| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Agent.10512429.1 und Win32/Agent.SZW trojanWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.02.2013, 22:08
| #1 |
 |  TR/Agent.10512429.1 und Win32/Agent.SZW trojan Hallo, offenbar haben mich zwei Trojaner erwischt. Um den Hintergrund etwas aufzuklären muss ich etwas ausholen: Ich betreibe zwei Domains beim Strato mit verschiedenen Postfächern. Aus "alter" Zeit besitze ich auch noch zwei Postfächer bei web.de. Post, die bei den web.de-Postfächern landet, wird automatisch weitergeleitet (web.de1 -> strato1, web.de2 -> strato2). Die web.de Postfächer schaue ich mir seit Langem nicht mehr an, sonderen dort lese eigehende Emails über die strato-Accounts. Seit einiger Zeit bekomme ich seltsame Emails (Beispielmail s.u.). Nach etwas Recherche bin ich auf dieses Board aufmerksam geworden und habe daher meinen PC einem SystemScan mit Antivir unterzogen. Der Scan zeigte den Fund TR/Agent.10512429.1 in der Datei D:\050 Programme\Logon Tweaker\Win7 Logon Tweaker x64 v5.90.exe. Diese datei habe ich direkt in Quarantäne verschoben (Antivir Scan-Log s.u.). Daraufhin habe ich einen Scan mit Kaspersky TDSSKiller durchgeführt. Hierbei ist mir besonders die Info bezüglich der Datei sptd augefallen. Ich habe auch hierzu recherchiert und einen Hinweis auf sptd.sys gefunden. Diese Datei ist in menem System vorhanden und kann nicht kopiert werden, da sie angeblich geöffnet ist. In der Command Shell habe ich mit Openfiles aber keinen Hinweis gefunden, dass diese Datei tatsächlich geöffnet ist. In der Registry gibt es 3 Einträge zu sptd.sys, keiner dieser Einträge kann gelöscht werden (die Exports aus der Registry zu diesen Einträgen kann ich bei Bedarf posten). Im Anschluss habe ich einen Scan mit Malwarebytes durchgeführt (vorher manuelles Update durchgeführt). Hier gab es keine Funde (Log s.u.). Abschließen habe ich noch einen Scan mit dem ESET Online Scanner, wie im Beitrag TR/Agent.53248 beschrieben durchgeführt. Bei diesem Scan habe ich noch meine 2 externen USB-Platten uns einen USB-Stick angeschlossen. Ergebnis: C:\Users\### mein Username ###\AppData\Local\TempImages\AutoUpdate.exe a variant of Win32/Agent.SZW trojan K:\GOLLUM\Backup Set 2010-03-01 101807\Backup Files 2010-08-30 091023\Backup files 15.zip a variant of Win32/Agent.SZW trojan Das ESET-Logfile ist ganz unten angehängt. Als erste Konsequenz habe ich zunächst sämtliche Email-Accounts von einem sauberen Rechner aus mit neuen Passworten versehen. Nun ergeben sich für mich ein paar wichtige Fragen: Die Email-Frage: Zunächst ist mir unklar, ob die Email tatsächlich von einem meiner Accounts initiiert werden oder es sich um Spam-mails von Fremden handelt, die durch einen Spamfilter zurückgewiesen werden und durch meine Weiterleitung nun dieses Format haben. Kann das jemand erkennen? Zum zweiten die beiden Trojaner: Was tun die bzw. haben die getan (Win32/Agent.SZW scheint schon länger da zu sein)? Da ich meinen PC nicht nur für das lesen von Emails nutze, bin ich nicht sicher, welche weiteren Accounts ggf. kompromittiert sind (Shopping-Accounts, Foren-Accounts etc.) Und zum Schluss das Wichtigste: Wie bekomme ich die Trojaner aus meinem System? Schon mal vorab vielen Dank für die Geduld diesen Beitrag zu lesen und mir ggf. sogar noch zu helfen! Beispiel-Email: Code:
ATTFilter From: - Tue Feb 05 19:43:57 2013
X-Account-Key: account8
X-UIDL: 3c02db547b4607d8fc85ceb5150e36c3
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Envelope-From: <>
X-Envelope-To: <### meine Strato-Email-Adresse ###>
X-Delivery-Time: 1360059109
X-UID: 1158
X-RZG-MI-VALUES: bm=0 mafl=80000021 sh=0 du=0 sp=2,1 vv=1 nf=0
X-Strato-MessageType: email
Message-ID: <w024efp159xvPF.RZmta@mailin.rzone.de>
X-RZG-CLASS-ID: mi
Received: from mout-bounce.web.de ([212.227.15.26]) by mailin.rzone.de (joses mi7) (RZmta 31.14 OK) with ESMTP id w024efp159xvPF for <### meine Strato-Email-Adresse ###>; Tue, 5 Feb 2013 11:05:28 +0100 (CET)
Received: from mout-bounce.web.de ([212.227.15.26]) by mx-ha.web.de (mxweb105) with ESMTP (Nemesis) id 0M7Zgh-1Uqlqy3JRP-00xEee for <### meine Strato-Email-Adresse ###>; Tue, 05 Feb 2013 11:05:27 +0100
Received: from mda by moweb001.kundenserver.de id 0LbOc2-1UnIx31IUc-00kw9X Tue, 05 Feb 2013 11:05:27 +0100
Date: Tue, 05 Feb 2013 11:05:27 +0100
From: <keineantwortadresse@web.de>
To: ### meine Email-Adresse bei web.de ###@web.de
Subject: Mail delivery failed: returning message to sender
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:
"### meine Strato-Email-Adresse ###":
SMTP error from remote server after transfer of mail text:
host: mailin.rzone.de
5.7.1 Recipients have complained about included content (B-URL)
--- The header of the original message is following. ---
Received: from nice.az ([78.188.17.161]) by mx-ha.web.de (mxweb001) with ESMTP
(Nemesis) id 0LxQ6c-1V0Pxb46fK-017GUs for <### meine Strato-Email-Adresse ###>; Tue, 05 Feb
2013 11:05:27 +0100
Received: by %192.167.87.115; Tue, 05 Feb 2013 10:56:15 +0100
From: "Joel Baumann" <nvjt@gmx.com>
Reply-To: "Joel Baumann" <nvjt@gmx.com>
To: hanischeleonore@web.de
Subject: wichtig
Date: Tue, 05 Feb 2013 03:03:15 -0700
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain;
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 5. Februar 2013 20:10
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : ### mein User ###
Computername : GOLLUM
Versionsinformationen:
BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 11.12.2012 12:21:19
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 12:21:19
LUKE.DLL : 13.6.0.400 67360 Bytes 11.12.2012 12:21:38
AVSCPLR.DLL : 13.6.0.628 94432 Bytes 05.02.2013 12:24:15
AVREG.DLL : 13.6.0.600 250592 Bytes 05.02.2013 12:24:15
avlode.dll : 13.6.2.624 434912 Bytes 05.02.2013 12:24:15
avlode.rdf : 13.0.0.36 10917 Bytes 29.01.2013 12:23:39
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 14:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 14:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 12:21:31
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 12:22:28
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 12:22:28
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 12:22:28
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 12:22:28
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 12:22:28
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 12:22:29
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 18:22:45
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 18:23:12
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 00:22:53
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 12:22:56
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 18:23:07
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 12:23:12
VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 18:23:32
VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 00:23:38
VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 12:24:01
VBASE023.VDF : 7.11.58.49 140288 Bytes 22.01.2013 18:24:21
VBASE024.VDF : 7.11.58.119 137728 Bytes 24.01.2013 12:23:11
VBASE025.VDF : 7.11.58.175 132608 Bytes 25.01.2013 00:23:20
VBASE026.VDF : 7.11.58.213 116736 Bytes 27.01.2013 12:23:32
VBASE027.VDF : 7.11.59.68 1887744 Bytes 31.01.2013 12:23:52
VBASE028.VDF : 7.11.59.159 431104 Bytes 04.02.2013 18:24:06
VBASE029.VDF : 7.11.59.192 1093120 Bytes 05.02.2013 18:24:11
VBASE030.VDF : 7.11.59.193 2048 Bytes 05.02.2013 18:24:12
VBASE031.VDF : 7.11.59.204 20992 Bytes 05.02.2013 18:24:12
Engineversion : 8.2.10.246
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 14:42:55
AESCRIPT.DLL : 8.1.4.86 467323 Bytes 31.01.2013 18:23:56
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 18:21:57
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 16:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 18:23:22
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 18:21:19
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 06.11.2012 12:20:55
AEHEUR.DLL : 8.1.4.194 5710199 Bytes 01.02.2013 18:24:04
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 15:52:32
AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 18:23:14
AEEXP.DLL : 8.3.0.18 188789 Bytes 31.01.2013 18:23:57
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 14:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 18:21:55
AEBB.DLL : 8.1.1.4 53619 Bytes 06.11.2012 12:20:51
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 18:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 11.12.2012 12:21:18
AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 12:24:15
AVARKT.DLL : 13.6.0.402 260384 Bytes 11.12.2012 12:21:13
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 11.12.2012 12:21:16
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 18:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 18:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 11.12.2012 12:21:39
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 12:21:12
RCTEXT.DLL : 13.4.0.360 68384 Bytes 11.12.2012 12:21:12
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Dienstag, 5. Februar 2013 20:10
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '152' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Fuel.Service.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesService64.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesApp64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '220' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCore.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '148' Modul(e) wurden durchsucht
Durchsuche Prozess 'FwebProt.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'LANMessenger.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'StCenter.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDRSS.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDClock.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '187' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Uedit32.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'prevhost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'xpsrchvw.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'msiexec.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehshell.exe' - '192' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehRecvr.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehsched.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'EhTray.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcGlidHost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '39' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '11759' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\' <Data_Extension>
[0] Archivtyp: Runtime Packed
--> D:\010 Data\FF-Downloads\jxpiinstall.exe
[1] Archivtyp: Runtime Packed
--> \\?\D:\010 Data\tmp\Argo\data.cab.001
[WARNUNG] Die Datei konnte nicht gelesen werden!
D:\010 Data\tmp\Argo\data.cab.001
[WARNUNG] Die Datei konnte nicht gelesen werden!
D:\050 Programme\Logon Tweaker\Win7 Logon Tweaker x64 v5.90.exe
[FUND] Ist das Trojanische Pferd TR/Agent.10512429.1
Beginne mit der Desinfektion:
D:\050 Programme\Logon Tweaker\Win7 Logon Tweaker x64 v5.90.exe
[FUND] Ist das Trojanische Pferd TR/Agent.10512429.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53f024c0.qua' verschoben!
Ende des Suchlaufs: Dienstag, 5. Februar 2013 23:42
Benötigte Zeit: 3:29:27 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
55216 Verzeichnisse wurden überprüft
2510418 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
2510417 Dateien ohne Befall
31098 Archive wurden durchsucht
1 Warnungen
1 Hinweise
Code:
ATTFilter 23:46:24.0549 1496 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:46:24.0846 1496 ============================================================
23:46:24.0846 1496 Current date / time: 2013/02/05 23:46:24.0846
23:46:24.0846 1496 SystemInfo:
23:46:24.0846 1496
23:46:24.0846 1496 OS Version: 6.1.7601 ServicePack: 1.0
23:46:24.0846 1496 Product type: Workstation
23:46:24.0846 1496 ComputerName: GOLLUM
23:46:24.0846 1496 UserName: Marcus
23:46:24.0846 1496 Windows directory: C:\Windows
23:46:24.0846 1496 System windows directory: C:\Windows
23:46:24.0846 1496 Running under WOW64
23:46:24.0846 1496 Processor architecture: Intel x64
23:46:24.0846 1496 Number of processors: 2
23:46:24.0846 1496 Page size: 0x1000
23:46:24.0846 1496 Boot type: Normal boot
23:46:24.0846 1496 ============================================================
23:46:26.0049 1496 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:46:26.0049 1496 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C100DE00 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:46:26.0049 1496 Drive \Device\Harddisk2\DR2 - Size: 0x3BB63FE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:46:26.0065 1496 ============================================================
23:46:26.0065 1496 \Device\Harddisk0\DR0:
23:46:26.0081 1496 MBR partitions:
23:46:26.0081 1496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A351800
23:46:26.0081 1496 \Device\Harddisk1\DR1:
23:46:26.0081 1496 MBR partitions:
23:46:26.0081 1496 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
23:46:26.0081 1496 \Device\Harddisk2\DR2:
23:46:26.0081 1496 MBR partitions:
23:46:26.0081 1496 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92
23:46:26.0081 1496 ============================================================
23:46:26.0174 1496 C: <-> \Device\Harddisk0\DR0\Partition1
23:46:26.0221 1496 D: <-> \Device\Harddisk1\DR1\Partition1
23:46:26.0221 1496 ============================================================
23:46:26.0221 1496 Initialize success
23:46:26.0221 1496 ============================================================
23:46:42.0612 0960 ============================================================
23:46:42.0612 0960 Scan started
23:46:42.0612 0960 Mode: Manual; SigCheck; TDLFS;
23:46:42.0612 0960 ============================================================
23:46:43.0971 0960 ================ Scan system memory ========================
23:46:43.0971 0960 System memory - ok
23:46:43.0971 0960 ================ Scan services =============================
23:46:44.0081 0960 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:46:44.0174 0960 1394ohci - ok
23:46:44.0221 0960 [ 6CE02D42183CDF31315F208AE35F153F ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
23:46:44.0284 0960 acedrv11 - ok
23:46:44.0299 0960 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:46:44.0315 0960 ACPI - ok
23:46:44.0331 0960 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:46:44.0377 0960 AcpiPmi - ok
23:46:44.0440 0960 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:46:44.0456 0960 AdobeARMservice - ok
23:46:44.0581 0960 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:46:44.0596 0960 AdobeFlashPlayerUpdateSvc - ok
23:46:44.0627 0960 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:46:44.0643 0960 adp94xx - ok
23:46:44.0659 0960 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:46:44.0690 0960 adpahci - ok
23:46:44.0706 0960 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:46:44.0721 0960 adpu320 - ok
23:46:44.0737 0960 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:46:45.0034 0960 AeLookupSvc - ok
23:46:45.0081 0960 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:46:45.0143 0960 AFD - ok
23:46:45.0174 0960 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:46:45.0174 0960 agp440 - ok
23:46:45.0206 0960 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:46:45.0237 0960 ALG - ok
23:46:45.0252 0960 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:46:45.0268 0960 aliide - ok
23:46:45.0284 0960 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:46:45.0362 0960 AMD External Events Utility - ok
23:46:45.0440 0960 AMD FUEL Service - ok
23:46:45.0440 0960 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:46:45.0456 0960 amdide - ok
23:46:45.0471 0960 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
23:46:45.0487 0960 amdiox64 - ok
23:46:45.0518 0960 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:46:45.0596 0960 AmdK8 - ok
23:46:45.0768 0960 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:46:45.0987 0960 amdkmdag - ok
23:46:46.0018 0960 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:46:46.0049 0960 amdkmdap - ok
23:46:46.0065 0960 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:46:46.0096 0960 AmdPPM - ok
23:46:46.0127 0960 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:46:46.0143 0960 amdsata - ok
23:46:46.0174 0960 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:46:46.0190 0960 amdsbs - ok
23:46:46.0206 0960 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:46:46.0221 0960 amdxata - ok
23:46:46.0268 0960 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:46:46.0284 0960 AntiVirSchedulerService - ok
23:46:46.0315 0960 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:46:46.0331 0960 AntiVirService - ok
23:46:46.0377 0960 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:46:46.0518 0960 AppID - ok
23:46:46.0534 0960 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:46:46.0581 0960 AppIDSvc - ok
23:46:46.0627 0960 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:46:46.0659 0960 Appinfo - ok
23:46:46.0690 0960 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:46:46.0706 0960 Apple Mobile Device - ok
23:46:46.0706 0960 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:46:46.0721 0960 arc - ok
23:46:46.0737 0960 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:46:46.0752 0960 arcsas - ok
23:46:46.0831 0960 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:46:46.0846 0960 aspnet_state - ok
23:46:46.0862 0960 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:46:46.0893 0960 AsyncMac - ok
23:46:46.0924 0960 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:46:46.0924 0960 atapi - ok
23:46:46.0956 0960 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:46:46.0971 0960 AtiHDAudioService - ok
23:46:47.0127 0960 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:46:47.0237 0960 atikmdag - ok
23:46:47.0284 0960 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:46:47.0346 0960 AudioEndpointBuilder - ok
23:46:47.0362 0960 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:46:47.0393 0960 AudioSrv - ok
23:46:47.0424 0960 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:46:47.0440 0960 avgntflt - ok
23:46:47.0456 0960 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:46:47.0471 0960 avipbb - ok
23:46:47.0487 0960 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:46:47.0502 0960 avkmgr - ok
23:46:47.0549 0960 [ BD39D7CFD9D6A73396B618113A8E8D57 ] avmaudio C:\Windows\system32\DRIVERS\avmaudio.sys
23:46:47.0596 0960 avmaudio - ok
23:46:47.0643 0960 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:46:47.0706 0960 AxInstSV - ok
23:46:47.0737 0960 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:46:47.0784 0960 b06bdrv - ok
23:46:47.0799 0960 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:46:47.0846 0960 b57nd60a - ok
23:46:47.0862 0960 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:46:47.0893 0960 BDESVC - ok
23:46:47.0893 0960 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:46:47.0924 0960 Beep - ok
23:46:47.0987 0960 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:46:48.0034 0960 BFE - ok
23:46:48.0096 0960 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:46:48.0159 0960 BITS - ok
23:46:48.0174 0960 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:46:48.0190 0960 blbdrive - ok
23:46:48.0221 0960 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:46:48.0237 0960 Bonjour Service - ok
23:46:48.0252 0960 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:46:48.0299 0960 bowser - ok
23:46:48.0315 0960 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:46:48.0331 0960 BrFiltLo - ok
23:46:48.0346 0960 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:46:48.0346 0960 BrFiltUp - ok
23:46:48.0377 0960 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:46:48.0424 0960 Browser - ok
23:46:48.0440 0960 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:46:48.0487 0960 Brserid - ok
23:46:48.0502 0960 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:46:48.0518 0960 BrSerWdm - ok
23:46:48.0518 0960 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:46:48.0549 0960 BrUsbMdm - ok
23:46:48.0565 0960 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:46:48.0581 0960 BrUsbSer - ok
23:46:48.0596 0960 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:46:48.0627 0960 BTHMODEM - ok
23:46:48.0643 0960 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:46:48.0674 0960 bthserv - ok
23:46:48.0690 0960 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:46:48.0721 0960 cdfs - ok
23:46:48.0737 0960 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:46:48.0752 0960 cdrom - ok
23:46:48.0784 0960 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:46:48.0831 0960 CertPropSvc - ok
23:46:48.0846 0960 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:46:48.0862 0960 circlass - ok
23:46:48.0893 0960 [ 125327DF629324FAD78D9A95CCD0F425 ] CLBStor C:\Windows\system32\DRIVERS\CLBStor.sys
23:46:48.0893 0960 CLBStor - ok
23:46:48.0924 0960 [ 9C0CD75FEA24E7E0E835EEE7F14406F7 ] CLBUDF C:\Windows\system32\drivers\CLBUDF.sys
23:46:48.0940 0960 CLBUDF - ok
23:46:48.0956 0960 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:46:48.0987 0960 CLFS - ok
23:46:49.0049 0960 [ 4642B5A3E0D2E61D08163DE95FC5B949 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
23:46:49.0065 0960 CLKMSVC10_9EC60124 - ok
23:46:49.0112 0960 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:46:49.0127 0960 clr_optimization_v2.0.50727_32 - ok
23:46:49.0159 0960 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:46:49.0174 0960 clr_optimization_v2.0.50727_64 - ok
23:46:49.0206 0960 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:46:49.0221 0960 clr_optimization_v4.0.30319_32 - ok
23:46:49.0237 0960 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:46:49.0252 0960 clr_optimization_v4.0.30319_64 - ok
23:46:49.0268 0960 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:46:49.0284 0960 CmBatt - ok
23:46:49.0299 0960 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:46:49.0315 0960 cmdide - ok
23:46:49.0346 0960 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:46:49.0377 0960 CNG - ok
23:46:49.0393 0960 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:46:49.0409 0960 Compbatt - ok
23:46:49.0424 0960 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:46:49.0440 0960 CompositeBus - ok
23:46:49.0440 0960 COMSysApp - ok
23:46:49.0456 0960 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:46:49.0471 0960 crcdisk - ok
23:46:49.0518 0960 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:46:49.0596 0960 CryptSvc - ok
23:46:49.0643 0960 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:46:49.0690 0960 DcomLaunch - ok
23:46:49.0721 0960 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:46:49.0768 0960 defragsvc - ok
23:46:49.0815 0960 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:46:49.0846 0960 DfsC - ok
23:46:49.0877 0960 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:46:49.0924 0960 Dhcp - ok
23:46:49.0940 0960 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:46:49.0971 0960 discache - ok
23:46:50.0002 0960 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:46:50.0018 0960 Disk - ok
23:46:50.0034 0960 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:46:50.0065 0960 Dnscache - ok
23:46:50.0112 0960 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:46:50.0174 0960 dot3svc - ok
23:46:50.0221 0960 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:46:50.0252 0960 DPS - ok
23:46:50.0284 0960 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:46:50.0299 0960 drmkaud - ok
23:46:50.0346 0960 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:46:50.0393 0960 DXGKrnl - ok
23:46:50.0424 0960 EagleX64 - ok
23:46:50.0440 0960 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:46:50.0471 0960 EapHost - ok
23:46:50.0534 0960 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:46:50.0627 0960 ebdrv - ok
23:46:50.0643 0960 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:46:50.0674 0960 EFS - ok
23:46:50.0721 0960 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:46:50.0752 0960 ehRecvr - ok
23:46:50.0768 0960 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:46:50.0784 0960 ehSched - ok
23:46:50.0815 0960 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:46:50.0831 0960 elxstor - ok
23:46:50.0862 0960 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:46:50.0877 0960 ErrDev - ok
