Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU 2.07 - nun bin ich auch dran..

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 02.08.2012, 06:12   #1
kev255
 
GVU 2.07 - nun bin ich auch dran.. - Beitrag

GVU 2.07 - nun bin ich auch dran..



Sehr geehrte Helferlein,

Heute Nacht hat es mich leider auch erwischt. Seit etwa 3 Uhr hock ich nun vor meiner Kiste und versuch sie wieder ans laufen zu bekommen - vergeblich.

Nun bin ich zufällig auf Eure Seite gestoßen.

OTL Log:
Code:
ATTFilter
OTL logfile created on: 02.08.2012 07:05:10 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Kev\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,59% Memory free
8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 18,45 Gb Free Space | 12,38% Space Free | Partition Type: NTFS
Drive D: | 267,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 120,11 Mb Total Space | 109,38 Mb Free Space | 91,07% Space Free | Partition Type: FAT
 
Computer Name: KEV-PC | User Name: Kev | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kev\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf Ltd)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (xsherlock) -- C:\Windows\SysWOW64\xsherlock.xem (Wellbia.com Co., Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WireHelpSvc) -- C:\Programme\Common Files\WireHelpSvc.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
 
 
IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 D8 A6 55 75 23 CC 01  [binary data]
IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 216.155.139.115:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "64.120.226.94"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "64.120.226.94"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.120.226.94"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "64.120.226.94"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.07 21:43:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 01:58:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.11 18:56:22 | 000,000,000 | ---D | M]
 
[2011.04.18 21:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kev\AppData\Roaming\mozilla\Extensions
[2012.05.20 11:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\ilo8sujg.default\extensions
[2012.05.20 11:31:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\ilo8sujg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.04.19 14:45:06 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\ilo8sujg.default\extensions\battlefieldheroespatcher@ea.com
[2011.07.08 17:34:40 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\ilo8sujg.default\extensions\DefaultManager@Microsoft
[2012.04.26 15:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.08 23:45:00 | 000,061,705 | ---- | M] () (No name found) -- C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ILO8SUJG.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2012.01.02 01:42:09 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ILO8SUJG.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.04.29 21:29:12 | 000,004,404 | ---- | M] () (No name found) -- C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ILO8SUJG.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2012.07.18 01:58:02 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.11 18:56:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.13 22:58:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 22:58:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 22:58:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.11 22:59:39 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.13 22:58:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 22:58:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 22:58:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.04 04:41:35 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E88F556F-0087-4D8B-BDC0-4E06F860C0B7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E88F556F-0087-4D8B-BDC0-4E06F860C0B7}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7b68b01a-19e9-11e1-a9b2-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{7b68b01a-19e9-11e1-a9b2-00ff01000001}\Shell\AutoRun\command - "" = E:\INSTALL.EXE
O33 - MountPoints2\{ff8514aa-d0d0-11e1-ab7d-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{ff8514aa-d0d0-11e1-ab7d-00ff01000001}\Shell\AutoRun\command - "" = E:\raf-risen_hd_ce.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.02 07:02:56 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Malwarebytes
[2012.08.02 07:02:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.02 07:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.02 07:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.02 07:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.02 07:02:26 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe
[2012.08.02 07:02:25 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Kev\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.02 05:49:50 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.28 14:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay
[2012.07.24 14:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.07.24 14:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
[2012.07.24 13:56:30 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Risen
[2012.07.24 13:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver
[2012.07.19 14:48:10 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\SKIDROW
[2012.07.19 14:48:10 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Risen2
[2012.07.19 01:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.07.19 00:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.07.19 00:44:20 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.07.19 00:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.07.12 02:16:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 02:16:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 02:16:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 02:16:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 02:16:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 02:16:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 02:16:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 02:16:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 02:16:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 02:16:41 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 02:16:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 02:16:41 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 02:16:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 01:20:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 01:20:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.12 01:20:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 01:16:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.12 01:16:49 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.08 15:29:05 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
[2012.07.08 15:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike
[2012.07.08 15:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.02 07:04:05 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.02 07:04:05 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.02 07:04:05 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.02 07:04:05 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.02 07:04:05 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.02 07:02:41 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.02 07:01:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.02 07:01:05 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.02 06:59:08 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Kev\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.02 06:58:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe
[2012.08.02 06:56:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.02 02:50:29 | 000,001,877 | ---- | M] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.02 00:39:03 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.08.02 00:39:03 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.02 00:38:47 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.08.01 20:39:09 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 20:39:09 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 02:56:52 | 000,001,354 | ---- | M] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.07.28 15:04:35 | 050,846,578 | ---- | M] () -- C:\Users\Kev\Desktop\Raplays.rar
[2012.07.28 14:19:51 | 000,001,993 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012.07.28 14:19:51 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012.07.27 16:50:43 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.07.19 00:45:28 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.07.19 00:44:20 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.07.12 23:50:20 | 000,000,080 | ---- | M] () -- C:\Users\Kev\AppData\Roaming\mBot.ini
[2012.07.12 12:57:48 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.02 07:02:41 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.02 02:50:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.08.02 02:50:29 | 000,001,877 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.01 02:56:52 | 000,001,354 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.07.28 15:04:22 | 050,846,578 | ---- | C] () -- C:\Users\Kev\Desktop\Raplays.rar
[2012.07.28 14:18:56 | 000,001,993 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012.07.28 14:18:56 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012.07.19 00:45:28 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.05.03 04:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012.03.29 17:37:09 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.29 17:37:09 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd4040cn.dat
[2012.03.29 17:37:09 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.27 17:01:49 | 000,186,197 | ---- | C] () -- C:\ProgramData\1327676404.bdinstall.bin
[2012.01.27 16:52:38 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2012.01.27 16:52:38 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2012.01.12 01:39:09 | 000,358,414 | ---- | C] () -- C:\ProgramData\1326324280.bdinstall.bin
[2012.01.04 04:42:06 | 000,000,080 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\mBot.ini
[2011.10.30 19:08:09 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.01 01:30:54 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.09.01 01:30:54 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.09.01 01:30:54 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.08.31 22:04:46 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.08.15 15:28:47 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.07.02 20:37:53 | 000,000,031 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\esroLoader.ini
[2011.06.23 02:03:19 | 000,000,105 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\private_server_loader.ini
[2011.06.22 23:59:59 | 000,000,292 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2011.06.22 17:16:06 | 000,000,598 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2011.06.22 17:15:48 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011.05.14 09:33:49 | 001,598,640 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.19 15:17:23 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.04.19 15:17:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.04.18 22:22:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2011.06.22 23:59:59 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\BITS
[2012.07.19 00:51:08 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\DAEMON Tools Lite
[2011.05.29 20:13:31 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\edxLabs
[2011.06.22 17:15:43 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\FlashGet
[2011.06.22 17:15:41 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\FlashGetBHO
[2012.05.17 20:23:37 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Leadertech
[2011.04.18 23:41:03 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\LolClient
[2012.05.24 16:33:08 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\LolClient2
[2011.11.18 21:00:33 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\OpenOffice.org
[2011.10.26 23:19:31 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Origin
[2011.04.21 22:21:26 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\PunkBuster
[2012.01.12 01:25:20 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\QuickScan
[2011.04.19 11:34:07 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\SFBot
[2012.04.15 14:14:29 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\TeamViewer
[2012.07.16 22:40:40 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\TS3Client
[2012.06.26 16:59:33 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\wargaming.net
[2011.08.29 18:05:43 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\www.rene-zeidler.de
[2012.06.24 11:47:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
< End of report >
         

