD - C:\Programme\TeamSpeak 3 Client\QtGui4.dll ()
MOD - C:\Programme\TeamSpeak 3 Client\QtCore4.dll ()
MOD - C:\Programme\TeamSpeak 3 Client\QtNetwork4.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Last.fm\srv_rtaudioplayback.dll ()
MOD - C:\Programme\Last.fm\ext_messengernotify.dll ()
MOD - C:\Programme\Last.fm\ext_skypenotify.dll ()
MOD - C:\Programme\Last.fm\srv_madtranscode.dll ()
MOD - C:\Programme\Last.fm\srv_httpinput.dll ()
MOD - C:\Programme\Last.fm\LastFmFingerprint1.dll ()
MOD - C:\Programme\Last.fm\breakpad.dll ()
MOD - C:\Programme\Last.fm\Moose1.dll ()
MOD - C:\Programme\Last.fm\LastFmTools1.dll ()
MOD - C:\Programme\Last.fm\libfftw3f-3.dll ()
MOD - C:\Programme\Last.fm\zlibwapi.dll ()
MOD - C:\Programme\TeamSpeak 3 Client\imageformats\_old_qjpeg4.dll ()
MOD - C:\Programme\TeamSpeak 3 Client\imageformats\_old_qgif4.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Last.fm\QtNetwork4.dll ()
MOD - C:\Programme\Last.fm\QtSql4.dll ()
MOD - C:\Programme\Last.fm\QtGui4.dll ()
MOD - C:\Programme\Last.fm\QtXml4.dll ()
MOD - C:\Programme\Last.fm\QtCore4.dll ()
MOD - C:\Programme\Last.fm\imageformats\qmng4.dll ()
MOD - C:\Programme\Last.fm\imageformats\qgif4.dll ()
MOD - C:\Programme\Last.fm\imageformats\qjpeg4.dll ()
MOD - K:\Program Files\Mouse Driver\keydll.dll ()
MOD - C:\Programme\mp3Tag 5\tag_menu.dll ()
MOD - K:\Program Files\Mouse Driver\MouseHook.dll ()
========== Win32 Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe (FirebirdSQL Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe (FirebirdSQL Project)
SRV - (KMWDSERVICE) -- K:\Program Files\Mouse Driver\KMWDSrv.exe (UASSOFT.COM)
========== Driver Services (SafeList) ==========
DRV - (XDva359) -- C:\Windows\system32\XDva359.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (GGSAFERDriver) -- C:\Program Files\Garena\safedrv.sys File not found
DRV - (GarenaPEngine) -- C:\Users\K1rt\AppData\Local\Temp\ILD12C3.tmp File not found
DRV - (gAGP440p) -- C:\Users\K1rt\AppData\Local\Temp\gAGP440p.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (at2983fe) -- File not found
DRV - (tlijkfyh) -- C:\Windows\System32\drivers\jxktj.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (EagleXNt) -- C:\Windows\System32\drivers\EagleXNt.sys (AhnLab, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (cpuz134) -- C:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RivaTuner32) -- k:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (scramby_out) -- C:\Windows\System32\drivers\scramby_out.sys (RapidSolution Software AG)
DRV - (scramby) -- C:\Windows\System32\drivers\scramby.sys (RapidSolution Software AG)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mythos-europe.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {53B0BE0D-955B-4F9F-8731-43594A32F916}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{53B0BE0D-955B-4F9F-8731-43594A32F916}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: K:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: k:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.14 11:53:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: k:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2012.07.12 22:44:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: k:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins [2012.07.04 15:05:57 | 000,000,000 | ---D | M]
[2012.03.13 11:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K1rt\AppData\Roaming\mozilla\Extensions
[2012.03.13 11:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K1rt\AppData\Roaming\mozilla\Extensions\contact@callgraph.in
[2012.07.04 20:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K1rt\AppData\Roaming\mozilla\Firefox\Profiles\ojzvfuhm.default\extensions
[2012.07.13 02:36:00 | 000,001,056 | ---- | M] () -- C:\Users\K1rt\AppData\Roaming\Mozilla\Firefox\Profiles\ojzvfuhm.default\searchplugins\icqplugin.xml
[2012.02.06 21:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.10 13:07:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.15 17:42:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.18 15:02:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012.02.18 13:38:57 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\K1RT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OJZVFUHM.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2012.03.25 01:14:57 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\K1RT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OJZVFUHM.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