23:46:50.0909 0960 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:46:50.0940 0960 EventSystem - ok
23:46:50.0971 0960 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:46:51.0018 0960 exfat - ok
23:46:51.0034 0960 Fabs - ok
23:46:51.0049 0960 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:46:51.0081 0960 fastfat - ok
23:46:51.0143 0960 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:46:51.0190 0960 Fax - ok
23:46:51.0190 0960 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:46:51.0221 0960 fdc - ok
23:46:51.0221 0960 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:46:51.0268 0960 fdPHost - ok
23:46:51.0268 0960 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:46:51.0299 0960 FDResPub - ok
23:46:51.0299 0960 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:46:51.0315 0960 FileInfo - ok
23:46:51.0331 0960 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:46:51.0362 0960 Filetrace - ok
23:46:51.0362 0960 FirebirdServerMAGIXInstance - ok
23:46:51.0377 0960 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:46:51.0393 0960 flpydisk - ok
23:46:51.0424 0960 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:46:51.0440 0960 FltMgr - ok
23:46:51.0471 0960 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:46:51.0518 0960 FontCache - ok
23:46:51.0549 0960 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:46:51.0565 0960 FontCache3.0.0.0 - ok
23:46:51.0581 0960 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:46:51.0581 0960 FsDepends - ok
23:46:51.0596 0960 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:46:51.0612 0960 Fs_Rec - ok
23:46:51.0659 0960 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:46:51.0690 0960 fvevol - ok
23:46:51.0690 0960 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:46:51.0706 0960 gagp30kx - ok
23:46:51.0752 0960 [ 5EA3B256225D79A4B07A2CAC6276B23D ] gdrv C:\Windows\gdrv.sys
23:46:51.0768 0960 gdrv - ok
23:46:51.0784 0960 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:46:51.0784 0960 GEARAspiWDM - ok
23:46:51.0846 0960 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:46:51.0893 0960 gpsvc - ok
23:46:51.0924 0960 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:46:51.0940 0960 gupdate - ok
23:46:51.0940 0960 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:46:51.0956 0960 gupdatem - ok
23:46:51.0987 0960 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
23:46:52.0002 0960 hamachi - ok
23:46:52.0018 0960 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:46:52.0049 0960 hcw85cir - ok
23:46:52.0081 0960 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:46:52.0112 0960 HdAudAddService - ok
23:46:52.0112 0960 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:46:52.0127 0960 HDAudBus - ok
23:46:52.0143 0960 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:46:52.0159 0960 HidBatt - ok
23:46:52.0159 0960 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:46:52.0174 0960 HidBth - ok
23:46:52.0190 0960 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:46:52.0221 0960 HidIr - ok
23:46:52.0237 0960 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:46:52.0284 0960 hidserv - ok
23:46:52.0299 0960 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:46:52.0315 0960 HidUsb - ok
23:46:52.0362 0960 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:46:52.0393 0960 hkmsvc - ok
23:46:52.0424 0960 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:46:52.0456 0960 HomeGroupListener - ok
23:46:52.0502 0960 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:46:52.0518 0960 HomeGroupProvider - ok
23:46:52.0518 0960 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:46:52.0534 0960 HpSAMD - ok
23:46:52.0596 0960 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:46:52.0643 0960 HTTP - ok
23:46:52.0674 0960 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:46:52.0690 0960 hwpolicy - ok
23:46:52.0706 0960 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:46:52.0721 0960 i8042prt - ok
23:46:52.0737 0960 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:46:52.0752 0960 iaStorV - ok
23:46:52.0815 0960 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:46:52.0846 0960 idsvc - ok
23:46:52.0909 0960 [ AC9EBDE25DB39A35E1CEB0441BA7A464 ] IGDCTRL C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
23:46:52.0924 0960 IGDCTRL - ok
23:46:52.0940 0960 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:46:52.0940 0960 iirsp - ok
23:46:52.0987 0960 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:46:53.0049 0960 IKEEXT - ok
23:46:53.0143 0960 [ A4A57A57020849117EF7B1D905F2A16A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:46:53.0237 0960 IntcAzAudAddService - ok
23:46:53.0252 0960 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:46:53.0268 0960 intelide - ok
23:46:53.0284 0960 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:46:53.0299 0960 intelppm - ok
23:46:53.0315 0960 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:46:53.0362 0960 IPBusEnum - ok
23:46:53.0393 0960 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:46:53.0424 0960 IpFilterDriver - ok
23:46:53.0471 0960 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:46:53.0518 0960 iphlpsvc - ok
23:46:53.0534 0960 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:46:53.0549 0960 IPMIDRV - ok
23:46:53.0565 0960 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:46:53.0612 0960 IPNAT - ok
23:46:53.0659 0960 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:46:53.0674 0960 iPod Service - ok
23:46:53.0706 0960 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:46:53.0721 0960 IRENUM - ok
23:46:53.0737 0960 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:46:53.0752 0960 isapnp - ok
23:46:53.0768 0960 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:46:53.0784 0960 iScsiPrt - ok
23:46:53.0799 0960 [ 0C6635413077E415CA31AD2F4E648FC1 ] IT9135BDA C:\Windows\system32\Drivers\IT9135BDA.sys
23:46:53.0831 0960 IT9135BDA - ok
23:46:53.0862 0960 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:46:53.0862 0960 kbdclass - ok
23:46:53.0877 0960 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:46:53.0893 0960 kbdhid - ok
23:46:53.0909 0960 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:46:53.0924 0960 KeyIso - ok
23:46:53.0940 0960 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:46:53.0956 0960 KSecDD - ok
23:46:53.0971 0960 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:46:53.0987 0960 KSecPkg - ok
23:46:53.0987 0960 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:46:54.0034 0960 ksthunk - ok
23:46:54.0065 0960 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:46:54.0096 0960 KtmRm - ok
23:46:54.0159 0960 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:46:54.0190 0960 LanmanServer - ok
23:46:54.0237 0960 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:46:54.0268 0960 LanmanWorkstation - ok
23:46:54.0284 0960 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
23:46:54.0299 0960 LGBusEnum - ok
23:46:54.0315 0960 [ 14179E7B64F8A17AEA464D4E2D271FAA ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
23:46:54.0331 0960 LGSHidFilt - ok
23:46:54.0346 0960 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
23:46:54.0346 0960 LGVirHid - ok
23:46:54.0377 0960 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:46:54.0393 0960 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:46:54.0393 0960 LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:46:54.0409 0960 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:46:54.0440 0960 lltdio - ok
23:46:54.0456 0960 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:46:54.0502 0960 lltdsvc - ok
23:46:54.0534 0960 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:46:54.0565 0960 lmhosts - ok
23:46:54.0581 0960 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:46:54.0596 0960 LSI_FC - ok
23:46:54.0612 0960 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:46:54.0627 0960 LSI_SAS - ok
23:46:54.0643 0960 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:46:54.0659 0960 LSI_SAS2 - ok
23:46:54.0674 0960 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:46:54.0690 0960 LSI_SCSI - ok
23:46:54.0721 0960 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:46:54.0752 0960 luafv - ok
23:46:54.0784 0960 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:46:54.0799 0960 Mcx2Svc - ok
23:46:54.0815 0960 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:46:54.0831 0960 megasas - ok
23:46:54.0846 0960 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:46:54.0862 0960 MegaSR - ok
23:46:54.0877 0960 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:46:54.0909 0960 MMCSS - ok
23:46:54.0924 0960 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:46:54.0956 0960 Modem - ok
23:46:54.0971 0960 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:46:54.0987 0960 monitor - ok
23:46:55.0002 0960 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:46:55.0002 0960 mouclass - ok
23:46:55.0034 0960 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:46:55.0034 0960 mouhid - ok
23:46:55.0065 0960 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:46:55.0081 0960 mountmgr - ok
23:46:55.0127 0960 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:46:55.0143 0960 MozillaMaintenance - ok
23:46:55.0159 0960 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:46:55.0174 0960 mpio - ok
23:46:55.0190 0960 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:46:55.0221 0960 mpsdrv - ok
23:46:55.0284 0960 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:46:55.0362 0960 MpsSvc - ok
23:46:55.0393 0960 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:46:55.0424 0960 MRxDAV - ok
23:46:55.0440 0960 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:46:55.0487 0960 mrxsmb - ok
23:46:55.0518 0960 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:46:55.0534 0960 mrxsmb10 - ok
23:46:55.0549 0960 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:46:55.0565 0960 mrxsmb20 - ok
23:46:55.0581 0960 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:46:55.0581 0960 msahci - ok
23:46:55.0596 0960 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:46:55.0612 0960 msdsm - ok
23:46:55.0627 0960 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:46:55.0643 0960 MSDTC - ok
23:46:55.0659 0960 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:46:55.0690 0960 Msfs - ok
23:46:55.0706 0960 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:46:55.0737 0960 mshidkmdf - ok
23:46:55.0752 0960 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:46:55.0768 0960 msisadrv - ok
23:46:55.0784 0960 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:46:55.0815 0960 MSiSCSI - ok
23:46:55.0831 0960 msiserver - ok
23:46:55.0846 0960 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:46:55.0893 0960 MSKSSRV - ok
23:46:55.0909 0960 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:46:55.0940 0960 MSPCLOCK - ok
23:46:55.0956 0960 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:46:56.0002 0960 MSPQM - ok
23:46:56.0034 0960 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:46:56.0049 0960 MsRPC - ok
23:46:56.0065 0960 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:46:56.0081 0960 mssmbios - ok
23:46:56.0159 0960 MSSQL$SQLEXPRESS - ok
23:46:56.0206 0960 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
23:46:56.0206 0960 MSSQLServerADHelper100 - ok
23:46:56.0221 0960 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:46:56.0252 0960 MSTEE - ok
23:46:56.0362 0960 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
23:46:56.0471 0960 msvsmon90 - ok
23:46:56.0502 0960 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:46:56.0518 0960 MTConfig - ok
23:46:56.0518 0960 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:46:56.0534 0960 Mup - ok
23:46:56.0549 0960 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:46:56.0596 0960 napagent - ok
23:46:56.0627 0960 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:46:56.0659 0960 NativeWifiP - ok
23:46:56.0706 0960 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:46:56.0737 0960 NDIS - ok
23:46:56.0752 0960 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:46:56.0784 0960 NdisCap - ok
23:46:56.0799 0960 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:46:56.0831 0960 NdisTapi - ok
23:46:56.0877 0960 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:46:56.0909 0960 Ndisuio - ok
23:46:56.0940 0960 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:46:56.0987 0960 NdisWan - ok
23:46:57.0018 0960 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:46:57.0049 0960 NDProxy - ok
23:46:57.0065 0960 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:46:57.0112 0960 NetBIOS - ok
23:46:57.0143 0960 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:46:57.0190 0960 NetBT - ok
23:46:57.0190 0960 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:46:57.0206 0960 Netlogon - ok
23:46:57.0237 0960 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:46:57.0284 0960 Netman - ok
23:46:57.0299 0960 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:46:57.0315 0960 NetMsmqActivator - ok
23:46:57.0331 0960 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:46:57.0331 0960 NetPipeActivator - ok
23:46:57.0346 0960 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:46:57.0393 0960 netprofm - ok
23:46:57.0393 0960 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:46:57.0409 0960 NetTcpActivator - ok
23:46:57.0409 0960 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:46:57.0424 0960 NetTcpPortSharing - ok
23:46:57.0440 0960 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:46:57.0440 0960 nfrd960 - ok
23:46:57.0471 0960 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:46:57.0502 0960 NlaSvc - ok
23:46:57.0596 0960 [ F554C5FD7BD1EFA4DA5CFE2EED86391F ] nm3 C:\Windows\system32\DRIVERS\nm3.sys
23:46:57.0596 0960 nm3 - ok
23:46:57.0612 0960 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:46:57.0643 0960 Npfs - ok
23:46:57.0643 0960 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:46:57.0690 0960 nsi - ok
23:46:57.0690 0960 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:46:57.0737 0960 nsiproxy - ok
23:46:57.0799 0960 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:46:57.0846 0960 Ntfs - ok
23:46:57.0862 0960 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:46:57.0893 0960 Null - ok
23:46:57.0940 0960 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
23:46:57.0956 0960 NVENETFD - ok
23:46:57.0987 0960 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:46:58.0002 0960 nvraid - ok
23:46:58.0018 0960 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:46:58.0018 0960 nvstor - ok
23:46:58.0065 0960 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:46:58.0127 0960 nv_agp - ok
23:46:58.0159 0960 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:46:58.0174 0960 ohci1394 - ok
23:46:58.0221 0960 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:46:58.0237 0960 ose - ok
23:46:58.0346 0960 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:46:58.0471 0960 osppsvc - ok
23:46:58.0487 0960 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:46:58.0549 0960 p2pimsvc - ok
23:46:58.0565 0960 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:46:58.0596 0960 p2psvc - ok
23:46:58.0596 0960 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:46:58.0612 0960 Parport - ok
23:46:58.0627 0960 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:46:58.0643 0960 partmgr - ok
23:46:58.0659 0960 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:46:58.0690 0960 PcaSvc - ok
23:46:58.0690 0960 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:46:58.0706 0960 pci - ok
23:46:58.0721 0960 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:46:58.0721 0960 pciide - ok
23:46:58.0737 0960 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:46:58.0752 0960 pcmcia - ok
23:46:58.0768 0960 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:46:58.0768 0960 pcw - ok
23:46:58.0799 0960 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:46:58.0846 0960 PEAUTH - ok
23:46:58.0909 0960 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:46:58.0924 0960 PerfHost - ok
23:46:58.0987 0960 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:46:59.0065 0960 pla - ok
23:46:59.0096 0960 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:46:59.0127 0960 PlugPlay - ok
23:46:59.0143 0960 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:46:59.0159 0960 PNRPAutoReg - ok
23:46:59.0174 0960 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:46:59.0174 0960 PNRPsvc - ok
23:46:59.0221 0960 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:46:59.0268 0960 PolicyAgent - ok
23:46:59.0299 0960 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:46:59.0331 0960 Power - ok
23:46:59.0362 0960 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:46:59.0393 0960 PptpMiniport - ok
23:46:59.0409 0960 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:46:59.0424 0960 Processor - ok
23:46:59.0456 0960 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:46:59.0502 0960 ProfSvc - ok
23:46:59.0518 0960 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:46:59.0534 0960 ProtectedStorage - ok
23:46:59.0565 0960 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:46:59.0612 0960 Psched - ok
23:46:59.0643 0960 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:46:59.0706 0960 ql2300 - ok
23:46:59.0721 0960 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:46:59.0721 0960 ql40xx - ok
23:46:59.0752 0960 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:46:59.0784 0960 QWAVE - ok
23:46:59.0799 0960 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:46:59.0831 0960 QWAVEdrv - ok
23:46:59.0831 0960 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:46:59.0877 0960 RasAcd - ok
23:46:59.0893 0960 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:46:59.0924 0960 RasAgileVpn - ok
23:46:59.0940 0960 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:46:59.0971 0960 RasAuto - ok
23:47:00.0002 0960 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:47:00.0034 0960 Rasl2tp - ok
23:47:00.0081 0960 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:47:00.0127 0960 RasMan - ok
23:47:00.0127 0960 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:47:00.0174 0960 RasPppoe - ok
23:47:00.0190 0960 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:47:00.0221 0960 RasSstp - ok
23:47:00.0221 0960 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:47:00.0268 0960 rdbss - ok
23:47:00.0284 0960 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:47:00.0299 0960 rdpbus - ok
23:47:00.0299 0960 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:47:00.0346 0960 RDPCDD - ok
23:47:00.0362 0960 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:47:00.0393 0960 RDPENCDD - ok
23:47:00.0409 0960 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:47:00.0440 0960 RDPREFMP - ok
23:47:00.0471 0960 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:47:00.0487 0960 RDPWD - ok
23:47:00.0534 0960 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:47:00.0549 0960 rdyboost - ok
23:47:00.0565 0960 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:47:00.0596 0960 RemoteAccess - ok
23:47:00.0612 0960 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:47:00.0659 0960 RemoteRegistry - ok
23:47:00.0674 0960 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:47:00.0721 0960 RpcEptMapper - ok
23:47:00.0737 0960 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:47:00.0752 0960 RpcLocator - ok
23:47:00.0784 0960 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:47:00.0815 0960 RpcSs - ok
23:47:00.0831 0960 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:47:00.0862 0960 rspndr - ok
23:47:00.0909 0960 [ C20F64FCD5E2B40310A1774495877ACD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
23:47:00.0924 0960 RTHDMIAzAudService - ok
23:47:00.0956 0960 [ 248ABD858FF7DCC966E5A54529DDD225 ] SaiHA501 C:\Windows\system32\DRIVERS\SaiHA501.sys
23:47:00.0971 0960 SaiHA501 - ok
23:47:00.0987 0960 [ 4E0E0D54F4A812F307BE9A31DAC5E8AB ] SaiLA501 C:\Windows\system32\DRIVERS\SaiLA501.sys
23:47:01.0002 0960 SaiLA501 - ok
23:47:01.0049 0960 [ 296D0CC623EEB6D2B9800AD421F9116A ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
23:47:01.0065 0960 SaiMini - ok
23:47:01.0081 0960 [ 6A77D63B566DF14DA0E7DD0D2C594EF7 ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
23:47:01.0112 0960 SaiNtBus - ok
23:47:01.0127 0960 [ 547B16D072A3AFCE5807BE20C3F4734B ] SaiUA501 C:\Windows\system32\DRIVERS\SaiUA501.sys
23:47:01.0143 0960 SaiUA501 - ok
23:47:01.0143 0960 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:47:01.0159 0960 SamSs - ok
23:47:01.0174 0960 SANDRA - ok
23:47:01.0206 0960 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:47:01.0221 0960 sbp2port - ok
23:47:01.0237 0960 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:47:01.0268 0960 SCardSvr - ok
23:47:01.0315 0960 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:47:01.0346 0960 scfilter - ok
23:47:01.0409 0960 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:47:01.0471 0960 Schedule - ok
23:47:01.0502 0960 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:47:01.0534 0960 SCPolicySvc - ok
23:47:01.0549 0960 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:47:01.0581 0960 SDRSVC - ok
23:47:01.0596 0960 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:47:01.0627 0960 secdrv - ok
23:47:01.0674 0960 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:47:01.0706 0960 seclogon - ok
23:47:01.0721 0960 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:47:01.0752 0960 SENS - ok
23:47:01.0768 0960 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:47:01.0784 0960 SensrSvc - ok
23:47:01.0815 0960 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:47:01.0846 0960 Serenum - ok
23:47:01.0862 0960 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:47:01.0893 0960 Serial - ok
23:47:01.0893 0960 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:47:01.0909 0960 sermouse - ok
23:47:01.0956 0960 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:47:01.0987 0960 SessionEnv - ok
23:47:02.0002 0960 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:47:02.0018 0960 sffdisk - ok
23:47:02.0034 0960 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:47:02.0049 0960 sffp_mmc - ok
23:47:02.0065 0960 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:47:02.0081 0960 sffp_sd - ok
23:47:02.0096 0960 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:47:02.0112 0960 sfloppy - ok
23:47:02.0143 0960 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:47:02.0174 0960 SharedAccess - ok
23:47:02.0221 0960 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:47:02.0268 0960 ShellHWDetection - ok
23:47:02.0284 0960 [ 8EB0727CD8A8F25DD1B3E3936881B860 ] SIoctl c:\windows\system32\drivers\sioctl.sys
23:47:02.0299 0960 SIoctl - ok
23:47:02.0315 0960 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:47:02.0315 0960 SiSRaid2 - ok
23:47:02.0331 0960 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:47:02.0346 0960 SiSRaid4 - ok
23:47:02.0377 0960 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:47:02.0377 0960 SkypeUpdate - ok
23:47:02.0409 0960 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:47:02.0440 0960 Smb - ok
23:47:02.0456 0960 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:47:02.0471 0960 SNMPTRAP - ok
23:47:02.0487 0960 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:47:02.0487 0960 spldr - ok
23:47:02.0518 0960 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:47:02.0581 0960 Spooler - ok
23:47:02.0674 0960 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:47:02.0784 0960 sppsvc - ok
23:47:02.0799 0960 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:47:02.0846 0960 sppuinotify - ok
23:47:02.0893 0960 [ 51DE15CA5C05BCA46D8B110CD00A02FB ] sptd C:\Windows\system32\Drivers\sptd.sys
23:47:02.0893 0960 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51DE15CA5C05BCA46D8B110CD00A02FB
23:47:02.0909 0960 sptd ( LockedFile.Multi.Generic ) - warning
23:47:02.0909 0960 sptd - detected LockedFile.Multi.Generic (1)
23:47:02.0987 0960 [ A892134C28777978ECDE8283DC57AC0F ] SQLAgent$SQLEXPRESS C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
23:47:03.0002 0960 SQLAgent$SQLEXPRESS - ok
23:47:03.0049 0960 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:47:03.0065 0960 SQLBrowser - ok
23:47:03.0096 0960 [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:47:03.0112 0960 SQLWriter - ok