Extras-Log (OTL):
Code:
ATTFilter
OTL Extras logfile created on: 02.08.2012 07:05:10 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Kev\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,59% Memory free
8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 18,45 Gb Free Space | 12,38% Space Free | Partition Type: NTFS
Drive D: | 267,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 120,11 Mb Total Space | 109,38 Mb Free Space | 91,07% Space Free | Partition Type: FAT
 
Computer Name: KEV-PC | User Name: Kev | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06899AAF-E55A-436C-957E-0F70AC5A5467}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{094F37A6-47F8-4268-9CF3-E0352333817C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{129658BE-1364-420C-A067-7907A997FA76}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{16BF999B-A54A-461C-A443-18866C19BDED}" = lport=6900 | protocol=17 | dir=in | name=league of legends launcher | 
"{18DC69EC-F6B7-4A4E-A08B-BBBEC537C4EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1C30B52F-3572-40FC-AC47-084DF5C92919}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2290F550-86C1-4E48-91CA-4D64212456A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2B0E1B0F-7422-49CD-9249-811E3A0D9E0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2E5BA39B-B2DD-48F2-8DC5-8CA26F881191}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface | 
"{2FD372C9-FC8A-4FFA-B9D1-68D0568ED7C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{30DCC186-613B-4964-9791-83B522C78524}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{340DED20-CEEE-47B7-8C64-962666B96C2A}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{39E37FA2-2793-496F-97BC-687277B1858C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3B1F684E-F560-4DE8-BB97-F15FDAB2794A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3D325BBC-75CB-45D9-AECD-70B158E3DFBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4317AC17-A4F7-4EBB-8E51-B846D960281B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{4F8E3366-9105-4DF0-A276-28125FC63668}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher | 
"{61845226-8B84-4927-A695-9579C011F5CE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{697138E3-8B41-4543-9472-2EAC4DE4E300}" = lport=139 | protocol=6 | dir=in | app=system | 
"{762A79D9-9B9E-48BC-B940-4A593766F867}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{80EC02E3-B068-49C8-927F-748D0A0C8A9D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{811B8076-3994-4528-B422-4227FD2238CC}" = lport=49175 | protocol=6 | dir=in | name=akamai netsession interface | 
"{85E7C377-6ADB-4597-9043-65528C884E87}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{87DE1166-DF1E-45D5-9340-BC1809C32D3F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9013E1D1-5CD7-4AE0-8A69-D5E17E5C281B}" = lport=49195 | protocol=6 | dir=in | name=akamai netsession interface | 
"{952E55AE-A6B0-4989-8FD9-25B6E56ECDAE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{99240B89-1C8E-4971-BD0F-2934EA5251C7}" = lport=6900 | protocol=6 | dir=in | name=league of legends launcher | 
"{9DACBF95-2D20-4243-B4D6-930DBCA956AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AB6D2BBB-FC07-4513-909E-0510B7174D01}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AC7CA488-04A0-4198-8DE5-50CD591D14B8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B416EC4E-1964-4198-9BA9-101DD684D41E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BACBB0B5-4D6C-4464-8891-81E9F69A088E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BC880336-957F-4647-8CD0-6B8950596F42}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{BCC5ADA0-B77B-492F-A3BE-96758471721D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{C0B1ECE5-6BC2-460A-B9F2-3CB8BC3AC5E2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C5520744-7AE6-48AB-AA52-03A7183F3AEA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C93C3361-917F-453E-A996-43F9B68BFD37}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CC0653FB-F25D-41FA-BDB2-CCC3CDB966C6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D4D6F56D-CF4E-4D64-99D9-71444D2F484C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D8301A37-4A62-4C01-A7EB-858F88FF9D14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DF47ADF3-1B5E-4A27-A7B2-31D14BD4BC88}" = lport=49182 | protocol=6 | dir=in | name=akamai netsession interface | 
"{DF9C3A56-F22D-4020-9D9C-AF6ABAC5E721}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E93D3E22-2331-4995-965B-3F46B156DD0B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E9DAA044-4BDA-42CE-AE18-8E640A0BAD4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EB421CB5-BEF9-4BD8-8B7B-F15DD2401567}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher | 
"{EC1FF399-47D7-4AF3-B584-ED84A59FCF10}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F0CC8030-4D06-4CE2-B0C5-9C3397C9EB8D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F77DEC57-F1F5-474A-9CA4-3DAA9244D1E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002D0026-E596-4656-93BF-FCA3CBAF63FB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{00318544-6C30-4EA3-8A95-A0549A4DC7E4}" = dir=in | app=c:\program files\eslwire\wire.exe | 
