rundll32.dll Virus

hakimza · 22.07.2012, 14:49

Hallo

Ich hab mir vor 2 Tagen irgendein Virus eingefangen, seitdem schließt sich der Taskmanager automatisch wenn ich ihn starte. Hab mir dann einen anderen Taskmanager bei Chip runtergeladen um rauszufinden welcher Prozess immer den normalen Taskmanager schließt. Hab rausgefunden das es rundll32.dll ist, wenn ich den Prozess beende lässt sich der normale Taskmanager wieder starten. Nun ist die Frage wie werde ich den wieder los, löschen funktioniert nicht und ein Autostarteintrag ist nicht vorhanden. Avira zeigt nichts an.

Hab das mal mit OTL und GMER gescannt weil ich das in einem anderen Thread gelesen hab.

OTL.txt

Code:

ATTFilter

OTL logfile created on: 22.07.2012 15:18:28 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\X64\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,73% Memory free
8,00 Gb Paging File | 6,14 Gb Available in Paging File | 76,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 2,13 Gb Free Space | 1,46% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 2,48 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
Drive F: | 6,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: X64-PC | User Name: X64 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.22 15:04:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\X64\Downloads\OTL.exe
PRC - [2012.06.11 20:20:10 | 002,389,680 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
PRC - [2012.05.11 19:43:47 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.11.20 08:37:00 | 001,204,224 | ---- | M] (www.IslamicFinder.org) -- C:\Program Files (x86)\Athan\Athan.exe
PRC - [2011.10.24 22:21:25 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.24 22:21:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.24 22:21:25 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.21 17:51:52 | 000,171,848 | ---- | M] (BinarySense Ltd.) -- C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.08 22:08:28 | 000,282,697 | ---- | M] () -- C:\Program Files (x86)\Athan\vbp.dll
MOD - [2004.12.25 13:37:22 | 000,258,121 | ---- | M] () -- C:\Program Files (x86)\Athan\vbh.dll
MOD - [2004.03.20 14:49:40 | 000,229,444 | ---- | M] () -- C:\Program Files (x86)\Athan\vbq.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.06.11 13:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.20 01:20:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.19 15:28:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.21 17:42:38 | 000,587,840 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2012.06.01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.05.11 19:43:47 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.04.20 07:59:04 | 000,092,592 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.10.24 22:21:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.24 22:21:25 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [On_Demand | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.09.02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [On_Demand | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.08.24 03:13:43 | 000,083,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.21 17:51:52 | 000,171,848 | ---- | M] (BinarySense Ltd.) [Auto | Running] -- C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe -- (HDD & SSD access service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.02.05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007.02.05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.21 17:21:26 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2012.04.22 13:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.14 18:23:00 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.01.09 17:28:20 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 17:28:20 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.12.29 22:33:13 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.12.12 07:41:14 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.12.12 07:41:13 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.12.08 19:36:30 | 000,142,848 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire(TM)
DRV:64bit: - [2011.11.01 19:01:38 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.24 22:21:25 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.24 22:21:25 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.08.17 22:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.21 10:07:08 | 000,312,184 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec)
DRV:64bit: - [2010.06.17 11:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 03:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.08.21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.08.13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.17 10:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2006.10.18 02:00:00 | 000,052,760 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011.09.02 13:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/01/14 16:37:43] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.08.24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2010.03.31 01:00:00 | 000,026,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.19 05:04:00 | 000,014,608 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Users\X64\Downloads\ati_winflash_2.0.1.18\atillk64.sys -- (atillk64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 8E 2F A7 89 92 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\X64\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\X64\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 01:20:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.11 14:18:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.21 18:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 01:20:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.11 14:18:50 | 000,000,000 | ---D | M]
 