23:47:03.0143 0960 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:47:03.0174 0960 srv - ok
23:47:03.0190 0960 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:47:03.0206 0960 srv2 - ok
23:47:03.0221 0960 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:47:03.0237 0960 srvnet - ok
23:47:03.0252 0960 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:47:03.0299 0960 SSDPSRV - ok
23:47:03.0315 0960 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:47:03.0346 0960 SstpSvc - ok
23:47:03.0362 0960 Steam Client Service - ok
23:47:03.0377 0960 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:47:03.0393 0960 stexstor - ok
23:47:03.0456 0960 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:47:03.0502 0960 stisvc - ok
23:47:03.0518 0960 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:47:03.0518 0960 swenum - ok
23:47:03.0534 0960 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:47:03.0596 0960 swprv - ok
23:47:03.0659 0960 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:47:03.0721 0960 SysMain - ok
23:47:03.0768 0960 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:47:03.0784 0960 TabletInputService - ok
23:47:03.0831 0960 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:47:03.0877 0960 TapiSrv - ok
23:47:03.0893 0960 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:47:03.0940 0960 TBS - ok
23:47:04.0002 0960 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:47:04.0065 0960 Tcpip - ok
23:47:04.0096 0960 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:47:04.0127 0960 TCPIP6 - ok
23:47:04.0174 0960 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:47:04.0190 0960 tcpipreg - ok
23:47:04.0206 0960 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:47:04.0237 0960 TDPIPE - ok
23:47:04.0252 0960 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:47:04.0268 0960 TDTCP - ok
23:47:04.0299 0960 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:47:04.0331 0960 tdx - ok
23:47:04.0409 0960 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
23:47:04.0487 0960 TeamViewer7 - ok
23:47:04.0518 0960 [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
23:47:04.0534 0960 teamviewervpn - ok
23:47:04.0549 0960 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:47:04.0549 0960 TermDD - ok
23:47:04.0596 0960 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:47:04.0659 0960 TermService - ok
23:47:04.0674 0960 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:47:04.0690 0960 Themes - ok
23:47:04.0721 0960 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:47:04.0737 0960 THREADORDER - ok
23:47:04.0752 0960 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:47:04.0799 0960 TrkWks - ok
23:47:04.0846 0960 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:47:04.0893 0960 TrustedInstaller - ok
23:47:04.0924 0960 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:47:04.0956 0960 tssecsrv - ok
23:47:04.0987 0960 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:47:05.0018 0960 TsUsbFlt - ok
23:47:05.0065 0960 [ FA1C690B0EFED006D7205670D7320B25 ] TTUSB2BDA_NTAMD64 C:\Windows\system32\DRIVERS\ttusb2bda_amd64.sys
23:47:05.0096 0960 TTUSB2BDA_NTAMD64 - ok
23:47:05.0159 0960 [ 4603D0DC0374A1D3B4D9BB20B7D11FB5 ] TuneUp.Defrag C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
23:47:05.0174 0960 TuneUp.Defrag - ok
23:47:05.0221 0960 [ FB5DA4174D8D21956E32E99DC20FD008 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
23:47:05.0252 0960 TuneUp.UtilitiesSvc - ok
23:47:05.0284 0960 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
23:47:05.0299 0960 TuneUpUtilitiesDrv - ok
23:47:05.0346 0960 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:47:05.0393 0960 tunnel - ok
23:47:05.0409 0960 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:47:05.0424 0960 uagp35 - ok
23:47:05.0471 0960 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:47:05.0502 0960 udfs - ok
23:47:05.0518 0960 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:47:05.0549 0960 UI0Detect - ok
23:47:05.0581 0960 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:47:05.0596 0960 uliagpkx - ok
23:47:05.0627 0960 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:47:05.0627 0960 umbus - ok
23:47:05.0643 0960 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:47:05.0674 0960 UmPass - ok
23:47:05.0674 0960 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:47:05.0721 0960 upnphost - ok
23:47:05.0737 0960 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:47:05.0768 0960 USBAAPL64 - ok
23:47:05.0815 0960 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:47:05.0831 0960 usbaudio - ok
23:47:05.0846 0960 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:47:05.0862 0960 usbccgp - ok
23:47:05.0893 0960 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:47:05.0909 0960 usbcir - ok
23:47:05.0924 0960 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:47:05.0956 0960 usbehci - ok
23:47:05.0971 0960 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:47:06.0002 0960 usbhub - ok
23:47:06.0002 0960 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:47:06.0018 0960 usbohci - ok
23:47:06.0049 0960 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:47:06.0065 0960 usbprint - ok
23:47:06.0081 0960 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:47:06.0112 0960 usbscan - ok
23:47:06.0127 0960 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:47:06.0174 0960 USBSTOR - ok
23:47:06.0206 0960 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:47:06.0237 0960 usbuhci - ok
23:47:06.0237 0960 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:47:06.0268 0960 UxSms - ok
23:47:06.0331 0960 [ 7EB1E6D0433D61AF1CEAEC31B9C2700C ] UxTuneUp C:\Windows\System32\uxtuneup.dll
23:47:06.0331 0960 UxTuneUp - ok
23:47:06.0346 0960 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:47:06.0362 0960 VaultSvc - ok
23:47:06.0409 0960 [ 87947A6F7DD5183AABA2CB45CFF0BF26 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
23:47:06.0424 0960 VBoxDrv - ok
23:47:06.0440 0960 [ A502011EB830AD5BF4D30A940614CF4E ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
23:47:06.0456 0960 VBoxNetAdp - ok
23:47:06.0471 0960 [ 9E86BB348A82EC3047D7CC75868B28AA ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
23:47:06.0487 0960 VBoxNetFlt - ok
23:47:06.0518 0960 [ 5E9F3633DDDAF2F1070017DC07044C97 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
23:47:06.0518 0960 VBoxUSBMon - ok
23:47:06.0534 0960 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:47:06.0549 0960 vdrvroot - ok
23:47:06.0596 0960 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:47:06.0643 0960 vds - ok
23:47:06.0659 0960 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:47:06.0674 0960 vga - ok
23:47:06.0674 0960 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:47:06.0706 0960 VgaSave - ok
23:47:06.0752 0960 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:47:06.0768 0960 vhdmp - ok
23:47:06.0784 0960 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:47:06.0784 0960 viaide - ok
23:47:06.0784 0960 VMnetAdapter - ok
23:47:06.0799 0960 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:47:06.0815 0960 volmgr - ok
23:47:06.0846 0960 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:47:06.0862 0960 volmgrx - ok
23:47:06.0877 0960 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:47:06.0893 0960 volsnap - ok
23:47:06.0909 0960 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:47:06.0924 0960 vsmraid - ok
23:47:06.0987 0960 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:47:07.0065 0960 VSS - ok
23:47:07.0081 0960 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:47:07.0096 0960 vwifibus - ok
23:47:07.0112 0960 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:47:07.0159 0960 W32Time - ok
23:47:07.0174 0960 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:47:07.0174 0960 WacomPen - ok
23:47:07.0206 0960 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:47:07.0237 0960 WANARP - ok
23:47:07.0237 0960 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:47:07.0268 0960 Wanarpv6 - ok
23:47:07.0299 0960 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:47:07.0362 0960 wbengine - ok
23:47:07.0377 0960 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:47:07.0393 0960 WbioSrvc - ok
23:47:07.0440 0960 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:47:07.0471 0960 wcncsvc - ok
23:47:07.0487 0960 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:47:07.0502 0960 WcsPlugInService - ok
23:47:07.0518 0960 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:47:07.0534 0960 Wd - ok
23:47:07.0549 0960 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:47:07.0596 0960 Wdf01000 - ok
23:47:07.0612 0960 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:47:07.0690 0960 WdiServiceHost - ok
23:47:07.0690 0960 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:47:07.0706 0960 WdiSystemHost - ok
23:47:07.0721 0960 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:47:07.0752 0960 WebClient - ok
23:47:07.0784 0960 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:47:07.0815 0960 Wecsvc - ok
23:47:07.0831 0960 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:47:07.0862 0960 wercplsupport - ok
23:47:07.0877 0960 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:47:07.0909 0960 WerSvc - ok
23:47:07.0924 0960 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:47:07.0956 0960 WfpLwf - ok
23:47:07.0971 0960 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:47:07.0971 0960 WIMMount - ok
23:47:07.0987 0960 WinDefend - ok
23:47:08.0002 0960 WinHttpAutoProxySvc - ok
23:47:08.0034 0960 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:47:08.0081 0960 Winmgmt - ok
23:47:08.0143 0960 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:47:08.0221 0960 WinRM - ok
23:47:08.0268 0960 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:47:08.0299 0960 WinUsb - ok
23:47:08.0315 0960 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:47:08.0362 0960 Wlansvc - ok
23:47:08.0440 0960 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:47:08.0502 0960 wlidsvc - ok
23:47:08.0534 0960 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
23:47:08.0534 0960 WmBEnum - ok
23:47:08.0581 0960 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
23:47:08.0581 0960 WmFilter - ok
23:47:08.0596 0960 [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
23:47:08.0596 0960 WmHidLo - ok
23:47:08.0627 0960 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:47:08.0627 0960 WmiAcpi - ok
23:47:08.0643 0960 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:47:08.0674 0960 wmiApSrv - ok
23:47:08.0690 0960 WMPNetworkSvc - ok
23:47:08.0706 0960 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
23:47:08.0706 0960 WmVirHid - ok
23:47:08.0721 0960 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
23:47:08.0721 0960 WmXlCore - ok
23:47:08.0737 0960 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:47:08.0752 0960 WPCSvc - ok
23:47:08.0768 0960 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:47:08.0784 0960 WPDBusEnum - ok
23:47:08.0799 0960 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:47:08.0846 0960 ws2ifsl - ok
23:47:08.0846 0960 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
23:47:08.0877 0960 wscsvc - ok
23:47:08.0893 0960 WSearch - ok
23:47:08.0940 0960 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:47:09.0002 0960 wuauserv - ok
23:47:09.0049 0960 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:47:09.0065 0960 WudfPf - ok
23:47:09.0081 0960 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:47:09.0096 0960 WUDFRd - ok
23:47:09.0127 0960 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:47:09.0143 0960 wudfsvc - ok
23:47:09.0159 0960 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:47:09.0206 0960 WwanSvc - ok
23:47:09.0268 0960 X6va008 - ok
23:47:09.0299 0960 X6va009 - ok
23:47:09.0346 0960 [ 74983ADDCA2D9618512C088D856D6615 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
23:47:09.0362 0960 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
23:47:09.0362 0960 ================ Scan global ===============================
23:47:09.0377 0960 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:47:09.0409 0960 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
23:47:09.0424 0960 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
23:47:09.0440 0960 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:47:09.0471 0960 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:47:09.0471 0960 [Global] - ok
23:47:09.0471 0960 ================ Scan MBR ==================================
23:47:09.0487 0960 [ 4C54042F5B2569C9DDCF173120D730F9 ] \Device\Harddisk0\DR0
23:47:09.0721 0960 \Device\Harddisk0\DR0 - ok
23:47:09.0721 0960 [ 4C54042F5B2569C9DDCF173120D730F9 ] \Device\Harddisk1\DR1
23:47:09.0784 0960 \Device\Harddisk1\DR1 - ok
23:47:09.0784 0960 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
23:47:09.0924 0960 \Device\Harddisk2\DR2 - ok
23:47:09.0924 0960 ================ Scan VBR ==================================
23:47:09.0924 0960 [ E24529AF64852A2F7077C1255717EB44 ] \Device\Harddisk0\DR0\Partition1
23:47:09.0924 0960 \Device\Harddisk0\DR0\Partition1 - ok
23:47:09.0924 0960 [ 49401DB2808A37A3C23D2CB170F9E780 ] \Device\Harddisk1\DR1\Partition1
23:47:09.0924 0960 \Device\Harddisk1\DR1\Partition1 - ok
23:47:09.0924 0960 [ BE7E57DD4D8340AA0E83D80E6AACDD0A ] \Device\Harddisk2\DR2\Partition1
23:47:09.0924 0960 \Device\Harddisk2\DR2\Partition1 - ok
23:47:09.0924 0960 ============================================================
23:47:09.0924 0960 Scan finished
23:47:09.0924 0960 ============================================================
23:47:09.0940 5592 Detected object count: 2
23:47:09.0940 5592 Actual detected object count: 2
23:47:20.0627 5592 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:20.0627 5592 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:20.0627 5592 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:47:20.0627 5592 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.05.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Marcus :: GOLLUM [Administrator] 05.02.2013 23:51:31 mbam-log-2013-02-05 (23-51-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 623353 Laufzeit: 1 Stunde(n), 57 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=5ae812ed778f0a4cacefe5f235f2be41
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-06 06:37:50
# local_time=2013-02-06 07:37:50 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 26015 225595560 18797 0
# compatibility_mode=5893 16776573 100 94 84910 111805720 0 0
# scanned=442914
# found=2
# cleaned=0
# scan_time=16636
C:\Users\Marcus\AppData\Local\TempImages\AutoUpdate.exe a variant of Win32/Agent.SZW trojan 7363CBE90B1099467071A0C47E46B579ACFEE24D I
K:\GOLLUM\Backup Set 2010-03-01 101807\Backup Files 2010-08-30 091023\Backup files 15.zip a variant of Win32/Agent.SZW trojan B186CD8DD83ED277550F0DC9E9006EEAE744004F I
Geändert von MaBase66 (06.02.2013 um 22:56 Uhr) |
|
07.02.2013, 14:02
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/Agent.10512429.1 und Win32/Agent.SZW trojan Zitat:
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
07.02.2013, 18:50
| #3 |
| | TR/Agent.10512429.1 und Win32/Agent.SZW trojan Hallo cosinus,
__________________Vielen Dank für Deine Unterstützung! Ich habe Malwarebytes Anti-Rootkit BETA v1.01.0.1017 heruntergeladen, gestartet und auch das Update auf DB-Version v2013.01.23.01 erfolgreich durchgeführt. Der Scan zielte auf Drivers, Sectors und System. Hier das Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.02.07.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marcus :: GOLLUM [administrator]
07.02.2013 18:47:15
mbar-log-2013-02-07 (18-47-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 238559
Time elapsed: 9 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
08.02.2013, 11:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.10512429.1 und Win32/Agent.SZW trojan Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.02.2013, 17:53
| #5 |
| | TR/Agent.10512429.1 und Win32/Agent.SZW trojan Hallo cosinus, hier die OTL-Logs 1. OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.02.2013 17:19:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\050 Programme 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 4,68 Gb Available Physical Memory | 58,47% Memory free 16,00 Gb Paging File | 11,68 Gb Available in Paging File | 72,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 352,95 Gb Free Space | 75,80% Space Free | Partition Type: NTFS Drive D: | 1863,01 Gb Total Space | 1400,87 Gb Free Space | 75,19% Space Free | Partition Type: NTFS Drive E: | 14,92 Gb Total Space | 2,87 Gb Free Space | 19,23% Space Free | Partition Type: FAT32 Drive H: | 58,88 Gb Total Space | 58,13 Gb Free Space | 98,73% Space Free | Partition Type: FAT32 Computer Name: GOLLUM | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\050 Programme\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\PROGRA~2\MIF5BA~1\Office14\WINWORD.EXE (Microsoft Corporation) PRC - C:\Windows\SysWOW64\prevhost.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - D:\050 Programme\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - D:\050 Programme\UltraEdit\GNU\libxml2.dll () MOD - D:\050 Programme\UltraEdit\wodTelnetDLX.ocx () MOD - D:\050 Programme\UltraEdit\uejs.dll () MOD - D:\050 Programme\UltraEdit\idm_tidylib.dll () MOD - D:\050 Programme\UltraEdit\GNU\zlib1.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys File not found DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (TTUSB2BDA_NTAMD64) -- C:\Windows\SysNative\drivers\ttusb2bda_amd64.sys (TechnoTrend GmbH) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (nm3) -- C:\Windows\SysNative\drivers\nm3.sys (Microsoft Corporation) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\drivers\IT9135BDA.sys (ITE ) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (CLBStor) -- C:\Windows\SysNative\drivers\CLBStor.sys (Cyberlink Co.,Ltd.) DRV:64bit: - (CLBUDF) -- C:\Windows\SysNative\drivers\CLBUDF.sys (CyberLink Corporation.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek) DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (SIoctl) -- C:\Windows\SysNative\drivers\sioctl.sys () DRV:64bit: - (SaiUA501) -- C:\Windows\SysNative\drivers\SaiUA501.sys (Saitek) DRV:64bit: - (SaiHA501) -- C:\Windows\SysNative\drivers\SaiHA501.sys (Saitek) DRV:64bit: - (SaiLA501) -- C:\Windows\SysNative\drivers\SaiLA501.sys (Saitek) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://bigsap.mt-ag.com/?sap-client=100&sap-language=DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 CB 8A A5 D5 54 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{C91D1007-9645-4E01-9312-1B1241E133FD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..network.proxy.ftp: "85.217.130.46" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "85.217.130.46" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "85.217.130.46" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "85.217.130.46" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\050 Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\*****\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\*****\AppData\LocalLow\Sony Online Entertainment\npsoe.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: D:\050 Programme\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.11.10 08:51:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 05:48:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 05:48:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: D:\050 Programme\Mozilla Thunderbird\components [2013.01.20 15:54:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 05:48:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 05:48:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\050 Programme\Mozilla Thunderbird\components [2013.01.20 15:54:41 | 000,000,000 | ---D | M] [2012.02.15 22:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.10.29 08:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.02.01 14:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\4vuj4m6d.default-1358689216201\extensions [2013.01.21 15:29:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\4vuj4m6d.default-1358689216201\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.01.21 15:17:24 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\extensions\firebug@software.joehewitt.com.xpi [2013.01.21 15:36:09 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\extensions\stealthyextension@gmail.com.xpi [2013.02.01 14:53:37 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.21 15:29:49 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.02.06 05:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.06 05:48:56 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.08 18:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 06:29:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.08 18:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 18:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 18:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 18:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.10.10 08:40:15 | 000,000,856 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Lan Messenger] C:\Program Files (x86)\Lan Messenger\LANmessenger.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Thunderbird] D:\050 Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] D:\050 Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\*****\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: noventum.de ([intranet] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: noventum.de ([webmail] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59935ACC-42F2-49CA-882A-82F442901438}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{80337a3d-e33c-11de-8992-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{80337a3d-e33c-11de-8992-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOPLAY.EXE id=10000017000015000002 ver=1.0.0.0 O33 - MountPoints2\{80337a3e-e33c-11de-8992-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{80337a3e-e33c-11de-8992-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk /r \??\I:) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.07 17:48:23 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\MalwareBytes AntiRootKit [2013.02.06 14:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.02.06 05:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.05 22:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.05 22:37:59 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.05 22:37:02 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Programs [2013.01.28 08:45:50 | 000,000,000 | -H-D | C] -- C:\Users\*****\Documents\Freemake_do_not_remove_this_folder634949595504130860 [2013.01.23 14:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics [2013.01.23 14:05:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\LifeSniffer [2013.01.22 08:23:44 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.22 08:23:44 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.22 08:23:44 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.20 14:40:20 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Alte Firefox-Daten [2013.01.19 19:06:00 | 000,000,000 | -H-D | C] -- C:\Users\*****\Documents\Freemake_do_not_remove_this_folder634942191602626953 [2013.01.18 02:09:12 | 000,000,000 | -H-D | C] -- C:\Users\*****\Documents\Freemake_do_not_remove_this_folder634940717523095703 [2013.01.17 18:16:31 | 000,000,000 | -H-D | C] -- C:\Users\*****\Documents\Freemake_do_not_remove_this_folder634940433913515625 [2013.01.16 08:41:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Star Wars - The Old Republic [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.08 17:16:06 | 000,000,877 | ---- | M] () -- C:\Users\*****\Desktop\OTL.lnk [2013.02.08 17:14:54 | 001,830,996 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.08 17:14:54 | 000,774,056 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.08 17:14:54 | 000,727,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.08 17:14:54 | 000,178,632 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.08 17:14:54 | 000,150,828 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.08 17:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.08 16:55:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.07 18:55:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.07 03:48:23 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.07 03:48:23 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.05 19:49:16 | 000,001,409 | ---- | M] () -- C:\Users\*****\Desktop\Shell.lnk [2013.02.05 19:43:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.05 19:43:09 | 2147,131,391 | -HS- | M] () -- C:\hiberfil.sys [2013.01.23 14:05:48 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Photo Toolbox.lnk [2013.01.12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.10 03:41:21 | 000,527,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 03:22:49 | 001,807,954 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.08 17:16:06 | 000,000,877 | ---- | C] () -- C:\Users\*****\Desktop\OTL.lnk [2013.02.05 19:38:31 | 000,001,409 | ---- | C] () -- C:\Users\*****\Desktop\Shell.lnk [2013.01.23 14:05:48 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Photo Toolbox.lnk [2012.12.15 00:19:04 | 000,053,248 | ---- | C] () -- C:\Windows\exitwx.exe [2012.11.05 01:01:54 | 001,482,752 | ---- | C] ( ) -- C:\Windows\SysWow64\pnen3260.dll [2012.11.05 01:01:54 | 000,548,940 | ---- | C] ( ) -- C:\Windows\SysWow64\raac.dll [2012.11.05 01:01:54 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\vidsite.dll [2012.11.05 01:01:54 | 000,184,320 | ---- | C] ( ) -- C:\Windows\SysWow64\rmfformat.dll [2012.11.05 01:01:54 | 000,159,744 | ---- | C] ( ) -- C:\Windows\SysWow64\rvrender.dll [2012.11.05 01:01:54 | 000,159,744 | ---- | C] ( ) -- C:\Windows\SysWow64\rarender.dll [2012.11.05 01:01:54 | 000,086,016 | ---- | C] ( ) -- C:\Windows\SysWow64\smplfsys.dll [2012.11.05 01:01:54 | 000,077,824 | ---- | C] ( ) -- C:\Windows\SysWow64\ramrender.dll [2012.11.05 01:01:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\SysWow64\rv40.dll [2012.11.05 01:01:54 | 000,031,744 | ---- | C] ( ) -- C:\Windows\SysWow64\ramfformat.dll [2012.11.05 01:01:53 | 000,548,919 | ---- | C] ( ) -- C:\Windows\SysWow64\colorcvt.dll [2012.11.05 01:01:53 | 000,045,056 | ---- | C] ( ) -- C:\Windows\SysWow64\authmgr.dll [2012.11.05 01:01:53 | 000,044,032 | ---- | C] ( ) -- C:\Windows\SysWow64\clntxres.dll [2012.10.27 10:12:28 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012.09.14 13:51:23 | 000,286,720 | ---- | C] ( ) -- C:\Windows\SysWow64\drvc.dll [2012.09.14 13:51:23 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.08.06 17:09:23 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2012.07.18 08:33:31 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.05 23:08:30 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.03.05 23:08:30 | 000,000,342 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.06 08:15:29 | 000,000,094 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.29 11:53:18 | 000,000,600 | ---- | C] () -- C:\Users\*****\AppData\Local\PUTTY.RND [2011.06.23 13:30:58 | 000,000,150 | ---- | C] () -- C:\Windows\Sierra.ini [2011.06.23 13:27:34 | 000,006,900 | ---- | C] () -- C:\Users\*****\AppData\Roaming\.freeciv-client-rc-2.2 [2011.05.20 07:20:07 | 000,007,629 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.06 12:34:03 | 000,000,030 | ---- | C] () -- C:\Windows\Caligari.ini [2011.03.06 12:22:56 | 000,000,173 | ---- | C] () -- C:\Users\*****\AppData\Local\msmathematics.qat.***** [2011.02.10 19:47:36 | 000,000,080 | ---- | C] () -- C:\Users\*****\AppData\Local\CrystalDiskMark30.ini [2011.01.15 21:02:19 | 000,030,720 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.05 17:21:32 | 000,117,997 | ---- | C] () -- C:\Users\*****\GPUObserver36c.gadget [2010.01.24 23:08:31 | 000,172,052 | ---- | C] () -- C:\Users\*****\Auftrag_Uebertragung_Konten_Depots_AWD.pdf ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\*****\Downloads:Shareaza.GUID @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F9819010 < End of report > |