"{04274D3E-F86B-4DDC-BD17-ABB6C01C89DB}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{11B87D12-9B27-433D-92D4-1171576B8D8E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"{139B59F1-129C-4890-95B0-B355EEFFA77D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1845DD98-797A-40CB-A951-004356740405}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{18566774-4DDF-44EA-90ED-CEB18CC49811}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1ABF53D5-859B-439C-BB79-C441AD1D6852}" = dir=out | app=c:\program files\eslwire\wire.exe | 
"{1EE39107-D716-41EB-8473-FF9FABC3AD3F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"{21F8C564-0A6D-4D53-BF22-0BAF4F5E3173}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{259E79AA-693E-4E63-AFEC-5CA61C514AA0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{302F7C49-4D00-4887-93EF-EF7A01711741}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3148EC32-9B27-411B-A3CE-5BCCCFF34371}" = protocol=17 | dir=in | app=c:\program files (x86)\outspark\projectpowder\run.exe | 
"{32CB6DE0-9BC6-45BE-9210-CB67B671970F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3570F312-217C-4561-A601-1790D466F516}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"{35CA1254-12DB-4ABF-8AAD-6236EE5DB1DD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3AB9962C-033D-41F7-ABFB-8AF42C1B2417}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3B159C87-E076-4862-A06B-3B88B02A97BF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{3DDD1944-7DD4-4813-BF09-E76B8AC55276}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3FE909DF-E809-4D82-8A71-CEC29CAB24CE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"{420A3B12-5963-4F36-AEB9-49273A6D23DF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{52CF82A9-AD96-4229-AD2E-3186E4DDFD67}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{54787DBD-A967-46FB-BED6-4F624E8601A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5773BE1D-C440-4D55-9121-5124E5EAA146}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{5A7C78D4-32DD-43EE-B76D-DCA0795333A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5F8F13F6-32C9-4530-BF37-252A93E1E3F1}" = protocol=6 | dir=in | app=c:\program files (x86)\outspark\projectpowder\run.exe | 
"{61BEEDE4-1FF1-4D8F-A9A8-D8F6F610057A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{62D6F4B3-FCD2-46F0-98E1-6EFFE37243F5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6396A34E-3A12-463C-A26C-C04030F21A69}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{680010D0-438D-40AB-9C31-FF1BA27DF3A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E17D508-0117-4246-9E8A-E0180B309BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{6FF48710-D60E-4938-A4CF-5BF00EDC8A4E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{71BBB0C0-3E7C-45CD-8FED-B33CE730585D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{742E9162-0469-49B3-AF0D-AC4BC9C0DCDB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{78475BEB-1CDB-4CEE-A684-47191CD0E249}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{80C67BF7-1537-433C-89A8-A1AF815D0AD4}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{859DA5B1-1686-470B-8C30-E3105DB42A5B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8854119F-2C1C-4CAB-8133-C6151A312BBC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{90809ED9-3475-4789-B41C-1D195BEE085D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{9B8FAA93-C559-4B15-A58A-BF4F155B100C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A5ACDC48-D95C-46FC-8E7E-8BA48FF868E4}" = protocol=17 | dir=in | app=c:\program files (x86)\outspark\projectpowder\run.exe | 
"{AA8F5570-5931-488A-A676-1EBBA108BB76}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{ABF751D2-2277-442E-A1E6-2617667C928D}" = protocol=6 | dir=in | app=c:\program files (x86)\outspark\projectpowder\run.exe | 
"{AC228EC3-1B8F-4E3E-AB09-888F57C768DC}" = protocol=6 | dir=out | app=system | 
"{AC7D552B-2571-436A-AFC4-14621E35451D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B4E2C6B3-2DD9-44D9-9053-D0D9A5D50A6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B68E13BC-DE84-43B9-813A-4755921859E2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BE34357C-9AE7-4DDE-944D-28B8BCCF5A16}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CFA8871C-12DD-4A35-9685-C45896D9C2F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D05C3A84-2280-42B6-AE5F-56E542A4D516}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D403CC78-D022-4BDE-84E1-4A694504B654}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D464B792-A60A-41CE-BBF9-2B81421E76E1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{D5C2AAB7-7C78-419F-9079-BFC56683176C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DC6F38B7-B134-4661-9D02-B32780BA832B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DC6FD7C5-5C23-4FB7-A666-F485D35B5322}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E2554337-6958-4387-8C0E-FFF00512E75E}" = protocol=6 | dir=in | app=c:\users\kev\appdata\local\akamai\netsession_win.exe | 