[2012.05.17 15:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X64\AppData\Roaming\mozilla\Extensions
[2012.05.17 15:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X64\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.20 01:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X64\AppData\Roaming\mozilla\Firefox\Profiles\d8ro7h5k.default\extensions
[2012.03.30 07:28:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\X64\AppData\Roaming\mozilla\Firefox\Profiles\d8ro7h5k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.07 23:07:43 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\X64\AppData\Roaming\mozilla\Firefox\Profiles\d8ro7h5k.default\extensions\DeviceDetection@logitech.com
[2012.05.17 23:43:23 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\X64\AppData\Roaming\mozilla\Firefox\Profiles\d8ro7h5k.default\extensions\ich@maltegoetz.de
[2012.07.20 01:19:46 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\Users\X64\AppData\Roaming\mozilla\Firefox\Profiles\d8ro7h5k.default\extensions\synchronize@nokia.suite
[2011.10.25 11:02:08 | 000,000,931 | ---- | M] () -- C:\Users\X64\AppData\Roaming\Mozilla\Firefox\Profiles\d8ro7h5k.default\searchplugins\conduit.xml
[2012.06.05 16:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.20 01:20:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.26 14:33:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.20 01:20:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.20 01:20:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.20 01:20:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.20 01:20:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.20 01:20:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.20 01:20:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\X64\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\X64\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\X64\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\X64\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: Angry Birds = C:\Users\X64\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\X64\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\X64\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\X64\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
CHR - Extension: Google Mail = C:\Users\X64\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.09.21 15:42:00 | 000,000,950 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mp02.maniaplanet.com
O1 - Hosts: 127.0.0.1 mp01.maniaplanet.com
O1 - Hosts: 127.0.0.1 mp03.maniaplanet.com
O1 - Hosts: 127.0.0.1 game.maniaplanet.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
F3:64bit: - HKCU WinNT: Load - (C:\Users\X64\LOCALS~1\Temp\msijulzc.com) -  File not found
F3 - HKCU WinNT: Load - (C:\Users\X64\LOCALS~1\Temp\msijulzc.com) -  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BA7DEE7-D696-4974-9499-3F1853A0ACAD}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60FC9E6F-A2DE-4BDD-B88D-12C175E95371}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.19 20:09:27 | 000,000,059 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5bbe2205-3268-11e1-8ba0-fbf920f58c71}\Shell - "" = AutoRun
O33 - MountPoints2\{5bbe2205-3268-11e1-8ba0-fbf920f58c71}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2011.04.19 20:09:27 | 000,596,187 | R--- | M] (Valve                                                       )
O33 - MountPoints2\{ad73554a-01a2-11e1-a6f3-0015833d0a57}\Shell - "" = AutoRun
O33 - MountPoints2\{ad73554a-01a2-11e1-a6f3-0015833d0a57}\Shell\AutoRun\command - "" = G:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.ZMBV - C:\Windows\SysWow64\zmbv.dll ()
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.21 21:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2012.07.21 20:14:19 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Local\TaskManager
[2012.07.21 20:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Extended Task Manager
[2012.07.21 20:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Free Extended Task Manager
[2012.07.21 20:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TaskManager
[2012.07.21 19:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.07.21 19:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012.07.21 19:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012.07.20 01:31:00 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ODEON
[2012.07.20 01:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODEON
[2012.07.20 01:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ODEON
[2012.07.20 01:19:13 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Nokia Suite
[2012.07.20 00:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\ODEON
[2012.07.20 00:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\nokia
[2012.07.17 17:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Getic3D
[2012.07.17 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\X64\Desktop\Neuer Ordner (3)
[2012.07.15 16:02:59 | 000,124,928 | ---- | C] (DT Soft Ltd) -- C:\Users\X64\AppData\Roaming\sofxt.dll
[2012.07.15 16:02:58 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\xsecva
[2012.07.15 03:05:26 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.15 03:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.11 16:41:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 16:41:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 16:41:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 16:41:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 16:41:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 16:41:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 16:41:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 16:41:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 16:41:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 16:41:31 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 16:41:31 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 16:41:31 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 16:41:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 12:53:57 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\blueMSX
[2012.07.11 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\X64\Documents\openMSX
[2012.07.11 11:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jnes
[2012.07.11 11:25:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 11:25:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 11:25:48 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 11:25:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 11:25:46 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 13:20:45 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rigs of Rods 0.38.67
[2012.07.10 13:20:33 | 000,000,000 | ---D | C] -- C:\Users\X64\Documents\Rigs of Rods 0.38
[2012.07.09 14:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.09 14:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.09 14:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.07.09 14:29:13 | 000,000,000 | ---D | C] -- C:\AMD
[2012.07.05 14:35:17 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.03 15:20:40 | 000,000,000 | ---D | C] -- C:\Users\X64\Desktop\pcsx2-5331-windows-x86
[2012.07.02 17:24:39 | 000,000,000 | ---D | C] -- C:\Users\X64\Desktop\Neuer Ordner (5)
[2012.07.02 17:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.07.01 18:47:15 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Local\FLT
[2012.07.01 17:20:20 | 000,000,000 | ---D | C] -- C:\Users\X64\Documents\luciano
[2012.06.30 17:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader 2
[2012.06.29 18:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warzone 2100-3.1_beta11
[2012.06.29 18:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warzone 2100-3.1_beta11
[2012.06.27 12:43:29 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Soluto
[2012.06.26 14:59:58 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.06.26 14:58:58 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Dropbox
[2012.06.26 14:36:28 | 000,054,728 | ---- | C] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2012.06.26 14:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2012.06.26 14:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012.06.26 14:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2012.06.26 13:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Files
[2012.06.22 19:20:17 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
[2012.06.22 19:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
[2012.06.22 19:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\psx emulation cheater
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.22 15:11:33 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad
[2012.07.22 15:08:17 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.22 14:58:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3571985462-20978480-222790784-1000UA.job
[2012.07.22 14:27:50 | 000,031,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 14:27:50 | 000,031,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 14:25:05 | 010,006,696 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.22 14:25:05 | 003,391,988 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.22 14:25:05 | 003,092,592 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.22 14:25:05 | 002,752,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.22 14:25:05 | 000,006,252 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.22 14:20:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 14:19:59 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.21 21:00:51 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2012.07.21 19:37:03 | 000,001,873 | ---- | M] () -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.20 18:58:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3571985462-20978480-222790784-1000Core.job
[2012.07.20 12:16:25 | 000,414,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.20 01:35:42 | 000,000,990 | ---- | M] () -- C:\Users\X64\Desktop\JAF_Nokia_BB5Plus_100b_FREE_by_Zulea.lnk
[2012.07.20 01:35:42 | 000,000,930 | ---- | M] () -- C:\Users\X64\Desktop\OGM_JAF_PKEY_Emulator_v6.lnk
[2012.07.20 01:35:42 | 000,000,854 | ---- | M] () -- C:\Users\X64\Desktop\JAFLogger.lnk
[2012.07.20 01:31:00 | 000,001,990 | ---- | M] () -- C:\Users\X64\Desktop\Launch JAF COM Emulator.lnk
[2012.07.20 01:31:00 | 000,001,955 | ---- | M] () -- C:\Users\X64\Desktop\Launch JAF Logger.lnk
[2012.07.20 01:31:00 | 000,001,909 | ---- | M] () -- C:\Users\X64\Desktop\Launch JAF.lnk
[2012.07.18 04:41:51 | 000,002,404 | ---- | M] () -- C:\Users\X64\Desktop\Xpadder.ini
[2012.07.15 16:02:59 | 000,124,928 | ---- | M] (DT Soft Ltd) -- C:\Users\X64\AppData\Roaming\sofxt.dll
[2012.07.15 00:04:18 | 000,000,705 | ---- | M] () -- C:\Users\X64\Desktop\Counter-Strike Source.lnk
[2012.07.14 20:21:13 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.13 04:38:53 | 000,000,804 | ---- | M] () -- C:\Users\X64\Documents\countsou.xpadderprofile