|
08.02.2013, 17:54
| #6 |
| | TR/Agent.10512429.1 und Win32/Agent.SZW trojan 2. Extras.txt: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.02.2013 17:19:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\050 Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 4,68 Gb Available Physical Memory | 58,47% Memory free
16,00 Gb Paging File | 11,68 Gb Available in Paging File | 72,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 352,95 Gb Free Space | 75,80% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1400,87 Gb Free Space | 75,19% Space Free | Partition Type: NTFS
Drive E: | 14,92 Gb Total Space | 2,87 Gb Free Space | 19,23% Space Free | Partition Type: FAT32
Drive H: | 58,88 Gb Total Space | 58,13 Gb Free Space | 98,73% Space Free | Partition Type: FAT32
Computer Name: GOLLUM | User Name: *****| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- D:\050 Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- D:\050 Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- D:\050 Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AA25DE-D5D0-41B1-A452-DF03949BE235}" = lport=137 | protocol=17 | dir=in | app=system |
"{0265F650-76AE-4231-A853-977239AC6DE5}" = lport=445 | protocol=6 | dir=in | app=system |
"{100C0F94-FEEB-44EB-98A9-709E3BEBD2FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{18AFAC61-47AB-45B1-87BD-57756A028176}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{26B16104-4A56-4854-BBA3-67A1518AB802}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{29F7C906-99EF-41AF-89DD-67C71FE68D8D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp5c\wnt500x64\rpcsandrasrv.exe |
"{2AD5A567-9395-46C2-B85B-468243A0CE97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EEB4CCD-47F9-4A90-8164-25860C0E0BEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{38D48A0C-5B0F-426F-9D51-C4010D68815E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{437932CF-E479-45EE-9A1C-ABA26FDB7B9A}" = rport=138 | protocol=17 | dir=out | app=system |
"{456827F3-9AB9-4F36-82D2-DA941BE24231}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DCC4FD8-6AA8-4D89-92D2-C9AB6EA6382D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53945C0D-DF86-469C-AB40-834EE0B1E7B5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5FABD89D-642F-434E-B943-1B1C9EB634AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{61328E19-EF26-418C-8B04-FD4A5CCC2128}" = rport=137 | protocol=17 | dir=out | app=system |
"{65B204E0-95CA-4C20-9E52-8D4298AC54D2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A7D7DE2-5E25-4D1A-A075-7D5E72948926}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D93B572-261C-416E-9184-1805FA5F05E0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{704FA7C1-7E80-4362-B6AE-B973CD5B7F6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{7FD9417A-A8C0-4334-891D-886185073CF7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{84E208C1-27F2-4E3D-AFBD-3EAEC1E23A87}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8A985D90-30FA-4FBF-9EC8-EE45BADF2DFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9593929B-9F55-4D8F-AB1D-E2A877DF73E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98B6186C-9B9E-4648-B738-C54304831471}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0BC6458-C04B-44F7-99EA-57AEB3663AA8}" = rport=139 | protocol=6 | dir=out | app=system |
"{AED52D09-5B98-4A0E-A53F-AA84F37D4DA7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9F88974-11AB-4BA1-AAE3-5878225DE5F8}" = lport=139 | protocol=6 | dir=in | app=system |
"{BC743F4C-70F1-41F5-BD4C-7428F0A75C62}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BD0D79FD-DF0C-47EE-B270-17341A4CD97A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3381791-3FA7-4EBE-A153-94C6D19AE016}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E34D0333-4284-42BC-A06E-C8B8DF2147AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2253414-1C28-4F12-AA2C-6AD77296B2E8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{F304F028-E54E-4985-BD1D-1391BAE6425E}" = lport=138 | protocol=17 | dir=in | app=system |
"{F484974A-D6E5-4D09-B507-82D0DE149B56}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FEE7250C-714A-498E-B698-70A2CBD34665}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B45EA1-5F9C-4785-82C5-1863E3EFF803}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{0295CA23-0ACF-4C9C-A2D8-838753075FD0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{03E26364-5C52-406E-A68A-F903C1A1B188}" = protocol=17 | dir=in | app=c:\program files (x86)\lan messenger\lanmessenger.exe |
"{04023181-226B-4B62-8AA5-A9EADD9EC37D}" = protocol=17 | dir=in | app=d:\dirt2\dirt2_game.exe |
"{091F7A2F-33B6-430F-8DE5-556B082A5DC6}" = protocol=6 | dir=in | app=d:\dc_universe\unreal3\binaries\win32\dcgame.exe |
"{0A52CE69-41F4-475C-A9E3-FA463D096800}" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"{0AAB230D-58B6-4CF6-A555-D6DE8F28FD8E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0C9DC57B-FC15-49AE-974E-C6054790F733}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe |
"{0CDC599A-B83D-488A-A796-B9E6695BB5AE}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{1005835C-17F1-4628-BAC1-4030D526F24E}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{138AAB50-7E00-425C-A74D-F0A888625B9D}" = protocol=6 | dir=in | app=d:\windata\home\windata.exe |
"{1513F1FA-8BC5-4361-A058-31ECDB617DD6}" = protocol=6 | dir=in | app=c:\program files (x86)\java\bin\javaw.exe |
"{1D2C6610-2014-49BC-BB31-99FD954DFE21}" = dir=in | app=d:\brickforce\brickforce.exe |
"{1E4D8F63-CD56-4220-B6CB-F21ACA26DDF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2065086E-B0E0-4D3B-BB65-13BB0FE9E835}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{21658AAC-9B9C-4C16-8C34-F4DE399991E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{225BCEE7-7471-4F72-BB2A-2A81DCC2E9C6}" = protocol=6 | dir=in | app=d:\050 programme\hdro\lotroclient.exe |
"{2412EC6A-CD81-40AC-AFEA-13AC80803876}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{25452A60-152D-45FA-97CC-3169E5C89E42}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{25A7697F-F415-4D60-9766-209E55161A3F}" = protocol=6 | dir=in | app=c:\program files (x86)\lan messenger\lanmessenger.exe |
"{25A8E499-5961-42BD-9A5A-E1C4294C7C80}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe |
"{261D4DBE-E765-4EE7-9BB6-E384865A2260}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2846747E-EE7A-467D-928C-03FDD02424B9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{2BA7032C-8B35-4D43-998A-D4BCF415CFCB}" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"{2EF69720-029D-46AA-B441-A40DDB423CD0}" = protocol=6 | dir=in | app=d:\steam\steamapps\mjoelnir768\counter-strike\hl.exe |
"{30165FE6-DF1A-458B-B547-AB089A9A1788}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"{30232B65-C786-40B1-941B-16ECA589F5EE}" = protocol=17 | dir=in | app=d:\flatout2\flatout2.exe |
"{3318A121-D731-47EB-8230-CC46CC01164A}" = protocol=17 | dir=in | app=d:\050 programme\itunes\itunes.exe |
"{38E567D9-3192-427D-9243-38BB26693B7F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{3C3567FB-A1B5-4055-ABE8-4E75FB20F507}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"{3DCB21E9-D14C-4697-B23E-26D28389846A}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{3F03F0C6-2CC4-440E-B675-31B6B80E3F29}" = protocol=6 | dir=in | app=d:\world_of_tanks\worldoftanks.exe |
"{3FA15AD9-3FFA-4818-9216-A8FD502E8532}" = protocol=6 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
"{3FEBF336-27DB-4CBA-B6AD-CB2151AA7264}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{45185BED-8073-4979-A7BF-22D8BA41898A}" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"{46B5F0B2-ABEF-4741-836C-FE4FAAE9DD92}" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe |
"{46C88EE9-3358-4FE1-A7E5-A5D6BB8DF801}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{49B90570-512B-4409-88A2-F2B23D828A23}" = protocol=17 | dir=in | app=d:\wow\launcher.patch.exe |
"{4AFF7507-76CB-40A1-BA4A-3AFF851E5E32}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4B0E3083-EE6A-459A-BD60-A20E383171DE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{4C7D4DE2-49F7-440C-AA92-A9EEAA5ED5B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4CA0FCBF-B10E-4033-BE75-31A5485D2D6C}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{4D8DA9C3-9DEA-4249-845F-3463F5359DBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4DB835BF-ACA2-4DED-A412-302BA7942626}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{50A11388-B653-4BEE-A2A0-0B838BA03474}" = protocol=17 | dir=in | app=d:\wow\launcher.exe |
"{5290624B-F829-48E2-A8D7-2BF561BACE3E}" = protocol=6 | dir=in | app=d:\hl\hl.exe |
"{57BAFF80-4A60-4A3A-A0B6-0CA390133397}" = protocol=17 | dir=in | app=d:\050 programme\hdro\lotroclient.exe |
"{58005E44-896F-4B79-AF4D-B958DB278190}" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\worldserver.exe |
"{588552AC-60F2-4B38-AD32-51CB21E229F6}" = protocol=6 | dir=out | app=system |
"{59E02BF8-8C8A-48D2-A0B6-1662215A9EA1}" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe |
"{5B1008AA-60BE-4B3D-AD8F-7E955F233FA6}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{5BA98F6A-D047-4881-9C08-1CBB0E49452F}" = protocol=6 | dir=in | app=d:\world_of_tanks\wotlauncher.exe |
"{5D270158-F7E9-4F9B-8D86-4584602B9B31}" = protocol=6 | dir=in | app=d:\unreal tournament 3 (lg)\binaries\ut3.exe |
"{5F646B99-E347-4CCE-BEEC-D77B5913DC65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60A669B5-5CEC-4934-9991-830D4893FB5F}" = protocol=6 | dir=in | app=d:\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{61525796-1E92-4CFC-8B0E-29E0E08A7093}" = protocol=6 | dir=in | app=d:\wow\launcher.patch.exe |
"{63FB482B-89F3-4567-B2C2-9F4F0E645E10}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe |
"{6479E5CA-7348-4B70-8CC5-ABB13533F0C9}" = protocol=6 | dir=in | app=d:\flatout2\flatout2.exe |
"{664A447D-F2D3-4963-9BC1-BE72A8D67003}" = protocol=6 | dir=in | app=d:\wow\launcher.exe |
"{66907817-7424-4BE7-9D64-0952E2E35CC8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66A123D6-93DC-435F-9A16-FDDF0AD7DABB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6706DE52-F488-4290-B2F0-3299A3E294B9}" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe |
"{6ADE3B63-FF74-49B0-84BB-1232F22FD8EA}" = protocol=6 | dir=in | app=d:\dirt2\dirt2_game.exe |
"{6C6C1190-6541-4274-B359-2C9C52678CD1}" = protocol=17 | dir=in | app=d:\hl\hl.exe |
"{6E51F891-5A7F-4F43-9143-2168DC72F19B}" = protocol=17 | dir=in | app=d:\windata\home\windata.exe |
"{714A1D61-8168-4384-8C6A-6697521DF2EC}" = protocol=17 | dir=in | app=d:\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{718DD3A7-161C-45A4-A582-9A3C31C4398B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73AAE0ED-CB8B-4C82-9E23-310545D724B9}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{73E2A49B-0C75-4F5D-8B15-A6A24FCECEAA}" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\worldserver.exe |
"{757A42DE-EF6E-4E22-849E-CAF90D5D358C}" = protocol=17 | dir=in | app=d:\050 programme\xfire\xfire.exe |
"{77FF8CB2-844C-4353-A711-72242F89885B}" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"{78B55E3D-2EC1-42F9-94FF-21CF8AB93BE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EA30FD1-7C05-4BD0-8F8F-51B973E7C7E6}" = protocol=17 | dir=in | app=d:\world_of_tanks\wotlauncher.exe |
"{8170A411-8F49-4C0E-B936-CC45D246AB13}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{83D99F5E-22F5-4B74-BE59-2AC64945DCF5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{89C72BF1-40E3-4BD5-A23A-3FE803720B6B}" = protocol=17 | dir=in | app=d:\world_of_tanks\worldoftanks.exe |
"{8DE52DE9-1369-4713-B7A5-87395A56284B}" = protocol=17 | dir=in | app=d:\fear 2\fear2\fear2.exe |
"{92B763DB-7326-4C47-9BAC-F2F295949E96}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{961C89C5-C095-455B-A121-E70EEBA466A7}" = protocol=17 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
"{97FFBF78-CBBB-41C5-994A-0A2E87782936}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{98BC871F-B7A2-4B46-9A9B-3EAF1AB82F8B}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe |
"{990D0199-253A-4F48-86E6-1127F873F53C}" = protocol=17 | dir=in | name=minecraft_server |
"{9A131E4F-87FF-4271-90AF-7ECAED6A3EE7}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{A05324E2-9F71-4351-9CE5-58191CF4734D}" = protocol=6 | dir=in | app=d:\050 programme\xfire\xfire.exe |
"{A063388E-2AE6-4438-8A2B-8A7D290A6893}" = protocol=6 | dir=in | app=d:\grid\grid.exe |
"{A233E9F4-D52D-43BF-A610-B2743F5D9912}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"{A35F3293-763C-411B-9F33-8C1F63300B52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4639949-D15A-426C-AD8E-C56C35AE922F}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{A4BA07D6-B391-412B-9F2A-59AB759A523F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A592B40B-BD13-4A10-ADC4-A82F94E4C70F}" = dir=in | app=d:\minecraft_server\minecraft_server.exe |
"{A71A1618-4E23-491E-98E4-21B932FAEEA3}" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe |
"{A7291598-25C4-410B-BD83-424929B6022C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A94C8F11-48A1-457C-B7C1-D9AD62547F94}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{ADEB890D-44C8-41EA-89AF-E8500FB1FD8F}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{AF747E9E-9C10-44D8-A298-01558325D0F9}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{B00C84D4-2257-4040-8842-D0D0799B4F03}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B18F3377-C08C-48D7-99A6-2FFAB1CD0FCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B36971B9-830E-464F-A5B6-5DE119C9B20A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\darksiders\darksiderspc.exe |
"{B7284195-C806-4F2F-B242-CB1E8713BD06}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{B79ACD03-9E05-40D5-A92B-59F312A8C836}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B7FA9588-36EF-4FA2-8D13-5D7751719DD6}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{B8AD7C45-306E-4282-9A08-CB036192562B}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe |
"{BA55C98F-01CE-472D-B112-D0C0FBA99E57}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{BAB4A6F4-5773-43DA-97DD-93DEA5A1E725}" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\apps\2.0\0hajvwr9.gnv\4ecqbcb9.dxk\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{BAB93741-B4B2-4B7F-AA20-53762C7377BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBD6C707-2C14-4517-9EEA-9390496188D3}" = protocol=17 | dir=in | app=d:\steam\steamapps\mjoelnir768\counter-strike\hl.exe |
"{BC68809A-0013-4600-AE35-EF9A81AF856B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe |
"{BF4C86D1-C10F-46D1-98F1-208325FDB6D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BF64FA80-1393-4CB5-9365-A308B397DDEA}" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\apps\2.0\0hajvwr9.gnv\4ecqbcb9.dxk\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{C065D43E-73FA-44B8-B564-396BC24C5129}" = protocol=17 | dir=in | app=c:\program files (x86)\java\bin\javaw.exe |
"{C37B2C36-8013-4CD2-91D0-BB467E5FF259}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{C555EA6E-52C8-4883-8106-7847A412229A}" = dir=out | app=d:\minecraft_server\minecraft_server.exe |
"{C565C640-198A-4058-A125-DD04875EBC32}" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\logonserver.exe |
"{C923057B-3789-455F-8B80-1CE2BEE8D699}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{CE1D9D95-B8B0-4D6B-9C0C-642664CF0163}" = protocol=17 | dir=in | app=d:\ut2004\system\ut2004.exe |
"{CF885602-5034-43CF-8B26-825CD48C5225}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{D0AD9CDC-2327-41DD-BB13-FB27CDE62C81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D13663D0-DAC7-405F-A96C-0B099C4EC60C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D1FDB251-15E3-4679-9FB2-308A1A9D8CC7}" = protocol=17 | dir=in | app=d:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"{D7497291-6EEB-4634-9B0A-3F45F2D7217E}" = protocol=6 | dir=in | app=d:\ut2004\system\ut2004.exe |
"{D7C927D2-2EC1-4878-ABE1-46DC5A6331EC}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{D9BDEAEE-5AF2-4264-9F24-69553014D42B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DAF46C95-EC44-41E9-8045-1B7B08CF9854}" = protocol=17 | dir=in | app=d:\unreal tournament 3 (lg)\binaries\ut3.exe |
"{DC2C5783-A061-428F-8DDA-4C5A951E32A3}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{DEE48C86-F4B0-474E-8336-F704CB17D742}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0386925-C1F9-4E16-BC2A-EAF8779C7947}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{E07D5921-ADCB-4B67-9ABC-E843D3AC485F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{E1846B37-910D-4F5C-B8D4-1D9400E75EA7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\darksiders\darksiderspc.exe |
"{E4F35115-D9A3-41E0-8CD1-B3258A0197B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6CC1C7A-B847-4209-9B1E-80AB7551C272}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"{E91B782C-4B99-4616-A9A2-53EDBA12E875}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E932379A-77C4-4CF0-8A6A-E3ED25ED93F0}" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"{EA78E41E-DB1C-4FC8-9649-40366965C319}" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"{EFA8DFBE-0B80-4F70-A658-B63077A0A913}" = protocol=6 | dir=in | app=d:\050 programme\itunes\itunes.exe |
"{F27F72F6-81A4-4964-82C7-B3499EF8EC95}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F3C7580A-B67A-423C-A878-7EA096741276}" = dir=in | app=d:\brickforce\bflauncher.exe |
"{F6F1F01A-4D06-4457-8404-2185518DC94E}" = protocol=6 | dir=in | app=d:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"{F75BC61D-DBCC-44FA-AB3A-CC0619A9AE0A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{FA1E6BB7-962B-4FE3-BBE1-B5780CA05B52}" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\logonserver.exe |
"{FB78DD9A-509A-42AA-97EB-62501714170C}" = protocol=17 | dir=in | app=d:\dc_universe\unreal3\binaries\win32\dcgame.exe |
"{FE5B174E-A31F-4A6E-90E8-428B5A1BAE26}" = protocol=17 | dir=in | app=d:\grid\grid.exe |
"{FE60BA23-AEFB-438F-9E2F-4C13CA9A9B43}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FEB4AA64-3D7F-464B-8721-4D27755F78E7}" = protocol=6 | dir=in | app=d:\fear 2\fear2\fear2.exe |
"TCP Query User{1821DC07-B993-4F85-802B-C89FA6C8EB54}D:\050 programme\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\050 programme\orbitdownloader\orbitnet.exe |
"TCP Query User{1B387F94-B211-4DB2-A22A-2B47775FDACB}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{25A71E70-D532-4852-AE41-ED1E7A845384}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"TCP Query User{29CFE505-E6B5-402A-A6AA-97AB705F033A}D:\heavy metal - fakk2\fakk2.exe" = protocol=6 | dir=in | app=d:\heavy metal - fakk2\fakk2.exe |
"TCP Query User{31BC33FE-A281-45C3-9287-36CF2AEF1BBD}D:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\blizzard downloader.exe |
"TCP Query User{3381785E-EAD9-487D-96DD-F6509771DC75}C:\users\*****\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{3482591E-E341-4A6E-8200-117049DF6DB5}D:\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=d:\freeciv-2.2.5-gtk2\freeciv-server.exe |
"TCP Query User{355D8B63-DF2B-457B-ABA7-958391982356}C:\program files (x86)\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe |
"TCP Query User{3EA2891E-2BB7-4A48-99B7-52FEDEB2A67F}D:\wow\novo's easy wow server\0.4.1\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\udrive\usr\local\apache2\bin\apache_16.exe |
"TCP Query User{3F4A80A7-E02F-420C-9B24-8708E9299FA6}D:\010 data\fritzbox\fritz.box_wlan_7390_84.04.84.recover-image.exe" = protocol=6 | dir=in | app=d:\010 data\fritzbox\fritz.box_wlan_7390_84.04.84.recover-image.exe |
"TCP Query User{41045E80-47B0-445D-9704-03E54EAD34A9}C:\program files (x86)\qnap\qget\qget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\qget\qget.exe |
"TCP Query User{41351FF3-094E-4520-9C94-804B171E885F}D:\wow\novo's easy wow server\0.4.1\worldserver.exe" = protocol=6 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\worldserver.exe |
"TCP Query User{42445A78-9884-499E-9C6C-863FBA24CFB5}D:\hl\hl.exe" = protocol=6 | dir=in | app=d:\hl\hl.exe |
"TCP Query User{437BB0C2-64B7-4FD7-9E80-A11A6A002A02}D:\wow\0.4.0.5\worldserver.exe" = protocol=6 | dir=in | app=d:\wow\0.4.0.5\worldserver.exe |
"TCP Query User{4431E5FA-217F-4DC4-A5DB-C88D51AA7046}D:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"TCP Query User{4B0E9F51-CE77-49D4-902F-B7C0EAD34CCE}D:\ef2\ef2.exe" = protocol=6 | dir=in | app=d:\ef2\ef2.exe |
"TCP Query User{4DC73254-862B-49FE-8B91-3EAABB8958C8}D:\dc_universe\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=d:\dc_universe\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{516C74DD-220D-49CE-8242-9375BBF58B44}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
"TCP Query User{5A9EA75B-5152-4564-A439-32E912D3AE64}D:\medal of honor pacific assault(tm)\mohpa.exe" = protocol=6 | dir=in | app=d:\medal of honor pacific assault(tm)\mohpa.exe |