"{E484DB76-08F0-4EE6-87EC-BD3836BDB17B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4AB8A94-2375-4762-BBDF-8B6EE7AAE94D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E9E7C839-0593-4C15-AD0D-D14D5E4A6BF2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EB28E950-F62E-452A-A93C-4C1929061C3E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{ECE4B7B2-2B18-4230-B57C-C8E517888023}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{EE98AE5F-F0DD-4F2A-B259-0CCA6E9DF2E9}" = protocol=17 | dir=in | app=c:\users\kev\appdata\local\akamai\netsession_win.exe | 
"{F0145CE3-430C-402E-BC53-E9E9E857668E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F39386CC-DD50-474A-9971-A514C3DF796F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{F6C01D38-B9DB-4D46-BAFB-80847EF7947B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F969D79D-0763-4D2E-A487-8663B764A41B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FDBE4F2A-82D4-443A-8080-F0DBC19C3050}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"TCP Query User{0800EBC8-4723-40F6-A09B-41EFC7F05FA9}C:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe | 
"TCP Query User{0918F4C4-D0C1-43F6-AF6D-589A4A28E141}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"TCP Query User{117D5FB5-B217-41E5-9804-2AC33D168E0A}C:\program files (x86)\silkroadr\mbot_sror1.2\mbot_sror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\silkroadr\mbot_sror1.2\mbot_sror.exe | 
"TCP Query User{2261F7D2-7EFF-4D04-B258-237EC4B4B239}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{239A2806-E01F-4EB7-A8C3-757D07D191F2}C:\program files (x86)\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike\hl.exe | 
"TCP Query User{2B71EBE9-7BC3-4B25-A3E1-DC32B696801E}C:\users\kev\documents\silkroad bot\ibot\_ibot__public_released_v1.1.9\ibot.exe" = protocol=6 | dir=in | app=c:\users\kev\documents\silkroad bot\ibot\_ibot__public_released_v1.1.9\ibot.exe | 
"TCP Query User{31733883-3093-4C7D-8235-F742878B83FC}C:\users\kev\desktop\spiele\desirexsro\mbot_vsro110_1.12b\mbot_vsro110.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\desirexsro\mbot_vsro110_1.12b\mbot_vsro110.exe | 
"TCP Query User{3373EA4A-1C51-466F-A815-DBF8AA28F1AE}C:\program files (x86)\tera\tera uncensor patcher v1.7.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera uncensor patcher v1.7.exe | 
"TCP Query User{3B36A67B-D56F-4F75-B24A-8D5BA97F934E}C:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{4412870E-8A02-4BDC-A12B-F34D1BE0806E}C:\users\kev\desktop\spiele\desirexsro\mbot_twink\mbot_vsro110.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\desirexsro\mbot_twink\mbot_vsro110.exe | 
"TCP Query User{456A7327-1996-4118-B237-888B6BB40AF5}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"TCP Query User{4A13526F-5136-4858-BEA3-FB55E621CB93}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"TCP Query User{4B347490-CCF9-403A-AA91-EA6EDAEF0078}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{4BE0B4F4-6A90-4E12-A0BE-F92C647F4727}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{4DAA6127-213A-4488-8A0F-E936D2449BC3}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{557F0DE6-E22A-4F38-867A-7AB422B75704}C:\users\kev\desktop\spiele\grindroad+online\grindroad online\mbot_vsro110_1.10b\mbot_vsro110.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\grindroad+online\grindroad online\mbot_vsro110_1.10b\mbot_vsro110.exe | 
"TCP Query User{6322BEB4-95B6-4E47-959E-C75953AA4F9F}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{69CB2E38-8105-44DA-895A-BFC44EBB938F}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe | 
"TCP Query User{6A4F8923-931D-40D7-A61F-702D09A4BDF5}C:\users\kev\desktop\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\empire earth\empire earth.exe | 
"TCP Query User{6A5A0029-FFEC-495A-94EB-68CB56F65A58}C:\users\kev\desktop\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\empire earth\empire earth.exe | 
"TCP Query User{71981F82-075C-49F2-ADAB-01C8D160B181}C:\users\kev\desktop\spiele\wc3\war3.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\wc3\war3.exe | 
"TCP Query User{7516672F-41BF-4D28-A633-D061120CB9AF}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{810C9F88-E049-40FE-90A6-F8AAB8B30E45}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe | 
"TCP Query User{8B048F6E-65EC-4344-933A-726146A27ADB}C:\program files (x86)\silkroadr\ibot\ibot.exe" = protocol=6 | dir=in | app=c:\program files (x86)\silkroadr\ibot\ibot.exe | 
"TCP Query User{8B9E94F9-807B-4A43-B578-B2743E718EFD}C:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{9CF2CA1F-3743-4680-B52F-BAFF7A2E0DFB}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{9FDCFB5A-64FB-43EB-B508-7787BF1A1B97}C:\program files (x86)\silkroadr\ibot\agbot\packag5.2.0b.nomap\agbot.package\hackshieldstuff\hsserver\projecthsbypass1.4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\silkroadr\ibot\agbot\packag5.2.0b.nomap\agbot.package\hackshieldstuff\hsserver\projecthsbypass1.4.exe | 
"TCP Query User{A1820E9D-A4BA-4070-AAB5-EAF708049DD9}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{A37F11F0-F509-4B87-AE73-6C242F67D527}C:\users\kev\desktop\spiele\desirexsro\vsroautoalchemy\fuse-o-mat\fuse-o-mat - release\phconnector\phconnector.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\desirexsro\vsroautoalchemy\fuse-o-mat\fuse-o-mat - release\phconnector\phconnector.exe | 