[2012.07.12 16:33:23 | 000,001,103 | ---- | M] () -- C:\Users\X64\Desktop\run_css - Verknüpfung.lnk
[2012.07.11 16:39:47 | 000,000,427 | ---- | M] () -- C:\Users\X64\Documents\msx metal gear.xpadderprofile
[2012.07.11 12:53:57 | 000,002,929 | ---- | M] () -- C:\Users\X64\Desktop\blueMSX.lnk
[2012.07.11 11:54:18 | 000,000,947 | ---- | M] () -- C:\Users\X64\Desktop\Jnes.lnk
[2012.07.10 14:16:47 | 000,000,762 | ---- | M] () -- C:\Users\X64\Desktop\Rigs of Rods.lnk
[2012.07.09 16:37:12 | 000,265,258 | ---- | M] () -- C:\Users\X64\Desktop\OptiFine_1.2.5_HD_MT_C3.zip
[2012.07.09 16:16:23 | 000,002,067 | ---- | M] () -- C:\Users\X64\Documents\mcedit.ini
[2012.06.30 17:51:11 | 000,001,973 | ---- | M] () -- C:\Users\X64\Desktop\JDownloader 2.lnk
[2012.06.29 18:13:21 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012.06.29 18:13:21 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012.06.29 18:13:20 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Warzone 2100-3.1_beta11.lnk
[2012.06.27 12:35:25 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.26 14:36:50 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.06.24 12:59:28 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Resident Evil Operation Raccoon City.lnk
[2012.06.24 12:59:11 | 000,004,930 | ---- | M] () -- C:\Users\X64\AppData\Roaming\PStrip.ini
[2012.06.24 12:59:11 | 000,004,930 | ---- | M] () -- C:\Users\X64\AppData\Roaming\PStrip.bak
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.21 21:00:51 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2012.07.21 19:35:04 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad
[2012.07.21 19:35:04 | 000,001,873 | ---- | C] () -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.20 01:34:54 | 017,455,534 | ---- | C] () -- C:\Users\X64\Desktop\JAFSetup_1.98.62.exe
[2012.07.20 01:31:00 | 000,001,990 | ---- | C] () -- C:\Users\X64\Desktop\Launch JAF COM Emulator.lnk
[2012.07.20 01:31:00 | 000,001,955 | ---- | C] () -- C:\Users\X64\Desktop\Launch JAF Logger.lnk
[2012.07.20 01:31:00 | 000,001,909 | ---- | C] () -- C:\Users\X64\Desktop\Launch JAF.lnk
[2012.07.20 00:48:48 | 000,000,990 | ---- | C] () -- C:\Users\X64\Desktop\JAF_Nokia_BB5Plus_100b_FREE_by_Zulea.lnk
[2012.07.20 00:48:48 | 000,000,930 | ---- | C] () -- C:\Users\X64\Desktop\OGM_JAF_PKEY_Emulator_v6.lnk
[2012.07.20 00:48:48 | 000,000,854 | ---- | C] () -- C:\Users\X64\Desktop\JAFLogger.lnk
[2012.07.14 20:20:42 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.13 04:38:52 | 000,000,804 | ---- | C] () -- C:\Users\X64\Documents\countsou.xpadderprofile
[2012.07.12 16:32:55 | 000,001,103 | ---- | C] () -- C:\Users\X64\Desktop\run_css - Verknüpfung.lnk
[2012.07.12 16:01:55 | 000,000,705 | ---- | C] () -- C:\Users\X64\Desktop\Counter-Strike Source.lnk
[2012.07.11 13:03:10 | 000,000,427 | ---- | C] () -- C:\Users\X64\Documents\msx metal gear.xpadderprofile
[2012.07.11 12:53:57 | 000,002,929 | ---- | C] () -- C:\Users\X64\Desktop\blueMSX.lnk
[2012.07.11 11:53:41 | 000,000,947 | ---- | C] () -- C:\Users\X64\Desktop\Jnes.lnk
[2012.07.10 14:16:47 | 000,000,762 | ---- | C] () -- C:\Users\X64\Desktop\Rigs of Rods.lnk
[2012.07.09 16:37:09 | 000,265,258 | ---- | C] () -- C:\Users\X64\Desktop\OptiFine_1.2.5_HD_MT_C3.zip
[2012.06.30 17:51:11 | 000,001,973 | ---- | C] () -- C:\Users\X64\Desktop\JDownloader 2.lnk
[2012.06.30 17:44:34 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2012.06.29 18:13:20 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Warzone 2100-3.1_beta11.lnk
[2012.06.26 14:36:50 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.06.24 12:59:28 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Resident Evil Operation Raccoon City.lnk
[2012.06.24 12:59:11 | 000,010,511 | ---- | C] () -- C:\Users\X64\AppData\Roaming\PStrip.bk!
[2012.06.24 12:58:58 | 000,009,151 | ---- | C] () -- C:\Users\X64\AppData\Roaming\PStrip.bko
[2012.04.22 19:45:28 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.19 15:29:16 | 000,000,000 | ---- | C] () -- C:\Users\X64\AppData\Roaming\gnuplot_history
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.02 07:41:51 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\WavDest.dll
[2012.02.19 02:07:23 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\MCISPCDLG.DLL
[2012.02.19 02:07:23 | 000,013,824 | ---- | C] () -- C:\Windows\SysWow64\OUT_WAVE.DLL
[2012.02.19 02:07:22 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\IN_SPC.DLL
[2012.02.19 02:07:22 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SPC700EMU.DLL
[2012.02.13 19:31:07 | 000,004,930 | ---- | C] () -- C:\Users\X64\AppData\Roaming\PStrip.bak
[2012.02.13 19:30:57 | 000,004,930 | ---- | C] () -- C:\Users\X64\AppData\Roaming\PStrip.ini
[2012.02.13 19:28:50 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2012.02.09 15:21:40 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.02.09 15:21:40 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.12.30 02:25:05 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.12.08 19:36:57 | 000,002,189 | ---- | C] () -- C:\Users\X64\AppData\Local\TempfixPerms.vbs
[2011.12.08 18:04:16 | 000,000,173 | ---- | C] () -- C:\Users\X64\AppData\Local\msmathematics.qat.X64
[2011.12.07 00:51:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011.12.04 22:05:22 | 000,012,782 | ---- | C] () -- C:\Users\X64\AppData\Roaming\unins000.msg
[2011.12.04 22:05:19 | 000,007,624 | ---- | C] () -- C:\Users\X64\AppData\Roaming\unins000.dat
[2011.11.14 21:27:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.11.07 22:05:16 | 000,003,584 | ---- | C] () -- C:\Users\X64\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.01 20:27:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.10.27 19:38:16 | 001,593,186 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.26 20:52:06 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.26 20:52:04 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.26 16:39:06 | 000,007,641 | ---- | C] () -- C:\Users\X64\AppData\Local\Resmon.ResmonCfg
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.24 22:24:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.07.09 16:52:50 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\.minecraft
[2011.12.22 05:26:57 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Ashampoo
[2012.02.23 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Blender Foundation
[2011.12.11 18:20:11 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\CBL-Electronics
[2011.12.06 16:56:05 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\concept design
[2012.05.20 16:26:11 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\DAEMON Tools Lite
[2012.06.27 17:42:48 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Dropbox
[2011.12.04 14:29:27 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\FarmingSimulator2008
[2011.12.29 15:59:04 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\fltk.org
[2012.02.19 02:33:28 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\foobar2000
[2011.12.04 22:05:35 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Franzis
[2011.11.28 19:01:11 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Free Audio Editor
[2011.11.19 16:33:43 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\GameRanger
[2012.01.25 09:44:54 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\GetRightToGo
[2012.06.30 19:36:00 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\ICQ
[2011.10.25 19:00:13 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\ImTOO
[2012.01.11 17:46:12 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\JAM Software
[2011.11.19 16:25:54 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Leadertech
[2011.10.24 23:54:42 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\mkvtoolnix
[2012.01.20 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\MotioninJoy
[2012.05.29 14:36:56 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Mupen64Plus
[2011.12.04 21:50:03 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Nik Software
[2012.07.20 01:19:12 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Nokia
[2012.07.20 01:19:13 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Nokia Suite
[2011.11.02 16:36:58 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\OpenOffice.org
[2011.10.24 22:27:36 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Origin
[2012.05.29 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\PC Suite
[2011.11.24 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\pymclevel
[2012.05.06 13:59:24 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Samsung
[2012.03.22 14:53:27 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Seeing Machines
[2012.06.27 12:43:29 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Soluto
[2011.12.27 00:28:31 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Stereoscopic Player
[2012.03.19 17:12:36 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Synthesia
[2011.11.18 20:04:46 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Teeworlds
[2011.12.08 19:39:31 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Texas Instruments
[2011.11.08 22:36:55 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Thunderbird
[2011.12.08 19:40:08 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\TI-Nspire
[2012.05.17 15:59:44 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\TomTom
[2012.04.25 22:15:08 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\TS3Client
[2011.12.08 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\TuneUp Software
[2012.06.09 14:19:45 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Tunngle
[2011.11.08 23:34:38 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\ultrastardx
[2011.11.30 18:10:36 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Uniblue
[2012.05.21 19:42:07 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\uTorrent
[2012.07.18 13:58:40 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\xsecva
[2011.12.08 23:22:42 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012.07.08 18:44:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012.07.22 14:19:59 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012.07.22 14:20:04 | 4294,107,136 | -HS- | M] () -- C:\pagefile.sys
[2012.01.14 16:55:46 | 000,005,790 | ---- | M] () -- C:\shared.log
[2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2011.05.13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.10.31 17:42:59 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.10.31 17:42:59 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2012.06.02 10:43:51 | 009,737,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2010.11.21 05:25:10 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\system32\user32.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2010.11.21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\system32\ws2_32.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\system32\ws2help.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >
 