O1 HOSTS File: ([2012.01.04 02:46:10 | 000,000,867 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 188.40.94.200 l2authd.lineage2.com
O1 - Hosts: 188.40.94.200 l2testauthd.lineage2.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] "k:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [KMCONFIG] K:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LWS] K:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EADM] K:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [EPSON SX430 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON051EA1 (Epson Stylus SX430)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Steam] K:\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\K1rt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = K:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\K1rt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5282433E-901B-44C2-B75E-7043B494DA1A}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\K1rt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\K1rt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6a68291e-813c-11df-b1cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6a68291e-813c-11df-b1cc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\menue.exe
O33 - MountPoints2\{94f6d759-c8c7-11df-ab6a-0021853a7005}\Shell - "" = AutoRun
O33 - MountPoints2\{94f6d759-c8c7-11df-ab6a-0021853a7005}\Shell\AutoRun\command - "" = Q:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.19 14:08:16 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.19 14:08:16 | 000,000,000 | ---D | C] -- C:\Users\K1rt\AppData\Roaming\Malwarebytes
[2012.07.19 14:08:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.19 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.19 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.19 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.19 13:50:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.18 19:48:56 | 000,000,000 | ---D | C] -- C:\Users\K1rt\Documents\Battlefield 3
[2012.07.18 19:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins
[2012.07.18 19:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.07.18 19:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.07.18 18:33:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
[2012.07.18 15:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2012.07.18 15:48:11 | 000,000,000 | ---D | C] -- C:\Users\K1rt\AppData\Local\Origin
[2012.07.18 15:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.07.18 15:45:33 | 000,000,000 | ---D | C] -- C:\Users\K1rt\AppData\Roaming\Origin
[2012.07.18 15:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.07.18 15:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.07.18 15:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012.07.18 15:04:42 | 000,000,000 | ---D | C] -- C:\Users\K1rt\Documents\Guild Wars 2
[2012.07.12 03:02:22 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 03:01:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 03:01:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 03:01:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 03:01:42 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 03:01:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 03:01:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 03:01:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.11 23:35:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.08 17:22:48 | 000,000,000 | ---D | C] -- C:\Users\K1rt\Documents\Wizards of the Coast
[2012.07.01 11:54:24 | 000,000,000 | ---D | C] -- C:\Users\K1rt\AppData\Local\{A11E0714-DB44-43E8-B1ED-475425443E04}
[2012.07.01 11:54:12 | 000,000,000 | ---D | C] -- C:\Users\K1rt\AppData\Local\{223B77B5-F68D-4DE8-9C77-286D0B31CE28}
[2012.06.30 21:34:57 | 000,000,000 | ---D | C] -- C:\Users\K1rt\AppData\Local\{EFF0DDA0-AB86-408F-82F8-CE8A3A7A0AA0}
[2012.06.30 21:34:43 | 000,000,000 | ---D | C] -- C:\Users\K1rt\AppData\Local\{8E5D37CF-ED98-4EE3-BB88-A8F8B1865589}