"TCP Query User{A6E6817F-B98D-4312-9997-F6F59336D437}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{AB0B8C69-1C41-4A13-B1D0-EDD0D03CF8DF}C:\program files (x86)\silkroadr\ibot\ibot.exe" = protocol=6 | dir=in | app=c:\program files (x86)\silkroadr\ibot\ibot.exe | 
"TCP Query User{AB4B9808-B25E-4676-BDF5-61C5E6131275}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{B671C6D5-EBD6-4710-BD3C-4D2CF9AF78F3}C:\users\kev\desktop\spiele\wc3\war3.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\wc3\war3.exe | 
"TCP Query User{B70A14C5-591A-4B07-823D-95ADBD26B16E}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"TCP Query User{B97B8DB1-84A2-435E-A195-FD79C231222F}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{BC1968F0-0363-4656-BA14-0DA17504B498}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{BE60BE30-BFF9-4B8A-BB90-D52AC9DDFDC6}C:\program files (x86)\silkroadr\mbot_chill3r\mbot_sror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\silkroadr\mbot_chill3r\mbot_sror.exe | 
"TCP Query User{C958B64F-E58C-4277-B1AF-8A6A34C17EDE}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{CF924F34-9198-4932-A674-C1D22841BF85}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{D52CAB53-DE6E-456D-A679-DD2EA19644EE}C:\users\kev\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kev\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{D9AC46FF-A296-4188-94CE-54B942DE4770}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{DD695EE1-2F6D-44AB-83CC-283AB66E6F6A}C:\program files\jowood\die gilde gold-edition\gildegold.exe" = protocol=6 | dir=in | app=c:\program files\jowood\die gilde gold-edition\gildegold.exe | 
"TCP Query User{E04444BD-ACA8-4691-AE57-FB5D7685AB3A}C:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe | 
"TCP Query User{E23A0A0F-B602-45A5-BD9A-4E2D483EBB56}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{E87BFAEA-C15A-4F1B-A597-81C678E0231C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{EDD87E9F-3D0C-42CC-9396-1FF606345763}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{F01FAFB2-1776-40EA-8F49-686AF3A01665}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{FAE274DE-A988-4249-B042-D3B8C006D042}C:\program files (x86)\silkroadr\mbot_soxs\mbot_sror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\silkroadr\mbot_soxs\mbot_sror.exe | 
"UDP Query User{0244E1A6-4D16-459A-A459-47635936E1C5}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{04509A9A-CE84-40C8-9BBC-C99857BC1A94}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{05D8E21E-BDDB-49D5-AB21-28EA3F9FB1CF}C:\program files (x86)\silkroadr\ibot\ibot.exe" = protocol=17 | dir=in | app=c:\program files (x86)\silkroadr\ibot\ibot.exe | 
"UDP Query User{0EB835E5-FDE8-4879-B943-1A001ADB49F8}C:\users\kev\documents\silkroad bot\ibot\_ibot__public_released_v1.1.9\ibot.exe" = protocol=17 | dir=in | app=c:\users\kev\documents\silkroad bot\ibot\_ibot__public_released_v1.1.9\ibot.exe | 
"UDP Query User{124A9D4B-F3E4-4151-B7EC-8805D17D0585}C:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{14E2A14D-B330-444D-8200-5A6DD99820AD}C:\program files (x86)\silkroadr\mbot_sror1.2\mbot_sror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\silkroadr\mbot_sror1.2\mbot_sror.exe | 
"UDP Query User{17F5EE90-85D0-4068-BEF9-8A7BA7B5F5A7}C:\program files\jowood\die gilde gold-edition\gildegold.exe" = protocol=17 | dir=in | app=c:\program files\jowood\die gilde gold-edition\gildegold.exe | 
"UDP Query User{25BCC645-3F91-4D8B-A0A6-795F4205B343}C:\users\kev\desktop\spiele\desirexsro\mbot_twink\mbot_vsro110.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\desirexsro\mbot_twink\mbot_vsro110.exe | 
"UDP Query User{31267D8F-1B58-45BA-A102-08EA674187E6}C:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe | 
"UDP Query User{3B1DA0C3-B8CF-4160-9435-4B8C0B021546}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{416C0085-EB9C-4E10-AC33-21051CBBA04F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{431AF372-1D71-4061-91B9-8189D984C05B}C:\users\kev\desktop\spiele\desirexsro\vsroautoalchemy\fuse-o-mat\fuse-o-mat - release\phconnector\phconnector.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\desirexsro\vsroautoalchemy\fuse-o-mat\fuse-o-mat - release\phconnector\phconnector.exe | 
"UDP Query User{480DF683-7974-41FE-9306-2B323EB5E207}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{58C8E833-DFAC-4C56-872C-D56816B431B7}C:\users\kev\desktop\spiele\grindroad+online\grindroad online\mbot_vsro110_1.10b\mbot_vsro110.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\grindroad+online\grindroad online\mbot_vsro110_1.10b\mbot_vsro110.exe | 
"UDP Query User{5DF45C4B-FDB1-4311-8C74-737FA94AD5D4}C:\users\kev\desktop\spiele\desirexsro\mbot_vsro110_1.12b\mbot_vsro110.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\desirexsro\mbot_vsro110_1.12b\mbot_vsro110.exe | 
"UDP Query User{6108F793-811A-446C-A349-2E626A0558AB}C:\program files (x86)\silkroadr\ibot\ibot.exe" = protocol=17 | dir=in | app=c:\program files (x86)\silkroadr\ibot\ibot.exe | 
"UDP Query User{612723A5-1E02-44DE-A604-08368F88C700}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{6216C657-FED4-4852-A445-FCE2FB027C2E}C:\users\kev\desktop\spiele\wc3\war3.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\wc3\war3.exe | 