========== Files - Unicode (All) ==========
[2011.12.01 19:59:04 | 110,390,928 | ---- | M] ()(C:\Users\X64\Desktop\?? ????? ?? ??? ?????.mp4) -- C:\Users\X64\Desktop\أم كلثوم ــ هذه ليلتي.mp4
[2011.12.01 19:51:26 | 110,390,928 | ---- | C] ()(C:\Users\X64\Desktop\?? ????? ?? ??? ?????.mp4) -- C:\Users\X64\Desktop\أم كلثوم ــ هذه ليلتي.mp4
[2011.12.01 19:38:51 | 132,357,004 | ---- | C] ()(C:\Users\X64\Desktop\?? ????? ?? ???? ??? ?? ?????.flv) -- C:\Users\X64\Desktop\أم كلثوم ــ بعيد عنك ــ كاملة.flv
[2011.11.27 23:13:15 | 132,357,004 | ---- | M] ()(C:\Users\X64\Desktop\?? ????? ?? ???? ??? ?? ?????.flv) -- C:\Users\X64\Desktop\أم كلثوم ــ بعيد عنك ــ كاملة.flv

< End of report >

Gmer Log.txt

Code:

ATTFilter

 GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-22 15:16:56
Windows 6.1.7601 Service Pack 1 
Running: jtpki3qh.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57                                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57@2cd2e7566c3f                            0x79 0xD0 0xE7 0x33 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57@0024ef9c9a42                            0x30 0xE0 0x67 0xF8 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57@0024eff6c29e                            0x72 0x52 0x61 0x1E ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57@001c354903d1                            0xAF 0x0D 0x39 0x45 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x9D 0xF2 0xA0 0xDA ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x6C 0x9D 0x6E 0x97 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x0D 0xA2 0x5D 0xD7 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57 (not active ControlSet)                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57@2cd2e7566c3f                                0x79 0xD0 0xE7 0x33 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57@0024ef9c9a42                                0x30 0xE0 0x67 0xF8 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57@0024eff6c29e                                0x72 0x52 0x61 0x1E ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57@001c354903d1                                0xAF 0x0D 0x39 0x45 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x9D 0xF2 0xA0 0xDA ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x6C 0x9D 0x6E 0x97 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x0D 0xA2 0x5D 0xD7 ...

---- EOF - GMER 1.0.15 ----

Hoffe jemand kann mir helfen. Danke

hakimza · 22.07.2012, 14:50

Hier noch die extras.txt von OTL weil die nicht in den ersten post gepasst hat.

Code:

ATTFilter

OTL Extras logfile created on: 22.07.2012 15:18:28 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\X64\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,73% Memory free
8,00 Gb Paging File | 6,14 Gb Available in Paging File | 76,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 2,13 Gb Free Space | 1,46% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 2,48 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
Drive F: | 6,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: X64-PC | User Name: X64 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.)
"C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F8CD982-6453-463B-875D-DB835C45DFDF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{553281F2-BDCE-44FA-B8B6-0B4E89CFEDB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C66DE5D-08BD-400A-B6B8-F7554CF436A9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7238573B-33D9-4559-91DD-C1C73965D9E1}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{7C1FA22C-DB3A-4637-A7CF-54342E12A598}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7C46D8A9-CB76-4C60-BC07-2D2757C44D2C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9FB15F75-0684-49A2-83F0-933FE2649921}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A3386782-09FE-437D-9282-491EAAB2F041}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AEA14CDC-C162-4E44-81F8-44803BC471CA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{D2751E53-129F-41A3-87FF-39DBF24B8E66}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E2793B66-E3B2-47E3-82E8-88B94EF4600A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FC650216-3809-44F6-BC74-041FFB077C6C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F75A20-D7A5-48B3-AD09-E72600C42B89}" = protocol=6 | dir=in | app=g:\program files\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{0428DB2B-078B-4045-9BFF-1CBFB40BDF98}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{08B2E6F4-F23B-4262-92D1-2A1BDAC63ED4}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{097BECB6-AA00-4849-8E41-DD3A9591E488}" = protocol=17 | dir=in | app=c:\program files\mysticcoder\mysticthumbs\mysticthumbs64.dll | 
"{09BE9D57-D03C-4098-BEB7-42FCFD5E875B}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{0AD82056-4F77-4AD1-A0D3-FB500DE173B0}" = dir=out | app=g:\program files\atari\tdu2\uplauncher.exe | 
"{0B544449-9A78-4FDE-93CA-3CB53CE2A51F}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{0E09B055-AF95-4144-BC0E-DF4098808860}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{0EFA33F0-E850-473E-952F-752BAFB905EF}" = protocol=6 | dir=in | app=g:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{0F71B4B3-CB1E-4842-9742-FE57E12A9193}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{107D2B20-2AC1-486E-A48F-C0FC0DEB697A}" = protocol=6 | dir=in | app=g:\program files\electronic arts\shift 2 unleashedcommunitipatch\shift2u.exe | 
"{1703CA5E-E9D1-42C4-8E64-D3D9CE8E0FE5}" = protocol=6 | dir=in | app=c:\program files\mysticcoder\mysticthumbs\mysticthumbs32.dll | 
"{1D6ABE08-A974-485C-9EDA-51F5D76ED8F4}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{1F151226-58A5-43D7-A261-040516E5899F}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe | 
"{1FF5AB77-E4B5-4B60-914F-206DB73FFDBC}" = protocol=17 | dir=in | app=g:\program files\grand theft auto iv - episodes from liberty city\eflc.exe | 
"{21BB3666-8690-47AC-B831-3196E4AE6E79}" = protocol=17 | dir=in | app=c:\program files\mysticcoder\mysticthumbs\mysticthumbs.exe | 
"{22E5BABF-9BFC-4D75-BF22-7B61666C3B68}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{25169DFF-E951-4888-A1C1-E8672BF5F1BE}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{25F7A826-2248-4D0C-A2C1-257AC80480AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{292E1F91-2451-46C5-8A28-83CAFD6EEF0C}" = protocol=17 | dir=in | app=d:\program files (x86)\capcom\resident evil operation raccoon city\raccooncity.exe | 
"{2B173A95-99F9-4F0F-8AB4-485ACC428339}" = protocol=17 | dir=in | app=g:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{2B973B7A-7C57-46CA-B8F2-BAD536347790}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{336CF33A-AA9E-434C-B4F2-395785324AEF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{341CCBEF-474B-4D8C-9FE7-F59321D86825}" = protocol=6 | dir=in | app=g:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{34EA104E-76DA-46D9-B7CE-1648CEE44192}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{38E1E209-D099-41A1-93E6-158C6D06FD5F}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{3A30184B-CB80-442C-B3D4-439F28B1B675}" = protocol=6 | dir=in | app=c:\program files\mysticcoder\mysticthumbs\mysticthumbscontrolpanel.exe | 
"{3C9B3A6D-3879-4EF4-9D85-8DBCC996AB2F}" = protocol=17 | dir=in | app=g:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{3CE7C93A-42A9-43CE-9158-1EBA958F970C}" = protocol=6 | dir=in | app=c:\users\x64\appdata\roaming\dropbox\bin\dropbox.exe | 
"{43182C60-A8F7-4617-8704-FB5C5882FFAD}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{43D8424C-9692-48B5-BCD0-30F1CDDB2A32}" = protocol=6 | dir=in | app=g:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{44D351C3-B0D5-4FF9-80E2-4630CDBBCAC7}" = protocol=6 | dir=in | app=g:\program files\grand theft auto iv - episodes from liberty city\eflc.exe | 
"{484B1269-22EE-4DF9-8FB7-CB74D5C3C022}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | 
"{4F88CFB4-2769-4E1E-BAE8-38F7CE43FB47}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{50AB8054-0EF9-4F74-9D0C-18D3FFC15D7C}" = protocol=17 | dir=in | app=h:\program files\capcom\resident evil 5\re5dx10.exe | 
"{5117A62F-8C30-4CCD-846C-2F0103A97971}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{567FA503-A78A-4C96-91D0-E3F7B6015A96}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{56E18311-08D8-4926-9606-27AA91D24E06}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{5C32AF46-5B40-491B-B1B6-789D12185D0C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5D5FFC8C-7D9E-4936-B598-F0B2FBBD8955}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\burnout paradise\burnoutconfigtool.exe | 
"{5E5AE7A5-DC02-4C5A-99B9-7134BB44ED5C}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{623F5EBD-67D9-4494-977F-0B4FFB734863}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{63BC4723-BB68-4CA2-8267-1A83C63A53F5}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{668D240C-5BF3-4883-A25F-244E71CD655B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{6C6AE345-25D8-4F36-A89D-20C40E625582}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{6F31A5C2-5024-4D07-8B30-80B931BA1A93}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6FE19DAF-9331-4590-BB9E-DCC73C0F96C5}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{7235A652-257A-4756-AB2F-9562CEE3A32B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{73B5D0EA-E1CC-4180-AA8F-A019D170F7C9}" = protocol=17 | dir=in | app=g:\program files\codemasters\dirt 3\dirt3_game.exe | 
"{744F6FE4-740E-4AE6-9232-0E410AFA4236}" = protocol=17 | dir=in | app=g:\program files\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe | 
"{75DB3D56-7371-4833-83DF-56D098B28D31}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\burnout paradise\burnoutparadise.exe | 
"{796EA4A0-1237-4825-BF4F-99636B60DA6D}" = protocol=6 | dir=in | app=g:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{7B563BF1-0688-43A1-AEEB-EC54AAE54ED5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{7B7C8F3D-8FB3-49CB-9C02-5EB05DD739F1}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{7BEEF5FF-3956-4D7E-A828-5471ECED9BCE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7F00A33E-A567-4817-975E-2342608E74FE}" = protocol=17 | dir=in | app=c:\program files\mysticcoder\mysticthumbs\mysticthumbs32.dll | 