[2012.06.29 19:57:00 | 000,000,000 | ---D | C] -- C:\Users\K1rt\AppData\Local\{468E3385-A28B-4CE1-9873-6120D457DE71}
[2012.06.29 19:56:51 | 000,000,000 | ---D | C] -- C:\Users\K1rt\AppData\Local\{959CEC22-534D-4DE9-AD00-138E9CF183A1}
[2012.06.27 20:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.06.27 20:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.06.24 20:53:59 | 000,000,000 | ---D | C] -- C:\Users\K1rt\AppData\Local\{5055F64C-30AE-48DA-8BD2-E25F80B48491}
[2012.06.24 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\K1rt\AppData\Local\{4F89F1F2-DC15-4A32-9B05-1D02DFA37592}
[2012.06.24 20:51:43 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.06.24 20:43:38 | 000,000,000 | ---D | C] -- C:\Users\K1rt\AppData\Local\Windows Live
[2012.06.22 15:19:28 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.22 15:19:28 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.22 15:18:58 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.22 15:18:58 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.22 15:18:58 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.22 15:18:50 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.22 15:18:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.21 17:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FMOD SoundSystem
[2012.06.21 17:07:21 | 000,000,000 | ---D | C] -- C:\Users\K1rt\Documents\FMOD SoundBank Generator
[2012.06.21 17:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\FMOD SoundSystem
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.19 17:15:12 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\jxktj.sys
[2012.07.19 16:26:27 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 16:26:27 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 14:08:38 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.19 14:08:07 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.19 13:52:34 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.18 20:35:21 | 000,140,072 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.18 20:35:11 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.07.18 19:49:13 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.07.18 18:33:14 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.07.18 18:32:52 | 000,138,056 | ---- | M] () -- C:\Users\K1rt\AppData\Roaming\PnkBstrK.sys
[2012.07.18 15:45:32 | 000,000,614 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.07.18 15:08:45 | 000,000,467 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.07.15 14:03:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.07.12 20:26:21 | 003,611,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 20:26:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.12 20:25:15 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.12 20:25:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012.07.11 21:14:19 | 252,709,869 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.04 15:05:57 | 000,001,895 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.30 22:43:17 | 003,806,150 | ---- | M] () -- C:\Users\K1rt\Documents\04 Spur 4.wma
[2012.06.30 22:42:32 | 000,064,000 | ---- | M] () -- C:\Users\K1rt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.30 22:42:13 | 003,041,222 | ---- | M] () -- C:\Users\K1rt\Documents\01 Spur 1.wma
[2012.06.29 06:08:52 | 000,000,705 | ---- | M] () -- C:\Users\K1rt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.06.25 16:11:43 | 000,173,312 | ---- | M] () -- C:\Users\K1rt\Documents\(Unknown) - Clip 001.avi.sfk
[2012.06.25 16:11:33 | 000,001,024 | ---- | M] () -- C:\Users\K1rt\Documents\Standard.sfvidcap
[2012.06.25 15:57:57 | 001,049,194 | ---- | M] () -- C:\Users\K1rt\Documents\Track 1 - 2.wav
[2012.06.25 15:57:57 | 000,004,152 | ---- | M] () -- C:\Users\K1rt\Documents\Track 1 - 2.sfk
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.19 17:15:12 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\jxktj.sys
[2012.07.19 14:08:07 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.19 13:49:51 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.18 18:33:14 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.07.18 18:32:52 | 000,138,056 | ---- | C] () -- C:\Users\K1rt\AppData\Roaming\PnkBstrK.sys