"TCP Query User{5E9005F6-0EC5-4DB0-BD77-DA61BC915CAF}D:\wow\server\0.3.7.5\diamond-realmserver.exe" = protocol=6 | dir=in | app=d:\wow\server\0.3.7.5\diamond-realmserver.exe |
"TCP Query User{640CEA43-5D23-4938-B830-A08CFD0FA256}D:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"TCP Query User{6711FDE9-3126-44A9-AAC9-A947DD5A28D2}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{69117C01-48BA-4BAF-995F-FA2374F3B75E}D:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
"TCP Query User{6D7623D8-5B86-4908-9E9F-F36057AEB316}D:\wow-server\askyfire x64\authserver.exe" = protocol=6 | dir=in | app=d:\wow-server\askyfire x64\authserver.exe |
"TCP Query User{6F212778-9578-45D4-9828-9ADFEC8AAA3C}D:\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{7022331F-DA15-470F-9503-C573FCBA54DE}D:\wow\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=d:\wow\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"TCP Query User{7279628F-613E-4BB0-ACEA-1A531C56CF0E}D:\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\world_of_tanks\wotlauncher.exe |
"TCP Query User{74BA5508-321B-4E8F-9CC9-012D06C85E7A}G:\hendrik\blobby\volley.exe" = protocol=6 | dir=in | app=g:\hendrik\blobby\volley.exe |
"TCP Query User{772EE8E1-98A9-4759-9FAD-5D77BE342F1A}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{8143C6A6-C85F-42C8-83D0-8B414FB70977}J:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"TCP Query User{81AAB016-1FE4-41A2-B3CF-6049BFCF0445}D:\wow-server\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\wow-server\server\mysql\bin\mysqld.exe |
"TCP Query User{82CD20FA-833B-4826-9582-89370ED4CA3D}D:\wow\novo's easy wow server\0.4.1\logonserver.exe" = protocol=6 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\logonserver.exe |
"TCP Query User{863AF03C-041A-4837-B1F7-84502E07C200}C:\program files (x86)\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\bin\javaw.exe |
"TCP Query User{873EB20A-10FF-4A0C-81BA-3C1B17FBEA49}C:2\wow-cata\_server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:2\wow-cata\_server\mysql\bin\mysqld.exe |
"TCP Query User{882FC0D6-E9B2-4D10-A39B-F62162B99824}D:\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\world_of_tanks\worldoftanks.exe |
"TCP Query User{88A444CD-FEC6-4AF4-816B-86F3AA6EE02B}J:\wow\0.4.0.5\logonserver.exe" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\logonserver.exe |
"TCP Query User{8A6ACECE-EA06-4AB8-B07D-4537E43C4737}D:\wow\server\0.3.7.5\diamond-worldserver.exe" = protocol=6 | dir=in | app=d:\wow\server\0.3.7.5\diamond-worldserver.exe |
"TCP Query User{8FAE7203-A0F4-472A-A125-1C001B0913B9}D:\wow\server\0.3.7.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=d:\wow\server\0.3.7.5\udrive\usr\local\apache2\bin\apache_16.exe |
"TCP Query User{920331A5-3FE8-4750-9FC4-B0A081CB968A}D:\wow\0.4.3\authserver.exe" = protocol=6 | dir=in | app=d:\wow\0.4.3\authserver.exe |
"TCP Query User{931675D2-EEAF-4A10-9A77-EFF3266E5E31}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"TCP Query User{9AF4FF6A-95F2-4FA8-8DBB-CF98131CE98B}J:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe |
"TCP Query User{9CA4A17D-DE0C-4669-8B62-94A9304546A1}C:2\wow-cata\skyfireemu\worldserver.exe" = protocol=6 | dir=in | app=c:2\wow-cata\skyfireemu\worldserver.exe |
"TCP Query User{9E6253FD-4A69-40E6-A562-2BCFB675A2FE}E:\setup\dns-323_c1_fw_v1.08_easysearch_v4.7.0.0.exe" = protocol=6 | dir=in | app=e:\setup\dns-323_c1_fw_v1.08_easysearch_v4.7.0.0.exe |
"TCP Query User{9ECE2219-496A-4490-84BE-8882B3EB9AF0}D:\wow\server\0.3.7.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=d:\wow\server\0.3.7.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"TCP Query User{9F98570F-C36B-43D2-BFCD-E8690C0E387E}C:\program files (x86)\lan messenger\lanmessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lan messenger\lanmessenger.exe |
"TCP Query User{A04B122F-9960-4C97-96C9-5ED5FAA47411}D:\010 data\downloads\tinyumbrella-4.21.02.exe" = protocol=6 | dir=in | app=d:\010 data\downloads\tinyumbrella-4.21.02.exe |
"TCP Query User{A12A3207-77EA-49E3-9B7E-3972FEE59DCD}D:\heavy metal - fakk2\fakk2.exe" = protocol=6 | dir=in | app=d:\heavy metal - fakk2\fakk2.exe |
"TCP Query User{A18F52E6-392D-4D0A-926A-4FC0C3EA9A4F}D:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=d:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"TCP Query User{A5E1DA70-92B4-4F20-9EF4-C06F26A5B0CB}C:\program files (x86)\r2 studios\tonic\tonic.exe" = protocol=6 | dir=in | app=c:\program files (x86)\r2 studios\tonic\tonic.exe |
"TCP Query User{A6385A6C-D492-4607-A462-DD23F32B058E}D:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{A77784C9-EB7F-4E03-AD65-56B40FD6A8C1}D:\050 programme\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\050 programme\xfire\xfire.exe |
"TCP Query User{AF791E76-8F06-4ADB-B863-A8450F41688A}J:\wow\0.4.0.5\worldserver.exe" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\worldserver.exe |
"TCP Query User{B17393EA-59F7-453F-8030-2EF67B60BC94}D:\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=d:\battlefield 1942\bf1942.exe |
"TCP Query User{B627CD92-7825-4135-A098-5F3F8E48B257}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{B944A103-E136-4FAB-9A28-ED17763F1A2F}C:\users\*****\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{BA2746C6-78B8-482F-BD41-38A56FAD7759}D:\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\mozilla firefox\firefox.exe |
"TCP Query User{BE403DD2-AF1F-48A8-B96E-3B925D6819D2}D:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=d:\unreal tournament 3 (lg)\binaries\ut3.exe |
"TCP Query User{C5D08BA9-E92F-46E0-9FF0-B62BBA1B9850}D:\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\flatout2\flatout2.exe |
"TCP Query User{C766B0B2-61D7-4F85-B466-7C2B7C93EEC8}D:\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=d:\planetside 2 psg\planetside2.exe |
"TCP Query User{CA6B6966-D62F-4729-A801-1B0D353A68BB}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{D7E749AD-59D6-4DB6-85F3-83A6E5E119A9}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{DA438CF3-C8C2-4EB3-8101-6D28E52E1AAA}D:\wow\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=d:\wow\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe |
"TCP Query User{DC71E5C7-319E-43F8-A606-A610F8CCA463}D:\wow\0.4.3\worldserver.exe" = protocol=6 | dir=in | app=d:\wow\0.4.3\worldserver.exe |
"TCP Query User{DD00A1CE-DBA3-44D1-A637-4B624188EADF}D:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=d:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe |
"TCP Query User{DECB31C9-6EED-4F40-8F40-1A4D33158382}D:\wow-server\askyfire x64\worldserver.exe" = protocol=6 | dir=in | app=d:\wow-server\askyfire x64\worldserver.exe |
"TCP Query User{EA5C2D92-56FE-40E9-BEBC-8B4D6C94F34C}D:\wow\0.4.0.5\logonserver.exe" = protocol=6 | dir=in | app=d:\wow\0.4.0.5\logonserver.exe |
"TCP Query User{EBAAA559-D6C0-4181-A55F-EFD17DF4D103}D:\cs1.6\hl.exe" = protocol=6 | dir=in | app=d:\cs1.6\hl.exe |
"TCP Query User{EF644ABC-B02A-47A8-BF8B-EE0A7DFF1F65}C:\program files (x86)\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe |
"TCP Query User{F20CF55B-8873-4C56-911E-D7A0D8AA532B}D:\ef2\ef2.exe" = protocol=6 | dir=in | app=d:\ef2\ef2.exe |
"TCP Query User{F3F9C46B-D06B-46B7-8995-159BDD8CFF38}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"TCP Query User{F42CFE0A-0C6C-4493-9017-E263554DBB55}C:2\wow-cata\skyfireemu\authserver.exe" = protocol=6 | dir=in | app=c:2\wow-cata\skyfireemu\authserver.exe |
"TCP Query User{F55E45A7-1676-4DB0-ADFD-A8B7286156DA}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{F64D7AE5-DFFB-4687-8300-A009F39CF6D6}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{F9B0220F-DE51-4065-9A8E-BE1D0CDC62B7}D:\050 programme\hdro\lotroclient.exe" = protocol=6 | dir=in | app=d:\050 programme\hdro\lotroclient.exe |
"TCP Query User{FC978267-936B-405A-836E-DB10F90F5A4F}D:\wow\novo's easy wow server\0.4.1\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{0378FFCC-D9D1-4D6D-9ED9-BF84F651D1A5}D:\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=d:\freeciv-2.2.5-gtk2\freeciv-server.exe |
"UDP Query User{03B92F12-E738-4F41-8F25-08C26B05E567}C:\users\*****\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"UDP Query User{03C45C33-5D05-44D9-B255-8D51B377DE14}D:\wow\novo's easy wow server\0.4.1\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{0945E339-D31C-4ED7-8906-644C71B4929B}C:\program files (x86)\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe |
"UDP Query User{0A75517C-19AB-45B9-A014-26E1E04DA770}D:\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=d:\battlefield 1942\bf1942.exe |
"UDP Query User{0BCCA90B-2117-44D7-961C-3BDEED9A03B8}D:\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\world_of_tanks\wotlauncher.exe |
"UDP Query User{0C84CAB2-4313-471F-89DA-B39A7461C075}D:\wow\0.4.3\authserver.exe" = protocol=17 | dir=in | app=d:\wow\0.4.3\authserver.exe |
"UDP Query User{1CCC3756-6575-4B65-B446-B5A6BE162488}D:\wow-server\askyfire x64\worldserver.exe" = protocol=17 | dir=in | app=d:\wow-server\askyfire x64\worldserver.exe |
"UDP Query User{1E57C07B-06DB-4915-8C03-9530110F44C6}D:\wow\server\0.3.7.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=d:\wow\server\0.3.7.5\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{1FAD9E8F-FF14-4311-B308-2D5012FB5B31}D:\heavy metal - fakk2\fakk2.exe" = protocol=17 | dir=in | app=d:\heavy metal - fakk2\fakk2.exe |
"UDP Query User{2014FB02-1FEF-4BFB-ADB0-2A44C36A1929}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{2097710E-D143-43D3-AED8-B9E54D8151EF}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{24C22941-0B32-4E4D-BCBD-DC229E8782B6}D:\wow\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=d:\wow\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{2623C2B0-BA29-40A5-85DE-51F9E1B2B2A3}D:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
"UDP Query User{276C3019-70B2-487E-BEF4-B3BCAF0E545C}D:\050 programme\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\050 programme\orbitdownloader\orbitnet.exe |
"UDP Query User{294054E8-6932-47E1-9D5C-96EE191EB83C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{2B15185E-A55F-4615-8545-67B2DA1DCC08}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
"UDP Query User{2D5F13CE-FE2D-4E6E-AFE0-5D38D8FCEBD4}D:\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\world_of_tanks\worldoftanks.exe |
"UDP Query User{2EC313EA-C5CE-4414-8956-955A11506514}D:\wow-server\askyfire x64\authserver.exe" = protocol=17 | dir=in | app=d:\wow-server\askyfire x64\authserver.exe |
"UDP Query User{34CBA6A7-267F-4A43-B081-04A387E4ED1F}C:2\wow-cata\skyfireemu\authserver.exe" = protocol=17 | dir=in | app=c:2\wow-cata\skyfireemu\authserver.exe |
"UDP Query User{3CF59400-CD19-4123-8C8B-D3BBA7041A84}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{3FC1D534-9F05-4AB7-9B07-BF87499FE33D}J:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{44B8E5F7-41D4-41F9-850E-643BB8C50A32}D:\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=d:\planetside 2 psg\planetside2.exe |
"UDP Query User{464C7EE4-BDEE-4ABA-9E72-C0A1B7FFE74B}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{4662ADB4-906B-445D-B9CC-6D3BAA157E35}D:\medal of honor pacific assault(tm)\mohpa.exe" = protocol=17 | dir=in | app=d:\medal of honor pacific assault(tm)\mohpa.exe |
"UDP Query User{4D731572-4E9E-4EDA-91FF-449705B3FA41}C:\program files (x86)\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe |
"UDP Query User{5143750A-E301-4008-BECD-2C6B35B5C2A1}D:\wow\novo's easy wow server\0.4.1\logonserver.exe" = protocol=17 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\logonserver.exe |
"UDP Query User{54B2DDC9-3B6E-4394-B1DB-0250526E9E7D}D:\ef2\ef2.exe" = protocol=17 | dir=in | app=d:\ef2\ef2.exe |
"UDP Query User{5931C5B3-22F2-491B-90A5-63A4AF17F8C7}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"UDP Query User{5A263DD4-FA53-4C47-8277-90CFFEA7EBC4}D:\wow-server\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\wow-server\server\mysql\bin\mysqld.exe |
"UDP Query User{5BCD487F-C949-4B7C-8584-6CB944970C50}J:\wow\0.4.0.5\logonserver.exe" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\logonserver.exe |
"UDP Query User{5DC097E9-B931-4D51-8579-25AB02E1760F}D:\wow\server\0.3.7.5\diamond-worldserver.exe" = protocol=17 | dir=in | app=d:\wow\server\0.3.7.5\diamond-worldserver.exe |
"UDP Query User{6B9289CD-B132-4125-9563-11FC30DD35CB}D:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"UDP Query User{6DB6B6A0-C99F-4279-A594-B9B24D69E658}D:\wow\novo's easy wow server\0.4.1\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{73C92451-4969-4F26-A2DD-5BD3310943DB}D:\wow\server\0.3.7.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=d:\wow\server\0.3.7.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{7443E884-40AF-45B4-B0FF-9890950F0497}D:\hl\hl.exe" = protocol=17 | dir=in | app=d:\hl\hl.exe |
"UDP Query User{85AB6BDD-D36B-4793-ADE3-64FED6F728FD}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{85B56604-CE5A-4BB9-9F1D-85909178C8B9}D:\wow\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=d:\wow\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{8BDAC1B0-D52C-4050-B4CF-994CACB79394}J:\wow\0.4.0.5\worldserver.exe" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\worldserver.exe |
"UDP Query User{8C453E58-7536-46F8-9D55-1A493E6C01E4}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{90D164C4-2EB1-48DB-A4D2-51A4CBB0FADC}D:\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{93F34585-7769-4C19-B792-B393E057CAC8}D:\heavy metal - fakk2\fakk2.exe" = protocol=17 | dir=in | app=d:\heavy metal - fakk2\fakk2.exe |
"UDP Query User{9BAD88DB-FE23-4B7C-A395-0E15E0AA0972}D:\wow\novo's easy wow server\0.4.1\worldserver.exe" = protocol=17 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\worldserver.exe |
"UDP Query User{9D06426D-1433-40A9-B78E-DCB94EA624AD}C:\program files (x86)\lan messenger\lanmessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lan messenger\lanmessenger.exe |
"UDP Query User{A1421BA6-23D9-456E-A449-837B52EF265F}D:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=d:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{A28BD07F-88BA-4251-AEDF-56883C43D741}D:\cs1.6\hl.exe" = protocol=17 | dir=in | app=d:\cs1.6\hl.exe |
"UDP Query User{A3DAAFF4-633C-483D-B312-93B6B2CF1BF9}D:\050 programme\hdro\lotroclient.exe" = protocol=17 | dir=in | app=d:\050 programme\hdro\lotroclient.exe |
"UDP Query User{A5063601-C1D9-4713-B404-B5601D52D020}D:\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\flatout2\flatout2.exe |
"UDP Query User{AA066EB1-5D9A-4A81-AD7F-5D386D2FE571}D:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"UDP Query User{AC0F8CBE-A15F-47C2-8E2E-1E84A487D58B}G:\hendrik\blobby\volley.exe" = protocol=17 | dir=in | app=g:\hendrik\blobby\volley.exe |
"UDP Query User{B1028C9F-D566-4D31-81A6-CB4AC03F169B}C:2\wow-cata\skyfireemu\worldserver.exe" = protocol=17 | dir=in | app=c:2\wow-cata\skyfireemu\worldserver.exe |
"UDP Query User{B6333C6A-F497-4DA1-9270-29B89EFB7506}C:\program files (x86)\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\bin\javaw.exe |
"UDP Query User{B6D4DDB3-5808-426D-A95B-C7D5961C2060}C:2\wow-cata\_server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:2\wow-cata\_server\mysql\bin\mysqld.exe |
"UDP Query User{BBE60C33-C971-46BE-A4A7-21DCD9AB5122}D:\ef2\ef2.exe" = protocol=17 | dir=in | app=d:\ef2\ef2.exe |
"UDP Query User{C4C0BBF3-EDD8-44D4-8FB7-B07B6F78DE93}D:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=d:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{C520F9D7-C212-430A-9796-F7A6E93813A6}D:\050 programme\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\050 programme\xfire\xfire.exe |
"UDP Query User{C66A06E2-F910-40BA-B454-7536E057664C}D:\wow\0.4.0.5\logonserver.exe" = protocol=17 | dir=in | app=d:\wow\0.4.0.5\logonserver.exe |
"UDP Query User{C6F98C9A-CD4C-4FA3-B220-8D1FB074F361}D:\010 data\downloads\tinyumbrella-4.21.02.exe" = protocol=17 | dir=in | app=d:\010 data\downloads\tinyumbrella-4.21.02.exe |
"UDP Query User{C8395088-A96E-4B77-A933-28FA29A75620}C:\program files (x86)\r2 studios\tonic\tonic.exe" = protocol=17 | dir=in | app=c:\program files (x86)\r2 studios\tonic\tonic.exe |
"UDP Query User{CA3312A8-2888-4617-8AB1-FBC6D31F2121}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"UDP Query User{D0F75C32-73CC-4176-B02F-7ACD65F321F0}D:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=d:\unreal tournament 3 (lg)\binaries\ut3.exe |
"UDP Query User{D1F953A4-2BB3-4033-B1C1-F2575271DA87}D:\wow\server\0.3.7.5\diamond-realmserver.exe" = protocol=17 | dir=in | app=d:\wow\server\0.3.7.5\diamond-realmserver.exe |
"UDP Query User{D52DA1AC-376F-4B03-9CA0-961793ABF86E}C:\users\*****\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{D5F8CAAF-BBC6-44C4-BB1D-7E93D5F796F8}J:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{DB3D6F39-98E0-4CC4-9C00-2CF8F2F53F34}D:\010 data\fritzbox\fritz.box_wlan_7390_84.04.84.recover-image.exe" = protocol=17 | dir=in | app=d:\010 data\fritzbox\fritz.box_wlan_7390_84.04.84.recover-image.exe |
"UDP Query User{DF02AA83-A4A3-48E4-8F0A-4FAB9593A8D9}D:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\blizzard downloader.exe |
"UDP Query User{DF8992F4-FCA8-4B73-A22D-152C3CC7A13C}D:\wow\0.4.3\worldserver.exe" = protocol=17 | dir=in | app=d:\wow\0.4.3\worldserver.exe |
"UDP Query User{E35F21C2-D74A-4E26-8DBF-62E107F2FF18}E:\setup\dns-323_c1_fw_v1.08_easysearch_v4.7.0.0.exe" = protocol=17 | dir=in | app=e:\setup\dns-323_c1_fw_v1.08_easysearch_v4.7.0.0.exe |
"UDP Query User{E4C1FC88-1677-4429-B7B2-12EA12135A52}D:\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\mozilla firefox\firefox.exe |
"UDP Query User{EA9BD6D1-BB17-495D-8262-B4540448DFA6}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{F04E61F7-B23E-4134-A646-0CB7F5791EE6}C:\program files (x86)\qnap\qget\qget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\qget\qget.exe |
"UDP Query User{F20E25B7-CF60-46C4-8E4A-962B76D2E939}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{F4613CB1-47CB-4A45-9980-C9315C9A1487}D:\wow\0.4.0.5\worldserver.exe" = protocol=17 | dir=in | app=d:\wow\0.4.0.5\worldserver.exe |
"UDP Query User{F7472F85-D99D-4035-8AE9-3CAA14711AA7}D:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{F759015D-2D73-4936-8232-BCB4CC87C66E}D:\dc_universe\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=d:\dc_universe\unreal3\binaries\win32\dcgame.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{042B10AA-8233-A9E0-4DEB-B7253C686DBB}" = AMD Fuel
"{0874D757-6DE9-31B9-BA0B-2299F3A144C0}" = Microsoft Windows SDK .NET Framework Tools (40715)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{22D02951-5B4C-36FD-801E-ACB3595760B4}" = Microsoft Windows SDK for Windows 7 Samples (40715)
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3607CBFF-3DC7-35E2-A78C-2A3BE1B72022}" = Microsoft Windows SDK for Windows 7 .NET Documentation (40715)
"{361A49FA-59B3-49FB-8C3E-08AF3EA5791A}" = Application Verifier (x64)
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4515E93F-DBE9-3A97-B2C5-AD414A02B261}" = Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5DF57DB1-D971-3DA3-B4BB-F6FC7D73A997}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{698DEE97-5A35-3C60-960F-9FB9C58F4A3B}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{84057C9C-2F85-4C67-A035-FD75FFE2DE88}" = Logitech Gaming Software 5.09
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{965DF723-5688-359E-84D2-417CAFE644B5}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
"{A61AE368-B88C-414C-9118-503EECFC3AC8}_is1" = Photo Toolbox for Windows version 1.12.3.1
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{AF51A2B6-3AAF-46C5-36A7-0E78B2D23E3E}" = ccc-utility64
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8C39B37-502F-5D99-A1A4-1D810CE3112F}" = AMD AVIVO64 Codecs
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D9DF0B85-BEC1-439F-ABFE-76C386A69A05}" = Oracle VM VirtualBox 4.1.12
"{DE2C9D5F-C55C-30E8-9322-2B8E8B5DF87C}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{ED066E02-C49A-D5D9-7ACD-1014EB7571D1}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"HyperCam 2" = HyperCam 2
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0180F30F-52A8-4414-8E3B-931917211845}" = AquaSoft DiaShow Studio 6
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08F86AD1-116C-4105-8A0E-3B6A736448BE}}_is1" = Total Video Player 6.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{11D32157-138C-4F8F-96C7-8B3041C17C21}" = 3DCrafter
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{394DC0BC-5476-4260-B52C-BDE1BDEFA958}" = Unreal Tournament 2004
"{39B8EE1D-82D5-4DF0-A619-2C84844254D1}_is1" = MCSkin3D version 1.4
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{44D9A2CB-0692-3180-B5E2-26F4E807D067}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4ED980CB-C288-6A80-A3EA-AEECC543058B}" = Application Profiles
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{74D21920-3B72-494F-9042-8C26E1E99FDC}" = Garmin City Navigator Europe NT 2011.10
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789C43A9-4FD7-456B-8E27-5CE442FF3005}_is1" = Split Second Velocity 1.0
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{8C06EE31-AE51-4589-B53F-1406F6BBA229}" = F.E.A.R. Ultimate Shooter Edition - F.E.A.R. 2
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B39004-8748-435E-A4C2-BE983B4C737B}" = Heavy Metal - FAKK2
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B235AB91-08A9-4DED-9DE0-B9594A5F7DCF}" = UltraEdit 16.20
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F33FFAC2-9E40-4DB0-B52D-AF1FF17B3493}" = windata@home
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.07.00.8037
"7ADDFD5C-0F12-4D5F-8AFD-BEF43762129D" = Lan Messenger
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Ashampoo Slideshow Studio Elements_is1" = Ashampoo Slideshow Studio Elements 2.0.1
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.50
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BrickForce" = BrickForce 1.9.87
"FileZilla Client" = FileZilla Client 3.3.5.1
"FormatFactory" = FormatFactory 2.60
"Free Video Dub_is1" = Free Video Dub version 2.0.16.1212
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"IcoFX_is1" = IcoFX 1.6.4
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"MakeMKV" = MakeMKV v1.7.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.46a
"No23 Recorder" = No23 Recorder
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"Origin" = Origin
"Paint Shop Pro 5.01" = Paint Shop Pro 5.01 CD
"Password Safe" = Password Safe
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 10.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PuTTY_is1" = PuTTY version 0.60
"QNAP_FINDER" = QNAP Finder
"RADVideo" = RAD Video Tools
"Scratch" = Scratch
"SMPlayer" = SMPlayer 0.6.9
"Star Trek Elite Force II" = Star Trek Elite Force II
"Steam App 34830" = Sniper: Ghost Warrior
"Steam App 50620" = Darksiders
"Steam App 57900" = Duke Nukem Forever
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"TT-Viewer_is1" = Technotrend Viewer
"TuneUp Utilities" = TuneUp Utilities
"TwonkyBeam for Firefox" = TwonkyBeam for Firefox
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGDB3" = WinGDB3 3.62
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"AquaSoft DiaShow Studio 6" = AquaSoft DiaShow Studio 6
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Move Media Player" = Move Media Player
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"SOE-C:/Users/*****/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live (2)" = DC Universe Online Live (2)
"SOE-DC Universe Online Live PSG (2)" = DC Universe Online Live (2)
"UnityWebPlayer" = Unity Web Player
"XBMC" = XBMC
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.07.2011 09:59:20 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.07.2011 13:43:23 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.07.2011 13:43:23 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.07.2011 13:43:23 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.07.2011 13:43:23 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.07.2011 13:43:23 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.07.2011 13:43:23 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.07.2011 13:43:23 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.07.2011 13:43:23 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.07.2011 13:43:23 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ Media Center Events ]
Error - 07.11.2012 00:24:35 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 05:24:17 - Fehler beim Herstellen der Internetverbindung. 05:24:17
- Serververbindung konnte nicht hergestellt werden..