"{825B2E04-4A72-4A73-9A6C-4FF92A7B8720}" = protocol=6 | dir=in | app=g:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{84E425AB-E8CD-42BC-91E2-A2E96F3CC751}" = protocol=17 | dir=in | app=g:\program files\mass effect\masseffectlauncher.exe | 
"{86D84C50-E002-4BCB-BA06-7957C5DC5117}" = protocol=6 | dir=in | app=h:\program files\capcom\resident evil 5\re5dx10.exe | 
"{888C702D-36B0-4B26-B6A6-01E0C00A57B7}" = protocol=6 | dir=in | app=c:\program files\mysticcoder\mysticthumbs\mysticthumbs64.dll | 
"{88EA34FE-9622-462D-91DA-1FEFCCC6D2CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8C33A7CD-E7FB-4E19-9367-5DE4DF0CAB5D}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{8ED4118D-E4F6-48CD-9903-6E9B506CDC4A}" = protocol=17 | dir=in | app=g:\program files\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{8F3AFC75-4681-4041-8727-C082A76727D0}" = protocol=17 | dir=in | app=g:\program files\capcom\resident evil 5\re5dx9.exe | 
"{91FB1B62-7C50-4C7E-A50B-33B5F8F7ABE4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9C0E494E-3B8B-479E-8679-34341C918C6C}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe | 
"{9C4441D8-A704-4BBE-B210-B0D5E9C2C3A6}" = protocol=17 | dir=in | app=c:\program files\mysticcoder\mysticthumbs\mysticthumbscontrolpanel.exe | 
"{A00C84F8-1E8A-4BC9-800D-76FC3D432642}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A10547F8-E17F-4DBC-AFDF-7DCE94E92077}" = protocol=6 | dir=in | app=d:\program files (x86)\black_box\max payne 3\maxpayne3.exe | 
"{A22D172F-5513-406C-A381-1E19F64A7F6D}" = protocol=6 | dir=in | app=g:\program files\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe | 
"{A399BCC9-FD7D-408D-BBD6-AEA754F5D521}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A3CE76E4-313D-403F-B7D8-87BE2A2DA7F8}" = protocol=17 | dir=in | app=g:\program files\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{A44CC420-D39B-4454-B71C-FE2DE0ABB23B}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{A86DFC0F-FD0D-4A32-9B26-F351FE6989A5}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A89A59E9-A7AF-4828-91D2-E29231BFA6AB}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{ACB720DD-83F3-4E70-9A9C-83FFC4D43874}" = protocol=6 | dir=in | app=g:\program files\capcom\resident evil 5\re5dx10.exe | 
"{AFDFACE2-7DF5-4D0B-A9ED-B92A5EB1739F}" = protocol=6 | dir=in | app=g:\program files\mass effect\masseffectlauncher.exe | 
"{B0A92892-7B59-4D91-92EE-4E0B18B5B9D8}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{B1B47FDD-C0EB-4144-B4EC-C8AAD439736A}" = protocol=17 | dir=in | app=d:\program files (x86)\valve\portal 2\portal2.exe | 
"{B22583B4-776C-4A62-B250-3B3A5F38862D}" = protocol=17 | dir=in | app=g:\program files\square enix\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"{B25CC2D6-A7BA-4F37-B3F4-45A7983DE5D9}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{B57E912A-FFC5-4DF0-B63E-00817E6EF3DE}" = protocol=6 | dir=in | app=c:\users\x64\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B5C2AA2B-E8D5-4823-B421-05CBC04A3379}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B91CEADC-6EDC-41CB-8582-A11FC1682875}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{BA008D16-1E66-463C-81FC-2FDD3F53A016}" = protocol=17 | dir=in | app=g:\program files\ubisoft\driver san francisco\driver.exe | 
"{BB4DA3E9-8821-4498-99F3-79FD1EB31D47}" = protocol=6 | dir=in | app=c:\users\x64\downloads\solutoinstaller-m2mno9g1fc.exe | 
"{BB751907-9E69-4C25-A7DC-D16F2B3D7CDD}" = protocol=6 | dir=in | app=g:\program files\capcom\resident evil 5\re5dx9.exe | 
"{BC2023CD-AF19-4A93-96D6-69353199CAD6}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{BD0E838E-794C-43C8-8D15-3F567CABDF80}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\burnout paradise\burnoutparadise.exe | 
"{C16D5167-CDA7-40F7-95CF-CF6000B31432}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | 
"{C2045FB0-DF56-450E-B2A6-45BD09D09B8E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\burnout paradise\burnoutlauncher.exe | 
"{C344C619-2881-45DF-8645-8F484EB61663}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C84D440A-DC1D-4726-9D6A-AB4CFD1C532C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | 
"{CA537851-2EB1-431F-A7E6-D4D733316A56}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{CB0134CF-6DA8-43C9-AFC9-CD6850EC8DDC}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{CC022A3E-640D-4513-AE23-532123C79500}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{CC43D28E-BC32-4240-8CCD-7A8F4AD1D1E3}" = protocol=17 | dir=in | app=g:\program files\mass effect\binaries\masseffect.exe | 
"{CC6CC80C-38E0-4590-9B55-208BEABC5DFA}" = protocol=17 | dir=in | app=g:\program files\codemasters\dirt2\dirt2_game.exe | 
"{CC77BC49-0AA3-4FFD-953C-8CD6CCAD5C68}" = protocol=6 | dir=in | app=c:\program files\mysticcoder\mysticthumbs\mysticthumbs.exe | 
"{CC88CECE-5F92-4793-B490-937D9CCBC19F}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"{CD603999-0AA1-426E-9050-C8FCC8B183A7}" = protocol=6 | dir=in | app=g:\program files\ubisoft\driver san francisco\driver.exe | 
"{CD67FA42-A847-4969-A203-0C9FFED00951}" = protocol=17 | dir=in | app=g:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{CEFDA983-03E8-492F-BAA1-A761AAC611F9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D117FF0B-0A87-4251-9859-196E1439C428}" = protocol=17 | dir=in | app=g:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{D1907083-0401-490D-A3A6-CDCE327FAF7C}" = protocol=6 | dir=in | app=g:\program files\electronic arts\shift 2 unleashed\shift2u.exe | 
"{D1E25062-7AD6-4470-A31F-0DD98348B9EB}" = protocol=6 | dir=in | app=g:\program files\mass effect\binaries\masseffect.exe | 
"{D23911E0-9975-4D12-984C-920DCD0770AA}" = protocol=17 | dir=in | app=g:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{D36CD532-8A20-41FF-9644-8E96D9DFE3CD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{D5EEEF9B-BFE6-486E-80BF-37BA4C93854E}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{D99F17BD-0249-412C-9356-914E555E9E99}" = protocol=6 | dir=in | app=d:\program files (x86)\valve\portal 2\portal2.exe | 
"{D9EC3336-D5EE-44C1-A696-440389308195}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DC2CA5DB-6B99-4A98-921E-D29CB86ECD9B}" = protocol=6 | dir=in | app=g:\program files\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{E0BC9B4C-FDCF-4C6D-9A67-3E7173ADAA46}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{E3FFCE6E-C2E9-4242-8A00-753BD3532373}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{E462A181-21BC-426B-B81F-E4F1879D842E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{E47251B4-E82F-4295-BE5B-0169C9B8E066}" = protocol=17 | dir=in | app=g:\program files\electronic arts\shift 2 unleashed\shift2u.exe | 
"{E6315BE8-168F-46E5-9D7B-4E795D67133E}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{E87D3EC5-227B-4B32-8E19-282B0DE019E2}" = protocol=6 | dir=in | app=d:\program files (x86)\capcom\resident evil operation raccoon city\raccooncity.exe | 
"{E8A87AFA-8DD4-40ED-9236-C2A4C805DE99}" = protocol=6 | dir=in | app=g:\program files\square enix\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"{E946C750-109E-4370-94A4-2A153E76944C}" = protocol=17 | dir=in | app=c:\users\x64\downloads\solutoinstaller-m2mno9g1fc.exe | 
"{EF2CE94D-9588-4B92-8EE0-4E0D4B172D08}" = protocol=17 | dir=in | app=d:\program files (x86)\black_box\max payne 3\maxpayne3.exe | 
"{F151675E-147A-4E29-8C6B-EC42BC127C23}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{F1CB06C5-EAAF-4857-98F5-E8562BE0F478}" = protocol=17 | dir=in | app=g:\program files\capcom\resident evil 5\re5dx10.exe | 
"{F2241937-42FF-4C32-9B68-0206FF8DBFB4}" = protocol=17 | dir=in | app=c:\users\x64\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F28D45DA-74C3-4D5C-9C78-9CD710CCE5C3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\burnout paradise\burnoutlauncher.exe | 
"{F2B607E4-3E66-49DE-9EBD-F69E2F11EAE5}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"{F356F12D-AD8B-4D98-9389-6025B684DFA3}" = protocol=17 | dir=in | app=g:\program files\electronic arts\shift 2 unleashedcommunitipatch\shift2u.exe | 