"UDP Query User{67B3141A-CECE-4C3F-A04C-25981C59A900}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe | 
"UDP Query User{6A6466B6-B875-4D51-BF74-9B687B719536}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{6B38E4FD-0947-4B7C-A02D-4F9A66B986F1}C:\program files (x86)\silkroadr\ibot\agbot\packag5.2.0b.nomap\agbot.package\hackshieldstuff\hsserver\projecthsbypass1.4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\silkroadr\ibot\agbot\packag5.2.0b.nomap\agbot.package\hackshieldstuff\hsserver\projecthsbypass1.4.exe | 
"UDP Query User{6FA3DCD6-ECD0-4189-8244-B8064DC6014F}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{70B320A2-4A4E-44F3-8DCD-D9BA4CD08E58}C:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe | 
"UDP Query User{713ECE48-FB29-4543-BF00-F0149BAF1876}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"UDP Query User{89CF1275-2DEC-4E3B-81BB-BB5688DFAB5E}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe | 
"UDP Query User{8B4477AB-AF9B-4A71-A5CD-627DAA0ECF45}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{986803BB-588D-4072-A79E-7B6553915AC5}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"UDP Query User{9C4EB171-C45E-4100-A6BB-636F5C3D4E0C}C:\users\kev\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kev\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{9D1D5AEE-BFCA-4477-B8AD-18612C5C9479}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{9E2AAE4A-05B1-408B-8E91-EB6CCCD2F91F}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{A623D524-2182-473B-8542-7708BA185B89}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"UDP Query User{ACA43002-9DA1-40A9-9659-F992F56686FB}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{B42604A8-BD49-492F-B182-22C67B4F7D32}C:\users\kev\desktop\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\empire earth\empire earth.exe | 
"UDP Query User{B567011D-7E5B-48D1-B2B8-84A8403893BC}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{BC198B22-4958-48DD-94AC-F241FF8DF013}C:\users\kev\desktop\spiele\wc3\war3.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\wc3\war3.exe | 
"UDP Query User{C3514880-36C0-43A7-A414-6797514122C9}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{C519D022-7FB4-4E32-B139-FEC37A92CE41}C:\program files (x86)\tera\tera uncensor patcher v1.7.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera uncensor patcher v1.7.exe | 
"UDP Query User{D1250A55-3577-44BF-80DE-A267806453C0}C:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{D133D800-C847-47CB-817F-0F0FAD3B0536}C:\users\kev\desktop\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\empire earth\empire earth.exe | 
"UDP Query User{D527B651-A1DD-4104-BDA6-E2C5697E16EB}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{D73411A3-C61E-4893-98CD-F7C186CF4E53}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{DB66DBDA-3991-4326-9D82-093883049F5D}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{F11EA530-C3D7-4CCA-A55C-BABBD1569B9E}C:\program files (x86)\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike\hl.exe | 
"UDP Query User{F43ABCBC-35ED-469E-A440-B2A1E8D71781}C:\program files (x86)\silkroadr\mbot_soxs\mbot_sror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\silkroadr\mbot_soxs\mbot_sror.exe | 
"UDP Query User{F844C938-8162-429B-9048-48F3AF2405FE}C:\program files (x86)\silkroadr\mbot_chill3r\mbot_sror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\silkroadr\mbot_chill3r\mbot_sror.exe | 
"UDP Query User{F9CDACFD-4129-49D8-8A27-C0EDEF2D5B38}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{FC6B3F6C-913B-4DC0-B019-5D8B46B3F02F}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"UDP Query User{FD480489-688A-463C-9CDA-6FF5427C5D0F}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CC44ABB-62F1-FDA7-02C8-DCCC2A239DDE}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"ESL Wire_is1" = ESL Wire 1.10.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = AMD VISION Engine Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{32A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java(TM) SE Development Kit 6 Update 25
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4150D0B5-D203-419B-9C49-9B615AF11BAF}" = Overwolf
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E3D1AC1-D48B-45F4-BAE1-91BAE7D1FE7D}_is1" = Risen HD Collector's Edition
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95723791-2C44-454B-9220-C65D47D70E9C}" = WEBZEN Browser Extension
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Counter-Strike" = Counter-Strike 1.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Locks Pro" = Locks Pro
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"c23188044ae10ee6" = Lol Account maker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.07.2012 15:33:27 | Computer Name = Kev-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.1.0.4880,
 Zeitstempel: 0x4eb75fb9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00480038  ID des fehlerhaften
 Prozesses: 0x10c4  Startzeit der fehlerhaften Anwendung: 0x01cd6834bf8c9263  Pfad der
 fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.175\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.175\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 1bd81d2b-d434-11e1-90ed-00ff01000001
 