Error - 07.12.2012 00:32:27 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 05:32:27 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 16.12.2012 00:12:45 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 05:12:45 - Fehler beim Herstellen der Internetverbindung. 05:12:45
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 00:13:08 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 05:12:50 - Fehler beim Herstellen der Internetverbindung. 05:12:50
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 01:13:42 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 06:13:42 - Fehler beim Herstellen der Internetverbindung. 06:13:42
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 01:13:55 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 06:13:47 - Fehler beim Herstellen der Internetverbindung. 06:13:47
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 02:14:28 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 07:14:28 - Fehler beim Herstellen der Internetverbindung. 07:14:28
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 02:14:41 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 07:14:33 - Fehler beim Herstellen der Internetverbindung. 07:14:33
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 03:15:14 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 08:15:14 - Fehler beim Herstellen der Internetverbindung. 08:15:14
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 03:15:27 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 08:15:19 - Fehler beim Herstellen der Internetverbindung. 08:15:19
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 20.01.2013 09:33:37 | Computer Name = Gollum | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 20.01.2013 09:36:08 | Computer Name = Gollum | Source = DCOM | ID = 10010
Description =
Error - 23.01.2013 12:18:30 | Computer Name = Gollum | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 02.02.2013 12:21:33 | Computer Name = Gollum | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?02.?2013 um 17:16:55 unerwartet heruntergefahren.
Error - 02.02.2013 12:21:35 | Computer Name = Gollum | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FABS - Helping agent for MAGIX media database" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2
Error - 03.02.2013 15:54:56 | Computer Name = Gollum | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 03.02.2013 15:54:57 | Computer Name = Gollum | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 03.02.2013 15:54:57 | Computer Name = Gollum | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 05.02.2013 14:24:06 | Computer Name = Gollum | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
Error - 05.02.2013 14:43:16 | Computer Name = Gollum | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FABS - Helping agent for MAGIX media database" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2
< End of report >
|
|
08.02.2013, 17:56
| #7 |
| | TR/Agent.10512429.1 und Win32/Agent.SZW trojan versehentlicher Doppelpost -> gelöscht |
|
10.02.2013, 21:32
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.10512429.1 und Win32/Agent.SZW trojanCode:
ATTFilter Scan Mode: Current user
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.02.2013, 13:51
| #9 |
| | TR/Agent.10512429.1 und Win32/Agent.SZW trojan Hallo cosinus, der neue Scan ist mit der Option "Scanne alle Benutzer" erfolgt. Außer meinem normalen (in den Scans als "<User 1>" zu finden) gibt es nur noch einen weiteren angelegten Account. Dessen Username taucht in den Scans allerdings nicht auf. OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.02.2013 12:45:11 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = D:\050 Programme 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 4,95 Gb Available Physical Memory | 61,91% Memory free 16,00 Gb Paging File | 12,14 Gb Available in Paging File | 75,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 354,15 Gb Free Space | 76,05% Space Free | Partition Type: NTFS Drive D: | 1863,01 Gb Total Space | 1400,99 Gb Free Space | 75,20% Space Free | Partition Type: NTFS Drive E: | 14,92 Gb Total Space | 2,87 Gb Free Space | 19,22% Space Free | Partition Type: FAT32 Computer Name: GOLLUM | User Name: <User 1> | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe (Adobe Systems, Inc.) PRC - D:\050 Programme\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\050 Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - D:\050 Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - D:\050 Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE (Microsoft Corporation) PRC - D:\Star Wars-The Old Republic\launcher.exe (BioWare) PRC - C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net) PRC - C:\PROGRA~2\MIF5BA~1\Office14\POWERPNT.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - D:\Star Wars-The Old Republic\libcef.dll () MOD - D:\Star Wars-The Old Republic\avutil-51.dll () MOD - D:\Star Wars-The Old Republic\avcodec-53.dll () MOD - D:\Star Wars-The Old Republic\avformat-53.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- D:\050 Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- D:\050 Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys File not found DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (TTUSB2BDA_NTAMD64) -- C:\Windows\SysNative\drivers\ttusb2bda_amd64.sys (TechnoTrend GmbH) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (nm3) -- C:\Windows\SysNative\drivers\nm3.sys (Microsoft Corporation) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\drivers\IT9135BDA.sys (ITE ) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (CLBStor) -- C:\Windows\SysNative\drivers\CLBStor.sys (Cyberlink Co.,Ltd.) DRV:64bit: - (CLBUDF) -- C:\Windows\SysNative\drivers\CLBUDF.sys (CyberLink Corporation.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek) DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (SIoctl) -- C:\Windows\SysNative\drivers\sioctl.sys () DRV:64bit: - (SaiUA501) -- C:\Windows\SysNative\drivers\SaiUA501.sys (Saitek) DRV:64bit: - (SaiHA501) -- C:\Windows\SysNative\drivers\SaiHA501.sys (Saitek) DRV:64bit: - (SaiLA501) -- C:\Windows\SysNative\drivers\SaiLA501.sys (Saitek) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://bigsap.mt-ag.com/?sap-client=100&sap-language=DE IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 CB 8A A5 D5 54 CB 01 [binary data] IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..\SearchScopes\{C91D1007-9645-4E01-9312-1B1241E133FD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..network.proxy.backup.ftp: "94.242.237.111" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.socks: "94.242.237.111" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "94.242.237.111" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "80.79.179.10" FF - prefs.js..network.proxy.ftp_port: 8181 FF - prefs.js..network.proxy.http: "80.79.179.10" FF - prefs.js..network.proxy.http_port: 8181 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "80.79.179.10" FF - prefs.js..network.proxy.socks_port: 8181 FF - prefs.js..network.proxy.ssl: "80.79.179.10" FF - prefs.js..network.proxy.ssl_port: 8181 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\050 Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\<User 1>\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\<User 1>\AppData\LocalLow\Sony Online Entertainment\npsoe.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\<User 1>\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: D:\050 Programme\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.11.10 08:51:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 05:48:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 05:48:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: D:\050 Programme\Mozilla Thunderbird\components [2013.01.20 15:54:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 05:48:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 05:48:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\050 Programme\Mozilla Thunderbird\components [2013.01.20 15:54:41 | 000,000,000 | ---D | M] [2012.02.15 22:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<User 1>\AppData\Roaming\mozilla\Extensions [2010.10.29 08:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<User 1>\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.02.10 07:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<User 1>\AppData\Roaming\mozilla\Firefox\Profiles\4vuj4m6d.default-1358689216201\extensions [2013.01.21 15:29:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\<User 1>\AppData\Roaming\mozilla\Firefox\Profiles\4vuj4m6d.default-1358689216201\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.01.21 15:17:24 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\<User 1>\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\extensions\firebug@software.joehewitt.com.xpi [2013.02.10 07:51:51 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\<User 1>\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\extensions\stealthyextension@gmail.com.xpi [2013.02.01 14:53:37 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\<User 1>\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.21 15:29:49 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\<User 1>\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.02.06 05:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.06 05:48:56 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.08 18:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 06:29:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.08 18:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 18:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 18:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 18:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.10.10 08:40:15 | 000,000,856 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Lan Messenger] C:\Program Files (x86)\Lan Messenger\LANmessenger.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001..\Run: [Thunderbird] D:\050 Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\<User 1>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\<User 1>\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () O4 - Startup: C:\Users\test_me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..Trusted Domains: noventum.de ([intranet] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..Trusted Domains: noventum.de ([webmail] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59935ACC-42F2-49CA-882A-82F442901438}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{80337a3d-e33c-11de-8992-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{80337a3d-e33c-11de-8992-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOPLAY.EXE id=10000017000015000002 ver=1.0.0.0 O33 - MountPoints2\{80337a3e-e33c-11de-8992-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{80337a3e-e33c-11de-8992-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk /r \??\I:) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.10 07:47:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.02.10 07:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013.02.10 07:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.02.10 07:45:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.02.10 07:43:58 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2013.02.10 07:42:08 | 000,000,000 | ---D | C] -- C:\Users\<User 1>\13-1-legacy_vista_win7_win8_64_dd_ccc [2013.02.07 17:48:23 | 000,000,000 | ---D | C] -- C:\Users\<User 1>\Desktop\MalwareBytes AntiRootKit [2013.02.06 05:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.05 22:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.05 22:37:59 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.05 22:37:02 | 000,000,000 | ---D | C] -- C:\Users\<User 1>\AppData\Local\Programs [2013.01.28 08:45:50 | 000,000,000 | -H-D | C] -- C:\Users\<User 1>\Documents\Freemake_do_not_remove_this_folder634949595504130860 [2013.01.23 14:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics [2013.01.23 14:05:45 | 000,000,000 | ---D | C] -- C:\Users\<User 1>\AppData\Roaming\LifeSniffer [2013.01.22 08:23:44 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.22 08:23:44 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.22 08:23:44 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.20 14:40:20 | 000,000,000 | ---D | C] -- C:\Users\<User 1>\Desktop\Alte Firefox-Daten [2013.01.19 19:06:00 | 000,000,000 | -H-D | C] -- C:\Users\<User 1>\Documents\Freemake_do_not_remove_this_folder634942191602626953 [2013.01.18 02:09:12 | 000,000,000 | -H-D | C] -- C:\Users\<User 1>\Documents\Freemake_do_not_remove_this_folder634940717523095703 [2013.01.17 18:16:31 | 000,000,000 | -H-D | C] -- C:\Users\<User 1>\Documents\Freemake_do_not_remove_this_folder634940433913515625 [2013.01.16 08:41:36 | 000,000,000 | ---D | C] -- C:\Users\<User 1>\Documents\Star Wars - The Old Republic [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.11 12:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.11 11:55:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.10 18:55:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.10 07:45:45 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 07:45:45 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 01:05:27 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.10 01:05:27 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.08 19:24:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.08 19:24:14 | 2147,131,391 | -HS- | M] () -- C:\hiberfil.sys [2013.02.08 17:16:06 | 000,000,877 | ---- | M] () -- C:\Users\<User 1>\Desktop\OTL.lnk [2013.02.08 17:14:54 | 001,830,996 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.08 17:14:54 | 000,774,056 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.08 17:14:54 | 000,727,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.08 17:14:54 | 000,178,632 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.08 17:14:54 | 000,150,828 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.05 19:49:16 | 000,001,409 | ---- | M] () -- C:\Users\<User 1>\Desktop\Shell.lnk [2013.01.23 14:05:48 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Photo Toolbox.lnk [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.08 17:16:06 | 000,000,877 | ---- | C] () -- C:\Users\<User 1>\Desktop\OTL.lnk [2013.02.05 19:38:31 | 000,001,409 | ---- | C] () -- C:\Users\<User 1>\Desktop\Shell.lnk [2013.01.23 14:05:48 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Photo Toolbox.lnk [2012.12.15 00:19:04 | 000,053,248 | ---- | C] () -- C:\Windows\exitwx.exe [2012.11.05 01:01:54 | 001,482,752 | ---- | C] ( ) -- C:\Windows\SysWow64\pnen3260.dll [2012.11.05 01:01:54 | 000,548,940 | ---- | C] ( ) -- C:\Windows\SysWow64\raac.dll [2012.11.05 01:01:54 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\vidsite.dll [2012.11.05 01:01:54 | 000,184,320 | ---- | C] ( ) -- C:\Windows\SysWow64\rmfformat.dll [2012.11.05 01:01:54 | 000,159,744 | ---- | C] ( ) -- C:\Windows\SysWow64\rvrender.dll [2012.11.05 01:01:54 | 000,159,744 | ---- | C] ( ) -- C:\Windows\SysWow64\rarender.dll [2012.11.05 01:01:54 | 000,086,016 | ---- | C] ( ) -- C:\Windows\SysWow64\smplfsys.dll [2012.11.05 01:01:54 | 000,077,824 | ---- | C] ( ) -- C:\Windows\SysWow64\ramrender.dll [2012.11.05 01:01:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\SysWow64\rv40.dll [2012.11.05 01:01:54 | 000,031,744 | ---- | C] ( ) -- C:\Windows\SysWow64\ramfformat.dll [2012.11.05 01:01:53 | 000,548,919 | ---- | C] ( ) -- C:\Windows\SysWow64\colorcvt.dll [2012.11.05 01:01:53 | 000,045,056 | ---- | C] ( ) -- C:\Windows\SysWow64\authmgr.dll [2012.11.05 01:01:53 | 000,044,032 | ---- | C] ( ) -- C:\Windows\SysWow64\clntxres.dll [2012.10.27 10:12:28 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012.09.14 13:51:23 | 000,286,720 | ---- | C] ( ) -- C:\Windows\SysWow64\drvc.dll [2012.09.14 13:51:23 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.08.06 17:09:23 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2012.07.18 08:33:31 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2012.04.18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.05 23:08:30 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.03.05 23:08:30 | 000,000,342 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.06 08:15:29 | 000,000,094 | ---- | C] () -- C:\Users\<User 1>\AppData\Local\fusioncache.dat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.29 11:53:18 | 000,000,600 | ---- | C] () -- C:\Users\<User 1>\AppData\Local\PUTTY.RND [2011.06.23 13:30:58 | 000,000,150 | ---- | C] () -- C:\Windows\Sierra.ini [2011.06.23 13:27:34 | 000,006,900 | ---- | C] () -- C:\Users\<User 1>\AppData\Roaming\.freeciv-client-rc-2.2 [2011.05.20 07:20:07 | 000,007,629 | ---- | C] () -- C:\Users\<User 1>\AppData\Local\Resmon.ResmonCfg [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.06 12:34:03 | 000,000,030 | ---- | C] () -- C:\Windows\Caligari.ini [2011.03.06 12:22:56 | 000,000,173 | ---- | C] () -- C:\Users\<User 1>\AppData\Local\msmathematics.qat.<User 1> [2011.02.10 19:47:36 | 000,000,080 | ---- | C] () -- C:\Users\<User 1>\AppData\Local\CrystalDiskMark30.ini [2011.01.15 21:02:19 | 000,030,720 | ---- | C] () -- C:\Users\<User 1>\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.05 17:21:32 | 000,117,997 | ---- | C] () -- C:\Users\<User 1>\GPUObserver36c.gadget [2010.01.24 23:08:31 | 000,172,052 | ---- | C] () -- C:\Users\<User 1>\Auftrag_Uebertragung_Konten_Depots_AWD.pdf ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\<User 1>\Downloads:Shareaza.GUID @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F9819010 < End of report > |
|
11.02.2013, 13:52
| #10 |
| | TR/Agent.10512429.1 und Win32/Agent.SZW trojan Extras.Txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.02.2013 12:45:11 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\050 Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 4,95 Gb Available Physical Memory | 61,91% Memory free
16,00 Gb Paging File | 12,14 Gb Available in Paging File | 75,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 354,15 Gb Free Space | 76,05% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1400,99 Gb Free Space | 75,20% Space Free | Partition Type: NTFS
Drive E: | 14,92 Gb Total Space | 2,87 Gb Free Space | 19,22% Space Free | Partition Type: FAT32
Computer Name: GOLLUM | User Name: <User 1> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2980863505-4143529224-1025148377-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- D:\050 Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- D:\050 Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- D:\050 Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AA25DE-D5D0-41B1-A452-DF03949BE235}" = lport=137 | protocol=17 | dir=in | app=system |
"{0265F650-76AE-4231-A853-977239AC6DE5}" = lport=445 | protocol=6 | dir=in | app=system |
"{100C0F94-FEEB-44EB-98A9-709E3BEBD2FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{18AFAC61-47AB-45B1-87BD-57756A028176}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{26B16104-4A56-4854-BBA3-67A1518AB802}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{29F7C906-99EF-41AF-89DD-67C71FE68D8D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp5c\wnt500x64\rpcsandrasrv.exe |
"{2AD5A567-9395-46C2-B85B-468243A0CE97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EEB4CCD-47F9-4A90-8164-25860C0E0BEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{38D48A0C-5B0F-426F-9D51-C4010D68815E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{437932CF-E479-45EE-9A1C-ABA26FDB7B9A}" = rport=138 | protocol=17 | dir=out | app=system |
"{456827F3-9AB9-4F36-82D2-DA941BE24231}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DCC4FD8-6AA8-4D89-92D2-C9AB6EA6382D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53945C0D-DF86-469C-AB40-834EE0B1E7B5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5FABD89D-642F-434E-B943-1B1C9EB634AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{61328E19-EF26-418C-8B04-FD4A5CCC2128}" = rport=137 | protocol=17 | dir=out | app=system |
"{65B204E0-95CA-4C20-9E52-8D4298AC54D2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A7D7DE2-5E25-4D1A-A075-7D5E72948926}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D93B572-261C-416E-9184-1805FA5F05E0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{704FA7C1-7E80-4362-B6AE-B973CD5B7F6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{7FD9417A-A8C0-4334-891D-886185073CF7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{84E208C1-27F2-4E3D-AFBD-3EAEC1E23A87}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8A985D90-30FA-4FBF-9EC8-EE45BADF2DFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9593929B-9F55-4D8F-AB1D-E2A877DF73E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98B6186C-9B9E-4648-B738-C54304831471}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0BC6458-C04B-44F7-99EA-57AEB3663AA8}" = rport=139 | protocol=6 | dir=out | app=system |
"{AED52D09-5B98-4A0E-A53F-AA84F37D4DA7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9F88974-11AB-4BA1-AAE3-5878225DE5F8}" = lport=139 | protocol=6 | dir=in | app=system |
"{BC743F4C-70F1-41F5-BD4C-7428F0A75C62}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BD0D79FD-DF0C-47EE-B270-17341A4CD97A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3381791-3FA7-4EBE-A153-94C6D19AE016}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E34D0333-4284-42BC-A06E-C8B8DF2147AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2253414-1C28-4F12-AA2C-6AD77296B2E8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{F304F028-E54E-4985-BD1D-1391BAE6425E}" = lport=138 | protocol=17 | dir=in | app=system |
"{F484974A-D6E5-4D09-B507-82D0DE149B56}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FEE7250C-714A-498E-B698-70A2CBD34665}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B45EA1-5F9C-4785-82C5-1863E3EFF803}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{0295CA23-0ACF-4C9C-A2D8-838753075FD0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{03E26364-5C52-406E-A68A-F903C1A1B188}" = protocol=17 | dir=in | app=c:\program files (x86)\lan messenger\lanmessenger.exe |
"{04023181-226B-4B62-8AA5-A9EADD9EC37D}" = protocol=17 | dir=in | app=d:\dirt2\dirt2_game.exe |
"{091F7A2F-33B6-430F-8DE5-556B082A5DC6}" = protocol=6 | dir=in | app=d:\dc_universe\unreal3\binaries\win32\dcgame.exe |
"{0A52CE69-41F4-475C-A9E3-FA463D096800}" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"{0AAB230D-58B6-4CF6-A555-D6DE8F28FD8E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0C9DC57B-FC15-49AE-974E-C6054790F733}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe |
"{0CDC599A-B83D-488A-A796-B9E6695BB5AE}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{1005835C-17F1-4628-BAC1-4030D526F24E}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{138AAB50-7E00-425C-A74D-F0A888625B9D}" = protocol=6 | dir=in | app=d:\windata\home\windata.exe |
"{1513F1FA-8BC5-4361-A058-31ECDB617DD6}" = protocol=6 | dir=in | app=c:\program files (x86)\java\bin\javaw.exe |
"{1D2C6610-2014-49BC-BB31-99FD954DFE21}" = dir=in | app=d:\brickforce\brickforce.exe |
"{1E4D8F63-CD56-4220-B6CB-F21ACA26DDF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2065086E-B0E0-4D3B-BB65-13BB0FE9E835}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{21658AAC-9B9C-4C16-8C34-F4DE399991E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{225BCEE7-7471-4F72-BB2A-2A81DCC2E9C6}" = protocol=6 | dir=in | app=d:\050 programme\hdro\lotroclient.exe |
"{2412EC6A-CD81-40AC-AFEA-13AC80803876}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{25452A60-152D-45FA-97CC-3169E5C89E42}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{25A7697F-F415-4D60-9766-209E55161A3F}" = protocol=6 | dir=in | app=c:\program files (x86)\lan messenger\lanmessenger.exe |
"{25A8E499-5961-42BD-9A5A-E1C4294C7C80}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe |
"{261D4DBE-E765-4EE7-9BB6-E384865A2260}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2846747E-EE7A-467D-928C-03FDD02424B9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{2BA7032C-8B35-4D43-998A-D4BCF415CFCB}" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"{2EF69720-029D-46AA-B441-A40DDB423CD0}" = protocol=6 | dir=in | app=d:\steam\steamapps\mjoelnir768\counter-strike\hl.exe |
"{30165FE6-DF1A-458B-B547-AB089A9A1788}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"{30232B65-C786-40B1-941B-16ECA589F5EE}" = protocol=17 | dir=in | app=d:\flatout2\flatout2.exe |
"{3318A121-D731-47EB-8230-CC46CC01164A}" = protocol=17 | dir=in | app=d:\050 programme\itunes\itunes.exe |
"{38E567D9-3192-427D-9243-38BB26693B7F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{3C3567FB-A1B5-4055-ABE8-4E75FB20F507}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"{3DCB21E9-D14C-4697-B23E-26D28389846A}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{3F03F0C6-2CC4-440E-B675-31B6B80E3F29}" = protocol=6 | dir=in | app=d:\world_of_tanks\worldoftanks.exe |
"{3FA15AD9-3FFA-4818-9216-A8FD502E8532}" = protocol=6 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
"{3FEBF336-27DB-4CBA-B6AD-CB2151AA7264}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{45185BED-8073-4979-A7BF-22D8BA41898A}" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"{46B5F0B2-ABEF-4741-836C-FE4FAAE9DD92}" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe |
"{46C88EE9-3358-4FE1-A7E5-A5D6BB8DF801}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{49B90570-512B-4409-88A2-F2B23D828A23}" = protocol=17 | dir=in | app=d:\wow\launcher.patch.exe |
"{4AFF7507-76CB-40A1-BA4A-3AFF851E5E32}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4B0E3083-EE6A-459A-BD60-A20E383171DE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{4C7D4DE2-49F7-440C-AA92-A9EEAA5ED5B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4CA0FCBF-B10E-4033-BE75-31A5485D2D6C}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{4D8DA9C3-9DEA-4249-845F-3463F5359DBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4DB835BF-ACA2-4DED-A412-302BA7942626}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{50A11388-B653-4BEE-A2A0-0B838BA03474}" = protocol=17 | dir=in | app=d:\wow\launcher.exe |
"{5290624B-F829-48E2-A8D7-2BF561BACE3E}" = protocol=6 | dir=in | app=d:\hl\hl.exe |
"{57BAFF80-4A60-4A3A-A0B6-0CA390133397}" = protocol=17 | dir=in | app=d:\050 programme\hdro\lotroclient.exe |
"{58005E44-896F-4B79-AF4D-B958DB278190}" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\worldserver.exe |
"{588552AC-60F2-4B38-AD32-51CB21E229F6}" = protocol=6 | dir=out | app=system |
"{59E02BF8-8C8A-48D2-A0B6-1662215A9EA1}" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe |
"{5B1008AA-60BE-4B3D-AD8F-7E955F233FA6}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{5BA98F6A-D047-4881-9C08-1CBB0E49452F}" = protocol=6 | dir=in | app=d:\world_of_tanks\wotlauncher.exe |
"{5D270158-F7E9-4F9B-8D86-4584602B9B31}" = protocol=6 | dir=in | app=d:\unreal tournament 3 (lg)\binaries\ut3.exe |
"{5F646B99-E347-4CCE-BEEC-D77B5913DC65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60A669B5-5CEC-4934-9991-830D4893FB5F}" = protocol=6 | dir=in | app=d:\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{61525796-1E92-4CFC-8B0E-29E0E08A7093}" = protocol=6 | dir=in | app=d:\wow\launcher.patch.exe |
"{63FB482B-89F3-4567-B2C2-9F4F0E645E10}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe |
"{6479E5CA-7348-4B70-8CC5-ABB13533F0C9}" = protocol=6 | dir=in | app=d:\flatout2\flatout2.exe |
"{664A447D-F2D3-4963-9BC1-BE72A8D67003}" = protocol=6 | dir=in | app=d:\wow\launcher.exe |
"{66907817-7424-4BE7-9D64-0952E2E35CC8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66A123D6-93DC-435F-9A16-FDDF0AD7DABB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6706DE52-F488-4290-B2F0-3299A3E294B9}" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe |
"{6ADE3B63-FF74-49B0-84BB-1232F22FD8EA}" = protocol=6 | dir=in | app=d:\dirt2\dirt2_game.exe |
"{6C6C1190-6541-4274-B359-2C9C52678CD1}" = protocol=17 | dir=in | app=d:\hl\hl.exe |
"{6E51F891-5A7F-4F43-9143-2168DC72F19B}" = protocol=17 | dir=in | app=d:\windata\home\windata.exe |
"{714A1D61-8168-4384-8C6A-6697521DF2EC}" = protocol=17 | dir=in | app=d:\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{718DD3A7-161C-45A4-A582-9A3C31C4398B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73AAE0ED-CB8B-4C82-9E23-310545D724B9}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{73E2A49B-0C75-4F5D-8B15-A6A24FCECEAA}" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\worldserver.exe |
"{757A42DE-EF6E-4E22-849E-CAF90D5D358C}" = protocol=17 | dir=in | app=d:\050 programme\xfire\xfire.exe |
"{77FF8CB2-844C-4353-A711-72242F89885B}" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"{78B55E3D-2EC1-42F9-94FF-21CF8AB93BE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EA30FD1-7C05-4BD0-8F8F-51B973E7C7E6}" = protocol=17 | dir=in | app=d:\world_of_tanks\wotlauncher.exe |
"{8170A411-8F49-4C0E-B936-CC45D246AB13}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{83D99F5E-22F5-4B74-BE59-2AC64945DCF5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{89C72BF1-40E3-4BD5-A23A-3FE803720B6B}" = protocol=17 | dir=in | app=d:\world_of_tanks\worldoftanks.exe |
"{8DE52DE9-1369-4713-B7A5-87395A56284B}" = protocol=17 | dir=in | app=d:\fear 2\fear2\fear2.exe |
"{92B763DB-7326-4C47-9BAC-F2F295949E96}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{961C89C5-C095-455B-A121-E70EEBA466A7}" = protocol=17 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
"{97FFBF78-CBBB-41C5-994A-0A2E87782936}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{98BC871F-B7A2-4B46-9A9B-3EAF1AB82F8B}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe |
"{990D0199-253A-4F48-86E6-1127F873F53C}" = protocol=17 | dir=in | name=minecraft_server |
"{9A131E4F-87FF-4271-90AF-7ECAED6A3EE7}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{A05324E2-9F71-4351-9CE5-58191CF4734D}" = protocol=6 | dir=in | app=d:\050 programme\xfire\xfire.exe |
"{A063388E-2AE6-4438-8A2B-8A7D290A6893}" = protocol=6 | dir=in | app=d:\grid\grid.exe |
"{A233E9F4-D52D-43BF-A610-B2743F5D9912}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"{A35F3293-763C-411B-9F33-8C1F63300B52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4639949-D15A-426C-AD8E-C56C35AE922F}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{A4BA07D6-B391-412B-9F2A-59AB759A523F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A592B40B-BD13-4A10-ADC4-A82F94E4C70F}" = dir=in | app=d:\minecraft_server\minecraft_server.exe |
"{A71A1618-4E23-491E-98E4-21B932FAEEA3}" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe |
"{A7291598-25C4-410B-BD83-424929B6022C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A94C8F11-48A1-457C-B7C1-D9AD62547F94}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{ADEB890D-44C8-41EA-89AF-E8500FB1FD8F}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{AF747E9E-9C10-44D8-A298-01558325D0F9}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{B00C84D4-2257-4040-8842-D0D0799B4F03}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B18F3377-C08C-48D7-99A6-2FFAB1CD0FCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B36971B9-830E-464F-A5B6-5DE119C9B20A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\darksiders\darksiderspc.exe |
"{B7284195-C806-4F2F-B242-CB1E8713BD06}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{B79ACD03-9E05-40D5-A92B-59F312A8C836}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B7FA9588-36EF-4FA2-8D13-5D7751719DD6}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{B8AD7C45-306E-4282-9A08-CB036192562B}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe |
"{BA55C98F-01CE-472D-B112-D0C0FBA99E57}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{BAB4A6F4-5773-43DA-97DD-93DEA5A1E725}" = protocol=17 | dir=in | app=c:\users\<User 1>\appdata\local\apps\2.0\0hajvwr9.gnv\4ecqbcb9.dxk\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{BAB93741-B4B2-4B7F-AA20-53762C7377BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBD6C707-2C14-4517-9EEA-9390496188D3}" = protocol=17 | dir=in | app=d:\steam\steamapps\mjoelnir768\counter-strike\hl.exe |
"{BC68809A-0013-4600-AE35-EF9A81AF856B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe |
"{BF4C86D1-C10F-46D1-98F1-208325FDB6D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BF64FA80-1393-4CB5-9365-A308B397DDEA}" = protocol=6 | dir=in | app=c:\users\<User 1>\appdata\local\apps\2.0\0hajvwr9.gnv\4ecqbcb9.dxk\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{C065D43E-73FA-44B8-B564-396BC24C5129}" = protocol=17 | dir=in | app=c:\program files (x86)\java\bin\javaw.exe |
"{C37B2C36-8013-4CD2-91D0-BB467E5FF259}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{C555EA6E-52C8-4883-8106-7847A412229A}" = dir=out | app=d:\minecraft_server\minecraft_server.exe |
"{C565C640-198A-4058-A125-DD04875EBC32}" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\logonserver.exe |
"{C923057B-3789-455F-8B80-1CE2BEE8D699}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{CE1D9D95-B8B0-4D6B-9C0C-642664CF0163}" = protocol=17 | dir=in | app=d:\ut2004\system\ut2004.exe |
"{CF885602-5034-43CF-8B26-825CD48C5225}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{D0AD9CDC-2327-41DD-BB13-FB27CDE62C81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D13663D0-DAC7-405F-A96C-0B099C4EC60C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D1FDB251-15E3-4679-9FB2-308A1A9D8CC7}" = protocol=17 | dir=in | app=d:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"{D7497291-6EEB-4634-9B0A-3F45F2D7217E}" = protocol=6 | dir=in | app=d:\ut2004\system\ut2004.exe |
"{D7C927D2-2EC1-4878-ABE1-46DC5A6331EC}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{D9BDEAEE-5AF2-4264-9F24-69553014D42B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DAF46C95-EC44-41E9-8045-1B7B08CF9854}" = protocol=17 | dir=in | app=d:\unreal tournament 3 (lg)\binaries\ut3.exe |
"{DC2C5783-A061-428F-8DDA-4C5A951E32A3}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{DEE48C86-F4B0-474E-8336-F704CB17D742}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0386925-C1F9-4E16-BC2A-EAF8779C7947}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{E07D5921-ADCB-4B67-9ABC-E843D3AC485F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{E1846B37-910D-4F5C-B8D4-1D9400E75EA7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\darksiders\darksiderspc.exe |
"{E4F35115-D9A3-41E0-8CD1-B3258A0197B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6CC1C7A-B847-4209-9B1E-80AB7551C272}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"{E91B782C-4B99-4616-A9A2-53EDBA12E875}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E932379A-77C4-4CF0-8A6A-E3ED25ED93F0}" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"{EA78E41E-DB1C-4FC8-9649-40366965C319}" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"{EFA8DFBE-0B80-4F70-A658-B63077A0A913}" = protocol=6 | dir=in | app=d:\050 programme\itunes\itunes.exe |
"{F27F72F6-81A4-4964-82C7-B3499EF8EC95}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F3C7580A-B67A-423C-A878-7EA096741276}" = dir=in | app=d:\brickforce\bflauncher.exe |
"{F6F1F01A-4D06-4457-8404-2185518DC94E}" = protocol=6 | dir=in | app=d:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"{F75BC61D-DBCC-44FA-AB3A-CC0619A9AE0A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{FA1E6BB7-962B-4FE3-BBE1-B5780CA05B52}" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\logonserver.exe |
"{FB78DD9A-509A-42AA-97EB-62501714170C}" = protocol=17 | dir=in | app=d:\dc_universe\unreal3\binaries\win32\dcgame.exe |
"{FE5B174E-A31F-4A6E-90E8-428B5A1BAE26}" = protocol=17 | dir=in | app=d:\grid\grid.exe |
"{FE60BA23-AEFB-438F-9E2F-4C13CA9A9B43}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FEB4AA64-3D7F-464B-8721-4D27755F78E7}" = protocol=6 | dir=in | app=d:\fear 2\fear2\fear2.exe |
"TCP Query User{1821DC07-B993-4F85-802B-C89FA6C8EB54}D:\050 programme\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\050 programme\orbitdownloader\orbitnet.exe |
"TCP Query User{1B387F94-B211-4DB2-A22A-2B47775FDACB}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{25A71E70-D532-4852-AE41-ED1E7A845384}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"TCP Query User{29CFE505-E6B5-402A-A6AA-97AB705F033A}D:\heavy metal - fakk2\fakk2.exe" = protocol=6 | dir=in | app=d:\heavy metal - fakk2\fakk2.exe |
"TCP Query User{31BC33FE-A281-45C3-9287-36CF2AEF1BBD}D:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\blizzard downloader.exe |
"TCP Query User{3381785E-EAD9-487D-96DD-F6509771DC75}C:\users\<User 1>\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\<User 1>\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{3482591E-E341-4A6E-8200-117049DF6DB5}D:\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=d:\freeciv-2.2.5-gtk2\freeciv-server.exe |
"TCP Query User{355D8B63-DF2B-457B-ABA7-958391982356}C:\program files (x86)\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe |
"TCP Query User{3EA2891E-2BB7-4A48-99B7-52FEDEB2A67F}D:\wow\novo's easy wow server\0.4.1\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\udrive\usr\local\apache2\bin\apache_16.exe |
"TCP Query User{3F4A80A7-E02F-420C-9B24-8708E9299FA6}D:\010 data\fritzbox\fritz.box_wlan_7390_84.04.84.recover-image.exe" = protocol=6 | dir=in | app=d:\010 data\fritzbox\fritz.box_wlan_7390_84.04.84.recover-image.exe |
"TCP Query User{41045E80-47B0-445D-9704-03E54EAD34A9}C:\program files (x86)\qnap\qget\qget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\qget\qget.exe |
"TCP Query User{41351FF3-094E-4520-9C94-804B171E885F}D:\wow\novo's easy wow server\0.4.1\worldserver.exe" = protocol=6 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\worldserver.exe |
"TCP Query User{42445A78-9884-499E-9C6C-863FBA24CFB5}D:\hl\hl.exe" = protocol=6 | dir=in | app=d:\hl\hl.exe |
"TCP Query User{437BB0C2-64B7-4FD7-9E80-A11A6A002A02}D:\wow\0.4.0.5\worldserver.exe" = protocol=6 | dir=in | app=d:\wow\0.4.0.5\worldserver.exe |
"TCP Query User{4431E5FA-217F-4DC4-A5DB-C88D51AA7046}D:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"TCP Query User{4B0E9F51-CE77-49D4-902F-B7C0EAD34CCE}D:\ef2\ef2.exe" = protocol=6 | dir=in | app=d:\ef2\ef2.exe |
"TCP Query User{4DC73254-862B-49FE-8B91-3EAABB8958C8}D:\dc_universe\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=d:\dc_universe\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{516C74DD-220D-49CE-8242-9375BBF58B44}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
"TCP Query User{5A9EA75B-5152-4564-A439-32E912D3AE64}D:\medal of honor pacific assault(tm)\mohpa.exe" = protocol=6 | dir=in | app=d:\medal of honor pacific assault(tm)\mohpa.exe |
"TCP Query User{5E9005F6-0EC5-4DB0-BD77-DA61BC915CAF}D:\wow\server\0.3.7.5\diamond-realmserver.exe" = protocol=6 | dir=in | app=d:\wow\server\0.3.7.5\diamond-realmserver.exe |
"TCP Query User{640CEA43-5D23-4938-B830-A08CFD0FA256}D:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"TCP Query User{6711FDE9-3126-44A9-AAC9-A947DD5A28D2}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{69117C01-48BA-4BAF-995F-FA2374F3B75E}D:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
"TCP Query User{6D7623D8-5B86-4908-9E9F-F36057AEB316}D:\wow-server\askyfire x64\authserver.exe" = protocol=6 | dir=in | app=d:\wow-server\askyfire x64\authserver.exe |
"TCP Query User{6F212778-9578-45D4-9828-9ADFEC8AAA3C}D:\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{7022331F-DA15-470F-9503-C573FCBA54DE}D:\wow\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=d:\wow\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"TCP Query User{7279628F-613E-4BB0-ACEA-1A531C56CF0E}D:\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\world_of_tanks\wotlauncher.exe |
"TCP Query User{74BA5508-321B-4E8F-9CC9-012D06C85E7A}G:\hendrik\blobby\volley.exe" = protocol=6 | dir=in | app=g:\hendrik\blobby\volley.exe |
"TCP Query User{772EE8E1-98A9-4759-9FAD-5D77BE342F1A}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{8143C6A6-C85F-42C8-83D0-8B414FB70977}J:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"TCP Query User{81AAB016-1FE4-41A2-B3CF-6049BFCF0445}D:\wow-server\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\wow-server\server\mysql\bin\mysqld.exe |
"TCP Query User{82CD20FA-833B-4826-9582-89370ED4CA3D}D:\wow\novo's easy wow server\0.4.1\logonserver.exe" = protocol=6 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\logonserver.exe |
"TCP Query User{863AF03C-041A-4837-B1F7-84502E07C200}C:\program files (x86)\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\bin\javaw.exe |
"TCP Query User{873EB20A-10FF-4A0C-81BA-3C1B17FBEA49}C:2\wow-cata\_server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:2\wow-cata\_server\mysql\bin\mysqld.exe |
"TCP Query User{882FC0D6-E9B2-4D10-A39B-F62162B99824}D:\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\world_of_tanks\worldoftanks.exe |
"TCP Query User{88A444CD-FEC6-4AF4-816B-86F3AA6EE02B}J:\wow\0.4.0.5\logonserver.exe" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\logonserver.exe |
"TCP Query User{8A6ACECE-EA06-4AB8-B07D-4537E43C4737}D:\wow\server\0.3.7.5\diamond-worldserver.exe" = protocol=6 | dir=in | app=d:\wow\server\0.3.7.5\diamond-worldserver.exe |
"TCP Query User{8FAE7203-A0F4-472A-A125-1C001B0913B9}D:\wow\server\0.3.7.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=d:\wow\server\0.3.7.5\udrive\usr\local\apache2\bin\apache_16.exe |
"TCP Query User{920331A5-3FE8-4750-9FC4-B0A081CB968A}D:\wow\0.4.3\authserver.exe" = protocol=6 | dir=in | app=d:\wow\0.4.3\authserver.exe |
"TCP Query User{931675D2-EEAF-4A10-9A77-EFF3266E5E31}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"TCP Query User{9AF4FF6A-95F2-4FA8-8DBB-CF98131CE98B}J:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe |
"TCP Query User{9CA4A17D-DE0C-4669-8B62-94A9304546A1}C:2\wow-cata\skyfireemu\worldserver.exe" = protocol=6 | dir=in | app=c:2\wow-cata\skyfireemu\worldserver.exe |
"TCP Query User{9E6253FD-4A69-40E6-A562-2BCFB675A2FE}E:\setup\dns-323_c1_fw_v1.08_easysearch_v4.7.0.0.exe" = protocol=6 | dir=in | app=e:\setup\dns-323_c1_fw_v1.08_easysearch_v4.7.0.0.exe |
"TCP Query User{9ECE2219-496A-4490-84BE-8882B3EB9AF0}D:\wow\server\0.3.7.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=d:\wow\server\0.3.7.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"TCP Query User{9F98570F-C36B-43D2-BFCD-E8690C0E387E}C:\program files (x86)\lan messenger\lanmessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lan messenger\lanmessenger.exe |
"TCP Query User{A04B122F-9960-4C97-96C9-5ED5FAA47411}D:\010 data\downloads\tinyumbrella-4.21.02.exe" = protocol=6 | dir=in | app=d:\010 data\downloads\tinyumbrella-4.21.02.exe |
"TCP Query User{A12A3207-77EA-49E3-9B7E-3972FEE59DCD}D:\heavy metal - fakk2\fakk2.exe" = protocol=6 | dir=in | app=d:\heavy metal - fakk2\fakk2.exe |
"TCP Query User{A18F52E6-392D-4D0A-926A-4FC0C3EA9A4F}D:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=d:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"TCP Query User{A5E1DA70-92B4-4F20-9EF4-C06F26A5B0CB}C:\program files (x86)\r2 studios\tonic\tonic.exe" = protocol=6 | dir=in | app=c:\program files (x86)\r2 studios\tonic\tonic.exe |
"TCP Query User{A6385A6C-D492-4607-A462-DD23F32B058E}D:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{A77784C9-EB7F-4E03-AD65-56B40FD6A8C1}D:\050 programme\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\050 programme\xfire\xfire.exe |
"TCP Query User{AF791E76-8F06-4ADB-B863-A8450F41688A}J:\wow\0.4.0.5\worldserver.exe" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\worldserver.exe |
"TCP Query User{B17393EA-59F7-453F-8030-2EF67B60BC94}D:\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=d:\battlefield 1942\bf1942.exe |
"TCP Query User{B627CD92-7825-4135-A098-5F3F8E48B257}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{B944A103-E136-4FAB-9A28-ED17763F1A2F}C:\users\<User 1>\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\<User 1>\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{BA2746C6-78B8-482F-BD41-38A56FAD7759}D:\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\mozilla firefox\firefox.exe |
"TCP Query User{BE403DD2-AF1F-48A8-B96E-3B925D6819D2}D:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=d:\unreal tournament 3 (lg)\binaries\ut3.exe |
"TCP Query User{C5D08BA9-E92F-46E0-9FF0-B62BBA1B9850}D:\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\flatout2\flatout2.exe |
"TCP Query User{C766B0B2-61D7-4F85-B466-7C2B7C93EEC8}D:\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=d:\planetside 2 psg\planetside2.exe |
"TCP Query User{CA6B6966-D62F-4729-A801-1B0D353A68BB}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{D7E749AD-59D6-4DB6-85F3-83A6E5E119A9}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{DA438CF3-C8C2-4EB3-8101-6D28E52E1AAA}D:\wow\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=d:\wow\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe |
"TCP Query User{DC71E5C7-319E-43F8-A606-A610F8CCA463}D:\wow\0.4.3\worldserver.exe" = protocol=6 | dir=in | app=d:\wow\0.4.3\worldserver.exe |
"TCP Query User{DD00A1CE-DBA3-44D1-A637-4B624188EADF}D:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=d:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe |
"TCP Query User{DECB31C9-6EED-4F40-8F40-1A4D33158382}D:\wow-server\askyfire x64\worldserver.exe" = protocol=6 | dir=in | app=d:\wow-server\askyfire x64\worldserver.exe |
"TCP Query User{EA5C2D92-56FE-40E9-BEBC-8B4D6C94F34C}D:\wow\0.4.0.5\logonserver.exe" = protocol=6 | dir=in | app=d:\wow\0.4.0.5\logonserver.exe |
"TCP Query User{EBAAA559-D6C0-4181-A55F-EFD17DF4D103}D:\cs1.6\hl.exe" = protocol=6 | dir=in | app=d:\cs1.6\hl.exe |
"TCP Query User{EF644ABC-B02A-47A8-BF8B-EE0A7DFF1F65}C:\program files (x86)\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe |
"TCP Query User{F20CF55B-8873-4C56-911E-D7A0D8AA532B}D:\ef2\ef2.exe" = protocol=6 | dir=in | app=d:\ef2\ef2.exe |
"TCP Query User{F3F9C46B-D06B-46B7-8995-159BDD8CFF38}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"TCP Query User{F42CFE0A-0C6C-4493-9017-E263554DBB55}C:2\wow-cata\skyfireemu\authserver.exe" = protocol=6 | dir=in | app=c:2\wow-cata\skyfireemu\authserver.exe |
"TCP Query User{F55E45A7-1676-4DB0-ADFD-A8B7286156DA}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{F64D7AE5-DFFB-4687-8300-A009F39CF6D6}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{F9B0220F-DE51-4065-9A8E-BE1D0CDC62B7}D:\050 programme\hdro\lotroclient.exe" = protocol=6 | dir=in | app=d:\050 programme\hdro\lotroclient.exe |
"TCP Query User{FC978267-936B-405A-836E-DB10F90F5A4F}D:\wow\novo's easy wow server\0.4.1\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{0378FFCC-D9D1-4D6D-9ED9-BF84F651D1A5}D:\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=d:\freeciv-2.2.5-gtk2\freeciv-server.exe |
"UDP Query User{03B92F12-E738-4F41-8F25-08C26B05E567}C:\users\<User 1>\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\<User 1>\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"UDP Query User{03C45C33-5D05-44D9-B255-8D51B377DE14}D:\wow\novo's easy wow server\0.4.1\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{0945E339-D31C-4ED7-8906-644C71B4929B}C:\program files (x86)\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe |
"UDP Query User{0A75517C-19AB-45B9-A014-26E1E04DA770}D:\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=d:\battlefield 1942\bf1942.exe |
"UDP Query User{0BCCA90B-2117-44D7-961C-3BDEED9A03B8}D:\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\world_of_tanks\wotlauncher.exe |
"UDP Query User{0C84CAB2-4313-471F-89DA-B39A7461C075}D:\wow\0.4.3\authserver.exe" = protocol=17 | dir=in | app=d:\wow\0.4.3\authserver.exe |
"UDP Query User{1CCC3756-6575-4B65-B446-B5A6BE162488}D:\wow-server\askyfire x64\worldserver.exe" = protocol=17 | dir=in | app=d:\wow-server\askyfire x64\worldserver.exe |
"UDP Query User{1E57C07B-06DB-4915-8C03-9530110F44C6}D:\wow\server\0.3.7.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=d:\wow\server\0.3.7.5\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{1FAD9E8F-FF14-4311-B308-2D5012FB5B31}D:\heavy metal - fakk2\fakk2.exe" = protocol=17 | dir=in | app=d:\heavy metal - fakk2\fakk2.exe |