"{F37A76D9-566C-4701-9672-83FE819F8353}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | 
"{F6193BDF-C0A6-454A-93FA-86C972B9A869}" = protocol=6 | dir=in | app=g:\program files\codemasters\dirt2\dirt2_game.exe | 
"{F8B1D2D1-F5ED-4F49-A9BF-FE8FE82D59D6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{FA0B3809-FA0A-4C99-AC81-C472311CCFF9}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\burnout paradise\burnoutconfigtool.exe | 
"{FD53D133-93D4-44F8-806A-94BE23559002}" = protocol=17 | dir=in | app=c:\users\x64\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FFC92C1E-72CC-4F92-B2F1-576FEDDC0FD7}" = protocol=6 | dir=in | app=g:\program files\codemasters\dirt 3\dirt3_game.exe | 
"TCP Query User{034AB333-52FD-44E0-A1D9-F09D8F64FC34}G:\program files\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\counter strike source 2010\hl2.exe" = protocol=6 | dir=in | app=g:\program files\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\counter strike source 2010\hl2.exe | 
"TCP Query User{0369DC56-3E8F-4EF7-A9F1-15BC5A74F80B}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe | 
"TCP Query User{071E114E-046F-4132-BB09-C45D667BD9BE}G:\program files\nadeo\trackmania 2 - canyon\maniaplanet.exe" = protocol=6 | dir=in | app=g:\program files\nadeo\trackmania 2 - canyon\maniaplanet.exe | 
"TCP Query User{15D85E19-63AF-474E-8335-F4245EAEF380}G:\program files\atari\tdu2\testdrive2.exe" = protocol=6 | dir=in | app=g:\program files\atari\tdu2\testdrive2.exe | 
"TCP Query User{1C186347-E279-46D6-A386-42007E5107EB}G:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=g:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{286547AE-9BD4-4BAA-A374-84AAB18B9C1E}G:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=g:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"TCP Query User{2B508B9D-0616-4C6E-BDE0-BC7CA68C1801}G:\program files\steamless left4dead pack\left4dead.exe" = protocol=6 | dir=in | app=g:\program files\steamless left4dead pack\left4dead.exe | 
"TCP Query User{2C69CFCB-BF1A-4DA8-A98F-E75A3AB88EB1}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{33BE5CDE-0531-4D43-AC96-B5080B04CB8E}G:\program files\atari\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=g:\program files\atari\tdu2\uplauncher.exe | 
"TCP Query User{36E594BA-25C8-4E96-9A17-A97DA675AC2E}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{38B24AD6-9E09-4F5F-9A9E-EB72CCA80C55}G:\program files\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe" = protocol=6 | dir=in | app=g:\program files\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe | 
"TCP Query User{3B5DE74A-44C7-4BAA-8122-903ABEA8A154}G:\p\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe" = protocol=6 | dir=in | app=g:\p\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe | 
"TCP Query User{4482C3D3-270B-41F1-B970-AA400DEAEEA6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{62FDE353-F48F-4507-B78F-97F98EDF96AF}D:\program files (x86)\black_box\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\program files (x86)\black_box\max payne 3\maxpayne3.exe | 
"TCP Query User{65EEF285-7126-4BBE-B522-27C618169548}H:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=h:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{6C4030DF-0DA4-434F-A403-BD0152BB4D0E}H:\program files\capcom\resident evil 5\re5dx9.exe" = protocol=6 | dir=in | app=h:\program files\capcom\resident evil 5\re5dx9.exe | 
"TCP Query User{6E6BEBFC-B365-41DD-8966-9A61C2917886}C:\users\x64\documents\icq\591271743\receivedfiles\395610033 daniel\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\x64\documents\icq\591271743\receivedfiles\395610033 daniel\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"TCP Query User{71255CCF-6243-404D-83C8-D3202876C973}G:\program files\ubisoft\driver san francisco\driver.exe" = protocol=6 | dir=in | app=g:\program files\ubisoft\driver san francisco\driver.exe | 
"TCP Query User{77F27A55-01B5-485D-BC7D-8A0EAD386096}C:\program files (x86)\abbequerque inc\facetracknoir\facetracknoir.exe" = protocol=6 | dir=in | app=c:\program files (x86)\abbequerque inc\facetracknoir\facetracknoir.exe | 
"TCP Query User{7B84CBD2-65EE-4A5D-85EE-2BDB452C6AD9}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe | 
"TCP Query User{7C954A2A-FD55-43A7-ADFD-2963CFEE0488}D:\games\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\games\counter-strike source\hl2.exe | 
"TCP Query User{86612C17-9144-4791-AD8A-AD21B402C0B0}G:\program files\ea games\need for speed the run\need for speed the run.exe" = protocol=6 | dir=in | app=g:\program files\ea games\need for speed the run\need for speed the run.exe | 
"TCP Query User{879BDF19-3A69-4066-B2DB-2EBA8F2B1AAF}G:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=g:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{917F4C4C-EDA3-403C-A33B-6E14693046F9}G:\program files\atari\tdu2\_uplauncher.exe" = protocol=6 | dir=in | app=g:\program files\atari\tdu2\_uplauncher.exe | 
"TCP Query User{93CF8DB4-1FD4-483A-8100-0207605F9139}G:\program files\electronic arts\shift 2 unleashedcommunitipatch\shift2u.exe" = protocol=6 | dir=in | app=g:\program files\electronic arts\shift 2 unleashedcommunitipatch\shift2u.exe | 
"TCP Query User{9C75C12B-19E4-4D23-8574-F9A778654CCF}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe | 
"TCP Query User{A88B444F-27EC-4C37-9AD2-8284E89632D2}C:\users\x64\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\x64\appdata\roaming\gameranger\gameranger\gameranger.exe | 
"TCP Query User{BBF3BECB-6EC5-4A65-A2F5-C35D5EA1B92D}H:\program files\capcom\resident evil 5\re5dx10.exe" = protocol=6 | dir=in | app=h:\program files\capcom\resident evil 5\re5dx10.exe | 
"TCP Query User{BC8A2867-E6B0-45B2-93DC-8831B7A574A4}G:\program files\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=g:\program files\electronic arts\shift 2 unleashed\shift2u.exe | 
"TCP Query User{C09D782D-5F8B-4AF8-982F-FD16C87E564E}C:\program files (x86)\warzone 2100-3.1_beta11\warzone2100.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warzone 2100-3.1_beta11\warzone2100.exe | 
"TCP Query User{C2B25356-5426-40F8-BAC8-DCB9017E2C76}C:\users\x64\appdata\local\temp\rar$exa0.967\miranda64.exe" = protocol=6 | dir=in | app=c:\users\x64\appdata\local\temp\rar$exa0.967\miranda64.exe | 
"TCP Query User{C2FDB5DC-4340-4FA1-A6A9-99339B7FCC06}G:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=6 | dir=in | app=g:\program files\steamless left4dead2 pack\left4dead2.exe | 
"TCP Query User{D3FC5DD0-C978-4CEC-BC00-0E71D407CA82}H:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=6 | dir=in | app=h:\program files\steamless left4dead2 pack\left4dead2.exe | 
"TCP Query User{D4F0C772-E64F-4E2B-9CE5-905F4AC0BEF1}D:\pyload\dist\pyloadcore.exe" = protocol=6 | dir=in | app=d:\pyload\dist\pyloadcore.exe | 
"TCP Query User{D5FD2327-2451-4D28-9200-1057A742057A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{E30A83A4-398A-4716-BD56-92B3C1970C09}C:\program files (x86)\warzone 2100-3.1_beta7\warzone2100.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warzone 2100-3.1_beta7\warzone2100.exe | 
"TCP Query User{E5BF4E01-DCC9-47EE-87B6-4F9B50751210}C:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe | 
"TCP Query User{F31C8001-BF24-40FF-A31D-8CE0462904B5}C:\program files (x86)\origin games\burnout paradise\burnoutparadise.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\burnout paradise\burnoutparadise.exe | 
"TCP Query User{F68AABBA-3A40-4AB0-AE37-616D89635AC3}D:\games1\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\games1\counter-strike source\hl2.exe | 
"TCP Query User{F8D8390D-019A-4B72-B0CA-85997FA7B177}G:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=g:\program files\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{FBF6BB2F-CF78-4104-A676-F1C15F05996B}D:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\valve\portal 2\portal2.exe | 