Error - 23.07.2012 09:40:49 | Computer Name = Kev-PC | Source = BugSplat | ID = 1
Description = 
 
Error - 23.07.2012 09:42:16 | Computer Name = Kev-PC | Source = BugSplat | ID = 1
Description = 
 
Error - 23.07.2012 11:31:30 | Computer Name = Kev-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.1.0.4880,
 Zeitstempel: 0x4eb75fb9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00480038  ID des fehlerhaften
 Prozesses: 0x10b8  Startzeit der fehlerhaften Anwendung: 0x01cd68dbb628c1c2  Pfad der
 fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.175\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.175\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 78fa35c9-d4db-11e1-8c27-00ff01000001
 
Error - 24.07.2012 08:05:55 | Computer Name = Kev-PC | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 25.07.2012 12:42:36 | Computer Name = Kev-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.1.0.4880,
 Zeitstempel: 0x4eb75fb9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00480048  ID des fehlerhaften
 Prozesses: 0x7f0  Startzeit der fehlerhaften Anwendung: 0x01cd6a64e5a555bd  Pfad der
 fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.176\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.176\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: bcebe0d1-d677-11e1-a07f-00ff01000001
 
Error - 25.07.2012 22:08:33 | Computer Name = Kev-PC | Source = BugSplat | ID = 1
Description = 
 