"UDP Query User{2014FB02-1FEF-4BFB-ADB0-2A44C36A1929}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{2097710E-D143-43D3-AED8-B9E54D8151EF}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{24C22941-0B32-4E4D-BCBD-DC229E8782B6}D:\wow\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=d:\wow\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{2623C2B0-BA29-40A5-85DE-51F9E1B2B2A3}D:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
"UDP Query User{276C3019-70B2-487E-BEF4-B3BCAF0E545C}D:\050 programme\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\050 programme\orbitdownloader\orbitnet.exe |
"UDP Query User{294054E8-6932-47E1-9D5C-96EE191EB83C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{2B15185E-A55F-4615-8545-67B2DA1DCC08}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
"UDP Query User{2D5F13CE-FE2D-4E6E-AFE0-5D38D8FCEBD4}D:\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\world_of_tanks\worldoftanks.exe |
"UDP Query User{2EC313EA-C5CE-4414-8956-955A11506514}D:\wow-server\askyfire x64\authserver.exe" = protocol=17 | dir=in | app=d:\wow-server\askyfire x64\authserver.exe |
"UDP Query User{34CBA6A7-267F-4A43-B081-04A387E4ED1F}C:2\wow-cata\skyfireemu\authserver.exe" = protocol=17 | dir=in | app=c:2\wow-cata\skyfireemu\authserver.exe |
"UDP Query User{3CF59400-CD19-4123-8C8B-D3BBA7041A84}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{3FC1D534-9F05-4AB7-9B07-BF87499FE33D}J:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{44B8E5F7-41D4-41F9-850E-643BB8C50A32}D:\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=d:\planetside 2 psg\planetside2.exe |
"UDP Query User{464C7EE4-BDEE-4ABA-9E72-C0A1B7FFE74B}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{4662ADB4-906B-445D-B9CC-6D3BAA157E35}D:\medal of honor pacific assault(tm)\mohpa.exe" = protocol=17 | dir=in | app=d:\medal of honor pacific assault(tm)\mohpa.exe |
"UDP Query User{4D731572-4E9E-4EDA-91FF-449705B3FA41}C:\program files (x86)\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe |
"UDP Query User{5143750A-E301-4008-BECD-2C6B35B5C2A1}D:\wow\novo's easy wow server\0.4.1\logonserver.exe" = protocol=17 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\logonserver.exe |
"UDP Query User{54B2DDC9-3B6E-4394-B1DB-0250526E9E7D}D:\ef2\ef2.exe" = protocol=17 | dir=in | app=d:\ef2\ef2.exe |
"UDP Query User{5931C5B3-22F2-491B-90A5-63A4AF17F8C7}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"UDP Query User{5A263DD4-FA53-4C47-8277-90CFFEA7EBC4}D:\wow-server\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\wow-server\server\mysql\bin\mysqld.exe |
"UDP Query User{5BCD487F-C949-4B7C-8584-6CB944970C50}J:\wow\0.4.0.5\logonserver.exe" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\logonserver.exe |
"UDP Query User{5DC097E9-B931-4D51-8579-25AB02E1760F}D:\wow\server\0.3.7.5\diamond-worldserver.exe" = protocol=17 | dir=in | app=d:\wow\server\0.3.7.5\diamond-worldserver.exe |
"UDP Query User{6B9289CD-B132-4125-9563-11FC30DD35CB}D:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"UDP Query User{6DB6B6A0-C99F-4279-A594-B9B24D69E658}D:\wow\novo's easy wow server\0.4.1\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{73C92451-4969-4F26-A2DD-5BD3310943DB}D:\wow\server\0.3.7.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=d:\wow\server\0.3.7.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{7443E884-40AF-45B4-B0FF-9890950F0497}D:\hl\hl.exe" = protocol=17 | dir=in | app=d:\hl\hl.exe |
"UDP Query User{85AB6BDD-D36B-4793-ADE3-64FED6F728FD}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{85B56604-CE5A-4BB9-9F1D-85909178C8B9}D:\wow\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=d:\wow\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{8BDAC1B0-D52C-4050-B4CF-994CACB79394}J:\wow\0.4.0.5\worldserver.exe" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\worldserver.exe |
"UDP Query User{8C453E58-7536-46F8-9D55-1A493E6C01E4}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{90D164C4-2EB1-48DB-A4D2-51A4CBB0FADC}D:\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{93F34585-7769-4C19-B792-B393E057CAC8}D:\heavy metal - fakk2\fakk2.exe" = protocol=17 | dir=in | app=d:\heavy metal - fakk2\fakk2.exe |
"UDP Query User{9BAD88DB-FE23-4B7C-A395-0E15E0AA0972}D:\wow\novo's easy wow server\0.4.1\worldserver.exe" = protocol=17 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\worldserver.exe |
"UDP Query User{9D06426D-1433-40A9-B78E-DCB94EA624AD}C:\program files (x86)\lan messenger\lanmessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lan messenger\lanmessenger.exe |
"UDP Query User{A1421BA6-23D9-456E-A449-837B52EF265F}D:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=d:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{A28BD07F-88BA-4251-AEDF-56883C43D741}D:\cs1.6\hl.exe" = protocol=17 | dir=in | app=d:\cs1.6\hl.exe |
"UDP Query User{A3DAAFF4-633C-483D-B312-93B6B2CF1BF9}D:\050 programme\hdro\lotroclient.exe" = protocol=17 | dir=in | app=d:\050 programme\hdro\lotroclient.exe |
"UDP Query User{A5063601-C1D9-4713-B404-B5601D52D020}D:\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\flatout2\flatout2.exe |
"UDP Query User{AA066EB1-5D9A-4A81-AD7F-5D386D2FE571}D:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"UDP Query User{AC0F8CBE-A15F-47C2-8E2E-1E84A487D58B}G:\hendrik\blobby\volley.exe" = protocol=17 | dir=in | app=g:\hendrik\blobby\volley.exe |
"UDP Query User{B1028C9F-D566-4D31-81A6-CB4AC03F169B}C:2\wow-cata\skyfireemu\worldserver.exe" = protocol=17 | dir=in | app=c:2\wow-cata\skyfireemu\worldserver.exe |
"UDP Query User{B6333C6A-F497-4DA1-9270-29B89EFB7506}C:\program files (x86)\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\bin\javaw.exe |
"UDP Query User{B6D4DDB3-5808-426D-A95B-C7D5961C2060}C:2\wow-cata\_server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:2\wow-cata\_server\mysql\bin\mysqld.exe |
"UDP Query User{BBE60C33-C971-46BE-A4A7-21DCD9AB5122}D:\ef2\ef2.exe" = protocol=17 | dir=in | app=d:\ef2\ef2.exe |
"UDP Query User{C4C0BBF3-EDD8-44D4-8FB7-B07B6F78DE93}D:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=d:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{C520F9D7-C212-430A-9796-F7A6E93813A6}D:\050 programme\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\050 programme\xfire\xfire.exe |
"UDP Query User{C66A06E2-F910-40BA-B454-7536E057664C}D:\wow\0.4.0.5\logonserver.exe" = protocol=17 | dir=in | app=d:\wow\0.4.0.5\logonserver.exe |
"UDP Query User{C6F98C9A-CD4C-4FA3-B220-8D1FB074F361}D:\010 data\downloads\tinyumbrella-4.21.02.exe" = protocol=17 | dir=in | app=d:\010 data\downloads\tinyumbrella-4.21.02.exe |
"UDP Query User{C8395088-A96E-4B77-A933-28FA29A75620}C:\program files (x86)\r2 studios\tonic\tonic.exe" = protocol=17 | dir=in | app=c:\program files (x86)\r2 studios\tonic\tonic.exe |
"UDP Query User{CA3312A8-2888-4617-8AB1-FBC6D31F2121}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"UDP Query User{D0F75C32-73CC-4176-B02F-7ACD65F321F0}D:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=d:\unreal tournament 3 (lg)\binaries\ut3.exe |
"UDP Query User{D1F953A4-2BB3-4033-B1C1-F2575271DA87}D:\wow\server\0.3.7.5\diamond-realmserver.exe" = protocol=17 | dir=in | app=d:\wow\server\0.3.7.5\diamond-realmserver.exe |
"UDP Query User{D52DA1AC-376F-4B03-9CA0-961793ABF86E}C:\users\<User 1>\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\<User 1>\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{D5F8CAAF-BBC6-44C4-BB1D-7E93D5F796F8}J:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{DB3D6F39-98E0-4CC4-9C00-2CF8F2F53F34}D:\010 data\fritzbox\fritz.box_wlan_7390_84.04.84.recover-image.exe" = protocol=17 | dir=in | app=d:\010 data\fritzbox\fritz.box_wlan_7390_84.04.84.recover-image.exe |
"UDP Query User{DF02AA83-A4A3-48E4-8F0A-4FAB9593A8D9}D:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\blizzard downloader.exe |
"UDP Query User{DF8992F4-FCA8-4B73-A22D-152C3CC7A13C}D:\wow\0.4.3\worldserver.exe" = protocol=17 | dir=in | app=d:\wow\0.4.3\worldserver.exe |
"UDP Query User{E35F21C2-D74A-4E26-8DBF-62E107F2FF18}E:\setup\dns-323_c1_fw_v1.08_easysearch_v4.7.0.0.exe" = protocol=17 | dir=in | app=e:\setup\dns-323_c1_fw_v1.08_easysearch_v4.7.0.0.exe |
"UDP Query User{E4C1FC88-1677-4429-B7B2-12EA12135A52}D:\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\mozilla firefox\firefox.exe |
"UDP Query User{EA9BD6D1-BB17-495D-8262-B4540448DFA6}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{F04E61F7-B23E-4134-A646-0CB7F5791EE6}C:\program files (x86)\qnap\qget\qget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\qget\qget.exe |
"UDP Query User{F20E25B7-CF60-46C4-8E4A-962B76D2E939}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{F4613CB1-47CB-4A45-9980-C9315C9A1487}D:\wow\0.4.0.5\worldserver.exe" = protocol=17 | dir=in | app=d:\wow\0.4.0.5\worldserver.exe |
"UDP Query User{F7472F85-D99D-4035-8AE9-3CAA14711AA7}D:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{F759015D-2D73-4936-8232-BCB4CC87C66E}D:\dc_universe\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=d:\dc_universe\unreal3\binaries\win32\dcgame.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0874D757-6DE9-31B9-BA0B-2299F3A144C0}" = Microsoft Windows SDK .NET Framework Tools (40715)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F6306D6-FB66-10D2-D474-5ADE4D57EE6B}" = AMD Fuel
"{1F85668C-CEB7-7A2E-356C-C42F950A982C}" = AMD Accelerated Video Transcoding
"{22D02951-5B4C-36FD-801E-ACB3595760B4}" = Microsoft Windows SDK for Windows 7 Samples (40715)
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3607CBFF-3DC7-35E2-A78C-2A3BE1B72022}" = Microsoft Windows SDK for Windows 7 .NET Documentation (40715)
"{361A49FA-59B3-49FB-8C3E-08AF3EA5791A}" = Application Verifier (x64)
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4161341F-AE84-E404-4291-4E0322CCE809}" = AMD Media Foundation Decoders
"{4515E93F-DBE9-3A97-B2C5-AD414A02B261}" = Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5DF57DB1-D971-3DA3-B4BB-F6FC7D73A997}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{698DEE97-5A35-3C60-960F-9FB9C58F4A3B}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{84057C9C-2F85-4C67-A035-FD75FFE2DE88}" = Logitech Gaming Software 5.09
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{965DF723-5688-359E-84D2-417CAFE644B5}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
"{A61AE368-B88C-414C-9118-503EECFC3AC8}_is1" = Photo Toolbox for Windows version 1.12.3.1
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB58402A-43DE-551C-2B40-DD1CF0E21240}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{AF51A2B6-3AAF-46C5-36A7-0E78B2D23E3E}" = ccc-utility64
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8C39B37-502F-5D99-A1A4-1D810CE3112F}" = AMD AVIVO64 Codecs
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D9DF0B85-BEC1-439F-ABFE-76C386A69A05}" = Oracle VM VirtualBox 4.1.12
"{DE2C9D5F-C55C-30E8-9322-2B8E8B5DF87C}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{ED066E02-C49A-D5D9-7ACD-1014EB7571D1}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"HyperCam 2" = HyperCam 2
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0180F30F-52A8-4414-8E3B-931917211845}" = AquaSoft DiaShow Studio 6
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08F86AD1-116C-4105-8A0E-3B6A736448BE}}_is1" = Total Video Player 6.0
"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11D32157-138C-4F8F-96C7-8B3041C17C21}" = 3DCrafter
"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = AMD VISION Engine Control Center
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{394DC0BC-5476-4260-B52C-BDE1BDEFA958}" = Unreal Tournament 2004
"{39B8EE1D-82D5-4DF0-A619-2C84844254D1}_is1" = MCSkin3D version 1.4
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech
"{44D9A2CB-0692-3180-B5E2-26F4E807D067}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4ED980CB-C288-6A80-A3EA-AEECC543058B}" = Application Profiles
"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish
"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean
"{74D21920-3B72-494F-9042-8C26E1E99FDC}" = Garmin City Navigator Europe NT 2011.10
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789C43A9-4FD7-456B-8E27-5CE442FF3005}_is1" = Split Second Velocity 1.0
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8C06EE31-AE51-4589-B53F-1406F6BBA229}" = F.E.A.R. Ultimate Shooter Edition - F.E.A.R. 2
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B39004-8748-435E-A4C2-BE983B4C737B}" = Heavy Metal - FAKK2
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B235AB91-08A9-4DED-9DE0-B9594A5F7DCF}" = UltraEdit 16.20
"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese
"{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F33FFAC2-9E40-4DB0-B52D-AF1FF17B3493}" = windata@home
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.07.00.8037
"7ADDFD5C-0F12-4D5F-8AFD-BEF43762129D" = Lan Messenger
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Ashampoo Slideshow Studio Elements_is1" = Ashampoo Slideshow Studio Elements 2.0.1
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.50
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BrickForce" = BrickForce 1.9.87
"FileZilla Client" = FileZilla Client 3.3.5.1
"FormatFactory" = FormatFactory 2.60
"Free Video Dub_is1" = Free Video Dub version 2.0.16.1212
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"IcoFX_is1" = IcoFX 1.6.4
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"MakeMKV" = MakeMKV v1.7.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.46a
"No23 Recorder" = No23 Recorder
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"Origin" = Origin
"Paint Shop Pro 5.01" = Paint Shop Pro 5.01 CD
"Password Safe" = Password Safe
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 10.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PuTTY_is1" = PuTTY version 0.60
"QNAP_FINDER" = QNAP Finder
"RADVideo" = RAD Video Tools
"Scratch" = Scratch
"SMPlayer" = SMPlayer 0.6.9
"Star Trek Elite Force II" = Star Trek Elite Force II
"Steam App 34830" = Sniper: Ghost Warrior
"Steam App 50620" = Darksiders
"Steam App 57900" = Duke Nukem Forever
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"TT-Viewer_is1" = Technotrend Viewer
"TuneUp Utilities" = TuneUp Utilities
"TwonkyBeam for Firefox" = TwonkyBeam for Firefox
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGDB3" = WinGDB3 3.62
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2980863505-4143529224-1025148377-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"AquaSoft DiaShow Studio 6" = AquaSoft DiaShow Studio 6
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Move Media Player" = Move Media Player
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"SOE-C:/Users/<User 1>/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live (2)" = DC Universe Online Live (2)
"SOE-DC Universe Online Live PSG (2)" = DC Universe Online Live (2)
"UnityWebPlayer" = Unity Web Player
"XBMC" = XBMC
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.07.2011 16:26:20 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.07.2011 16:26:20 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.07.2011 18:46:44 | Computer Name = Gollum | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Microsoft Visual Studio 9.0\VC\bin\ia64\pgocvt.exe". Die abhängige Assemblierung
"Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.07.2011 18:47:09 | Computer Name = Gollum | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Microsoft Visual Studio 9.0\VC\bin\ia64\pgomgr.exe". Die abhängige Assemblierung
"Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.07.2011 18:47:24 | Computer Name = Gollum | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Microsoft Visual Studio 9.0\VC\bin\ia64\pgosweep.exe". Die abhängige Assemblierung
"Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.07.2011 05:47:11 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.07.2011 05:47:11 | Computer Name = Gollum | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.07.2011 06:54:36 | Computer Name = Gollum | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Microsoft Visual Studio 9.0\VC\bin\ia64\pgocvt.exe". Die abhängige Assemblierung
"Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.07.2011 06:55:02 | Computer Name = Gollum | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Microsoft Visual Studio 9.0\VC\bin\ia64\pgomgr.exe". Die abhängige Assemblierung
"Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.07.2011 06:55:16 | Computer Name = Gollum | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Microsoft Visual Studio 9.0\VC\bin\ia64\pgosweep.exe". Die abhängige Assemblierung
"Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ Media Center Events ]
Error - 07.11.2012 00:24:35 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 05:24:17 - Fehler beim Herstellen der Internetverbindung. 05:24:17
- Serververbindung konnte nicht hergestellt werden..
Error - 07.12.2012 00:32:27 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 05:32:27 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 16.12.2012 00:12:45 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 05:12:45 - Fehler beim Herstellen der Internetverbindung. 05:12:45
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 00:13:08 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 05:12:50 - Fehler beim Herstellen der Internetverbindung. 05:12:50
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 01:13:42 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 06:13:42 - Fehler beim Herstellen der Internetverbindung. 06:13:42
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 01:13:55 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 06:13:47 - Fehler beim Herstellen der Internetverbindung. 06:13:47
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 02:14:28 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 07:14:28 - Fehler beim Herstellen der Internetverbindung. 07:14:28
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 02:14:41 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 07:14:33 - Fehler beim Herstellen der Internetverbindung. 07:14:33
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 03:15:14 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 08:15:14 - Fehler beim Herstellen der Internetverbindung. 08:15:14
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2012 03:15:27 | Computer Name = Gollum | Source = MCUpdate | ID = 0
Description = 08:15:19 - Fehler beim Herstellen der Internetverbindung. 08:15:19
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 20.01.2013 09:36:08 | Computer Name = Gollum | Source = DCOM | ID = 10010
Description =
Error - 23.01.2013 12:18:30 | Computer Name = Gollum | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 02.02.2013 12:21:33 | Computer Name = Gollum | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?02.?2013 um 17:16:55 unerwartet heruntergefahren.
Error - 02.02.2013 12:21:35 | Computer Name = Gollum | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FABS - Helping agent for MAGIX media database" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2
Error - 03.02.2013 15:54:56 | Computer Name = Gollum | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 03.02.2013 15:54:57 | Computer Name = Gollum | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 03.02.2013 15:54:57 | Computer Name = Gollum | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 05.02.2013 14:24:06 | Computer Name = Gollum | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
Error - 05.02.2013 14:43:16 | Computer Name = Gollum | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FABS - Helping agent for MAGIX media database" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2
Error - 08.02.2013 14:24:20 | Computer Name = Gollum | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FABS - Helping agent for MAGIX media database" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2
< End of report >
|
|
11.02.2013, 14:22
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.10512429.1 und Win32/Agent.SZW trojan Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2013, 21:11
| #12 |
| | TR/Agent.10512429.1 und Win32/Agent.SZW trojan Hallo cosinus, ich habe einen Scan mit GMER versucht. Die Folge war ein übler mit BlueScreen. einen weiteren Scan mit GMER habe ich daher nicht gewagt. aswMBR stürtz beim Scannen auch ab, reisst aber nicht das ganze System 'runter. Ich habe beim Scannen "nur" den Echtzeitscanner von Antivir ausgeschaltet. Reicht das oder muss ich mehr wegschalten? Ich habe 2 Scanversuche unternommen, bei beiden war derselbe Fund. Nach beiden Abstürzen des Scanners habe ich noch Screenshots gemacht (s. Anhänge). Beim 2. Versuch habe ich es sogar noch geschafft beim Absturz ein Log schreiben zu lassen (der Fund ist bei "20:48:04.211"). Ich habe nicht auf Fix geklickt. aswMBR log: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-12 20:47:11
-----------------------------
20:47:11.071 OS Version: Windows x64 6.1.7601 Service Pack 1
20:47:11.071 Number of processors: 2 586 0x4303
20:47:11.071 ComputerName: GOLLUM UserName: <User 1>
20:47:11.993 Initialize success
20:47:21.211 AVAST engine defs: 13021200
20:47:28.790 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
20:47:28.790 Disk 0 Vendor: MAXTOR_S MX15 Size: 476938MB BusType: 3
20:47:28.790 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000072
20:47:28.790 Disk 1 Vendor: SAMSUNG_ 1AQ1 Size: 1907728MB BusType: 3
20:47:28.805 Disk 0 MBR read successfully
20:47:28.805 Disk 0 MBR scan
20:47:28.821 Disk 0 unknown MBR code
20:47:28.821 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476835 MB offset 206848
20:47:28.852 Disk 0 scanning C:\Windows\system32\drivers
20:47:42.071 Service scanning
20:48:04.149 Modules scanning
20:48:04.149 Disk 0 trace - called modules:
20:48:04.196 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800734d2c0]<<splo.sys storport.sys hal.dll nvstor.sys
20:48:04.196 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079f0080]
20:48:04.196 3 CLASSPNP.SYS[fffff88001bcb43f] -> nt!IofCallDriver -> [0xfffffa8007841d30]
20:48:04.196 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\00000071[0xfffffa8006a289c0]
20:48:04.211 \Driver\nvstor[0xfffffa80069a3d50] -> IRP_MJ_CREATE -> 0xfffffa800734d2c0
20:48:06.243 AVAST engine scan C:\Windows
20:48:10.415 Disk 0 MBR has been saved successfully to "C:\Users\<User 1>\Desktop\MBR.dat"
20:48:10.430 The log file has been saved successfully to "C:\Users\<User 1>\Desktop\aswMBR.txt"
20:48:17.815 AVAST engine scan C:\Windows\system32
20:51:04.644 Disk 0 MBR has been saved successfully to "C:\Users\<User 1>\Desktop\MBR.dat"
20:51:04.660 The log file has been saved successfully to "C:\Users\<User 1>\Desktop\aswMBR.txt"
Geändert von MaBase66 (12.02.2013 um 21:28 Uhr) |
|
13.02.2013, 19:18
| #14 |
| | TR/Agent.10512429.1 und Win32/Agent.SZW trojan Hallo cosinus, habe GMER nochmal ausgeführt -> BlueScreen mit der Meldung "APC_INDEX_MISMATCH". Habe meinen PC anschließend im abgesicherten Modus gestartet und GMER nochmals gestartet. Das Ergebnis war dasselbe: BlueScreen mit der Meldung "APC_INDEX_MISMATCH". What next?
__________________ Dank und Gruß MaBase66 |
|
14.02.2013, 11:05
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.10512429.1 und Win32/Agent.SZW trojan TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/Agent.10512429.1 und Win32/Agent.SZW trojan |
| administrator, antivir, bonjour, browser, ccc.exe, desktop, dllhost.exe, downloader, dsl, dxgkrnl, failed, februar 2013, festplatte, fontcache, format, frage, google, home, kaspersky, keineantwortadresse@web.de, mom.exe, monitor, msiexec.exe, nemesis, object, policyagent, prozesse, registry, services.exe, sigcheck, svchost.exe, taskhost.exe, trojan, trojaner, trustedinstaller, tunnel, visual studio, warnung, win32/agent.szw, windows, winlogon.exe, wlansvc, wsearch |
Linear-Darstellung