[2012.07.18 15:45:32 | 000,000,614 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.07.18 15:08:45 | 000,000,467 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.07.04 15:05:09 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.07.04 15:05:09 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.06.30 22:41:51 | 003,806,150 | ---- | C] () -- C:\Users\K1rt\Documents\04 Spur 4.wma
[2012.06.30 22:41:17 | 003,041,222 | ---- | C] () -- C:\Users\K1rt\Documents\01 Spur 1.wma
[2012.06.29 06:08:52 | 000,000,705 | ---- | C] () -- C:\Users\K1rt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.06.25 16:09:17 | 000,001,024 | ---- | C] () -- C:\Users\K1rt\Documents\Standard.sfvidcap
[2012.06.25 16:09:15 | 000,173,312 | ---- | C] () -- C:\Users\K1rt\Documents\(Unknown) - Clip 001.avi.sfk
[2012.06.25 15:57:57 | 000,004,152 | ---- | C] () -- C:\Users\K1rt\Documents\Track 1 - 2.sfk
[2012.06.25 15:57:49 | 001,049,194 | ---- | C] () -- C:\Users\K1rt\Documents\Track 1 - 2.wav
[2012.06.24 20:50:52 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.06.24 20:50:09 | 000,001,235 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.06.24 20:49:28 | 000,002,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.03.13 19:18:43 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2012.02.03 11:29:56 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.12.28 03:05:49 | 000,051,186 | ---- | C] () -- C:\Users\K1rt\AppData\Roaming\room_v3.dat
[2011.11.17 22:49:18 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.05.18 17:08:33 | 000,085,008 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.05.11 14:04:49 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.11 14:04:49 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.17 14:27:17 | 000,046,706 | ---- | C] () -- C:\Users\K1rt\AppData\Roaming\room.dat
[2011.03.11 18:53:20 | 000,007,461 | ---- | C] () -- C:\Users\K1rt\AppData\Roaming\PStrip.ini
[2011.02.25 18:16:16 | 000,000,044 | ---- | C] () -- C:\Users\K1rt\ts3_recording_11_02_25_17_16_14.wav
[2011.01.31 19:29:41 | 000,000,044 | ---- | C] () -- C:\Users\K1rt\ts3_recording_11_01_31_18_29_39.wav
[2011.01.30 00:13:17 | 003,821,356 | ---- | C] () -- C:\Users\K1rt\HM schnitzel.wav
[2011.01.22 03:15:53 | 001,527,852 | ---- | C] () -- C:\Users\K1rt\ts3_recording_11_01_22_2_15_51.wav
[2011.01.12 17:52:41 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2011.01.12 17:52:19 | 000,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll
[2011.01.12 17:52:18 | 000,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll
[2011.01.10 20:08:27 | 005,031,980 | ---- | C] () -- C:\Users\K1rt\ts3_recording_11_01_10_19_8_23.wav
[2010.12.29 21:43:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.12.29 21:42:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.12.14 22:08:03 | 001,411,116 | ---- | C] () -- C:\Users\K1rt\ts3_recording_10_12_14_21_8_2.wav
[2010.12.14 13:50:35 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.11.28 03:03:25 | 000,000,092 | ---- | C] () -- C:\Users\K1rt\AppData\Local\fusioncache.dat
[2010.11.25 00:18:06 | 000,153,644 | ---- | C] () -- C:\Users\K1rt\ts3_recording_10_11_24_23_18_4.wav
[2010.11.25 00:16:51 | 003,265,324 | ---- | C] () -- C:\Users\K1rt\ts3_recording_10_11_24_23_16_50.wav
[2010.11.16 19:29:08 | 000,140,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.11.16 19:29:01 | 000,280,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.11.16 19:28:54 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.11.08 21:50:41 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.11.08 21:50:40 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.10.25 17:56:14 | 000,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys
[2010.10.22 23:13:49 | 000,335,872 | ---- | C] () -- C:\Windows\System32\m4atag.dll
[2010.10.13 22:48:56 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.08.21 21:53:37 | 001,409,319 | ---- | C] () -- C:\Users\K1rt\P160109_15.39.jpg
[2010.07.24 12:40:27 | 000,000,246 | ---- | C] () -- C:\Users\K1rt\SciTE.session
[2010.07.03 03:32:03 | 000,064,000 | ---- | C] () -- C:\Users\K1rt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 18:11:39 | 000,000,680 | ---- | C] () -- C:\Users\K1rt\AppData\Local\d3d9caps.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1C422577
< End of report > --- --- ---
Wie wären die weiteren Schritte?
MfG Karasu616 |