Error - 28.07.2012 09:30:07 | Computer Name = Kev-PC | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 30.07.2012 18:08:51 | Computer Name = Kev-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: a58    Startzeit: 01cd6e9fdae87f71    Endzeit: 1    Anwendungspfad: C:\Users\Kev\Downloads\LOLPBE(1)\LOLPBE\RADS\system\rads_user_kernel.exe

Berichts-ID:
 23746baf-da93-11e1-808a-00ff01000001  
 
Error - 30.07.2012 18:09:15 | Computer Name = Kev-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 13c    Startzeit: 01cd6e9fe9059fe3    Endzeit: 1    Anwendungspfad: C:\Users\Kev\Downloads\LOLPBE(1)\LOLPBE\RADS\system\rads_user_kernel.exe

Berichts-ID:
 318d1f44-da93-11e1-808a-00ff01000001  
 
Error - 30.07.2012 18:09:42 | Computer Name = Kev-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: af4    Startzeit: 01cd6e9ff710bec3    Endzeit: 1    Anwendungspfad: C:\Users\Kev\Downloads\LOLPBE(1)\LOLPBE\RADS\system\rads_user_kernel.exe

Berichts-ID:
 3c1d17a1-da93-11e1-808a-00ff01000001  
 
[ System Events ]
Error - 02.08.2012 01:01:34 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.08.2012 01:01:34 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.08.2012 01:01:34 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.08.2012 01:01:34 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.08.2012 01:01:34 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.08.2012 01:01:34 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.08.2012 01:01:44 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.08.2012 01:02:06 | Computer Name = Kev-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 02.08.2012 01:02:06 | Computer Name = Kev-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 02.08.2012 01:02:06 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
mbam-log-2012-08-02 (07-03-40):
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Kev :: KEV-PC [Administrator]

02.08.2012 07:03:40
mbam-log-2012-08-02 (07-03-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 358871
Laufzeit: 38 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Euer
Kevin

Geändert von kev255 (02.08.2012 um 06:54 Uhr)

 

Themen zu GVU 2.07 - nun bin ich auch dran..
battle.net, code, editiert, gvu 2.07, helferlein, jdownloader, kis, langs, laufe, laufen, launch, league of legends, log, msiinstaller, nacht, plug-in, seite, spark, versuch, zufällig




Ähnliche Themen: GVU 2.07 - nun bin ich auch dran..


  1. Windows 10 Spionage, was ist dran? Tool?
    Überwachung, Datenschutz und Spam - 11.12.2015 (10)
  2. unregelmäßige Pingschwankungen - ist ein Hintergrund-Programm dran schuld?
    Log-Analyse und Auswertung - 10.06.2015 (8)
  3. Microsoft-Patchday: Jetzt ist die Kernel-Lücke dran
    Nachrichten - 05.07.2013 (0)
  4. Pc läuft plötzlich sehr langsam, PUP Installbrain dran Schuld?
    Plagegeister aller Art und deren Bekämpfung - 03.02.2013 (2)
  5. Langsames Internet- Trojaner dran schuld?
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (22)
  6. Ich auch
    Log-Analyse und Auswertung - 13.06.2012 (1)
  7. Rootkit.gen gefunden/Rootkit-Befall - Bin ich im dran? Brauche dringend Beratung !!!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (3)
  8. kazy.mekml.1 auch bei mir , ich bin auch dabei
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (13)
  9. TR/Shutdowner.fft bei mir auch Hilfe kopiert sich auch auf jede SDkarte mit ?
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (6)
  10. Oje, mein PC hängt, nachdem mein Sohn dran war...
    Plagegeister aller Art und deren Bekämpfung - 05.11.2009 (21)
  11. kein Zugriff auf C:\ und D:\ - Rootkit dran Schuld ?
    Plagegeister aller Art und deren Bekämpfung - 16.02.2009 (4)
  12. Ich bin auch noch da
    Lob, Kritik und Wünsche - 18.01.2008 (1)
  13. outlook express hängt hta virus dran und mehr
    Plagegeister aller Art und deren Bekämpfung - 11.09.2006 (2)
  14. auch ratlos hier ist auch mein logfile bitte helfen
    Mülltonne - 30.03.2006 (1)
  15. tach auch könnt ihr auch hier ein auge drauf werfen
    Log-Analyse und Auswertung - 25.02.2005 (8)
  16. auch ich.....
    Plagegeister aller Art und deren Bekämpfung - 19.12.2004 (8)
  17. Fake oder ist da was dran?
    Plagegeister aller Art und deren Bekämpfung - 31.01.2004 (5)

Zum Thema GVU 2.07 - nun bin ich auch dran.. - Sehr geehrte Helferlein, Heute Nacht hat es mich leider auch erwischt. Seit etwa 3 Uhr hock ich nun vor meiner Kiste und versuch sie wieder ans laufen zu bekommen - - GVU 2.07 - nun bin ich auch dran.....
Archiv
Du betrachtest: GVU 2.07 - nun bin ich auch dran.. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.