"TCP Query User{FE3E9057-9969-49AA-AB56-B79EDFC6BE6D}C:\program files (x86)\odeon\jaf\jcop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\odeon\jaf\jcop.exe | 
"UDP Query User{053473FB-3955-4A28-A548-2A6AFAE2092A}G:\program files\atari\tdu2\_uplauncher.exe" = protocol=17 | dir=in | app=g:\program files\atari\tdu2\_uplauncher.exe | 
"UDP Query User{11133AF7-13F8-47D7-8417-BAEEA9A55FB8}C:\users\x64\appdata\local\temp\rar$exa0.967\miranda64.exe" = protocol=17 | dir=in | app=c:\users\x64\appdata\local\temp\rar$exa0.967\miranda64.exe | 
"UDP Query User{12020621-8A5F-41D5-A28E-45356A08A0D0}G:\program files\ea games\need for speed the run\need for speed the run.exe" = protocol=17 | dir=in | app=g:\program files\ea games\need for speed the run\need for speed the run.exe | 
"UDP Query User{1503F4F1-76CE-44EE-BBF0-37BA8AA93257}C:\program files (x86)\origin games\burnout paradise\burnoutparadise.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\burnout paradise\burnoutparadise.exe | 
"UDP Query User{1528A627-70DD-4CF1-8666-E80EA8EEF78C}G:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=g:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{175D1E78-4A67-49A3-8C1D-4E348050653D}G:\program files\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=g:\program files\electronic arts\shift 2 unleashed\shift2u.exe | 
"UDP Query User{1C211E7F-8745-456E-8F76-85926E237D06}C:\program files (x86)\abbequerque inc\facetracknoir\facetracknoir.exe" = protocol=17 | dir=in | app=c:\program files (x86)\abbequerque inc\facetracknoir\facetracknoir.exe | 
"UDP Query User{25A83F09-186F-4E74-9832-2C4D5002ECFB}G:\program files\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe" = protocol=17 | dir=in | app=g:\program files\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe | 
"UDP Query User{26CA027D-5147-4D88-B2EA-53D245BAFA4E}G:\program files\electronic arts\shift 2 unleashedcommunitipatch\shift2u.exe" = protocol=17 | dir=in | app=g:\program files\electronic arts\shift 2 unleashedcommunitipatch\shift2u.exe | 
"UDP Query User{3092EFBC-49AF-425F-A71C-A6A8F8BFEFC1}G:\program files\atari\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=g:\program files\atari\tdu2\uplauncher.exe | 
"UDP Query User{3841BE01-F697-49AE-9A79-8D20FCC2AB76}C:\program files (x86)\warzone 2100-3.1_beta7\warzone2100.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warzone 2100-3.1_beta7\warzone2100.exe | 
"UDP Query User{38693119-EC48-4D81-9F30-512C2AB93111}D:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\valve\portal 2\portal2.exe | 
"UDP Query User{387DC8F5-06B4-444B-9B74-6B24EB86BF9F}H:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=h:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{3B75D274-6CEE-4250-996A-7258330C9D6A}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe | 
"UDP Query User{3F126D21-F8EA-49FF-8A6E-C064E655C63F}H:\program files\capcom\resident evil 5\re5dx10.exe" = protocol=17 | dir=in | app=h:\program files\capcom\resident evil 5\re5dx10.exe | 
"UDP Query User{4276F9A5-88A3-4E4A-9A10-8F918F63F761}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{42979CF7-BD28-465F-B9F7-5417AD58EAA8}C:\users\x64\documents\icq\591271743\receivedfiles\395610033 daniel\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\x64\documents\icq\591271743\receivedfiles\395610033 daniel\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"UDP Query User{4339365F-F4ED-4F13-AAA0-7EEFD0AC843B}H:\program files\capcom\resident evil 5\re5dx9.exe" = protocol=17 | dir=in | app=h:\program files\capcom\resident evil 5\re5dx9.exe | 
"UDP Query User{4A5CD3E9-4829-43BD-8B3E-5C6B8D543879}G:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=g:\program files\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{57AF1269-5B97-4439-AE1F-CC8AE57FD44F}C:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe | 
"UDP Query User{58742238-81E0-477B-9E76-C66B611BE7DE}D:\games\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\games\counter-strike source\hl2.exe | 
"UDP Query User{5B9ED0B3-C0D1-42E1-A6CB-20E82B31D1E1}G:\program files\nadeo\trackmania 2 - canyon\maniaplanet.exe" = protocol=17 | dir=in | app=g:\program files\nadeo\trackmania 2 - canyon\maniaplanet.exe | 
"UDP Query User{6035B6CE-2693-42F1-939A-70ACE0C4C676}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe | 
"UDP Query User{6374AAAC-3B96-45C1-AD88-40B779A96CFD}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{643E3B15-0FCD-4507-9343-8406352CFA5C}C:\program files (x86)\warzone 2100-3.1_beta11\warzone2100.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warzone 2100-3.1_beta11\warzone2100.exe | 
"UDP Query User{651C0847-50B8-45F0-99E7-50BFB6668368}G:\p\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe" = protocol=17 | dir=in | app=g:\p\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe | 
"UDP Query User{660C0A91-480D-468C-AA0D-8F15C06A05CF}G:\program files\ubisoft\driver san francisco\driver.exe" = protocol=17 | dir=in | app=g:\program files\ubisoft\driver san francisco\driver.exe | 
"UDP Query User{6C60C7B9-3BF8-4344-9C64-53C23D6D2572}D:\pyload\dist\pyloadcore.exe" = protocol=17 | dir=in | app=d:\pyload\dist\pyloadcore.exe | 
"UDP Query User{707DC5E6-7F0A-4F2C-97CC-C1AAEE94224F}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe | 
"UDP Query User{711EEE76-E3C8-4848-90E5-A31E669CFEB4}C:\users\x64\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\x64\appdata\roaming\gameranger\gameranger\gameranger.exe | 
"UDP Query User{733FEE5E-2C3F-4552-AA7F-504DDF16423B}G:\program files\atari\tdu2\testdrive2.exe" = protocol=17 | dir=in | app=g:\program files\atari\tdu2\testdrive2.exe | 
"UDP Query User{80DBEFCB-C915-4CA7-B819-B67FC26A9190}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{8F016EEB-4A57-4715-805C-B4F54CBA1FD6}C:\program files (x86)\odeon\jaf\jcop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\odeon\jaf\jcop.exe | 
"UDP Query User{91A6A023-FD15-46BA-B7E4-8D0FC31133C7}D:\games1\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\games1\counter-strike source\hl2.exe | 
"UDP Query User{A5C1E32D-FECC-41A3-BA3A-1579E696E718}G:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=17 | dir=in | app=g:\program files\steamless left4dead2 pack\left4dead2.exe | 
"UDP Query User{AA7ABFA9-4B2D-4DC1-8ECD-089D3B8BFEFB}G:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=g:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"UDP Query User{AE863952-D786-48CE-87C0-1D47BF297534}G:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=g:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{B104C8FF-5F16-4FDA-88FE-7935018DA947}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{B4263684-D262-44CB-9DCB-0268A210FECC}G:\program files\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\counter strike source 2010\hl2.exe" = protocol=17 | dir=in | app=g:\program files\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\counter strike source 2010\hl2.exe | 
"UDP Query User{BCF303FE-52C0-4E9E-B489-5D213B7CC1D6}H:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=17 | dir=in | app=h:\program files\steamless left4dead2 pack\left4dead2.exe | 
"UDP Query User{E2F3E191-157C-4213-BAB8-6CFC10E5746A}G:\program files\steamless left4dead pack\left4dead.exe" = protocol=17 | dir=in | app=g:\program files\steamless left4dead pack\left4dead.exe | 
"UDP Query User{FBD30E15-DB7D-4438-9787-44C057E9B9FC}D:\program files (x86)\black_box\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\program files (x86)\black_box\max payne 3\maxpayne3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{110EB5C4-E995-4CFB-AB80-A5F315BEA9E9}" = Python 2.6 (64-bit)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21D0374C-C358-0748-CAF9-7CBE65EB6FFF}" = AMD Fuel
"{225FA1E8-372F-BBFF-F488-E79D78A5180E}" = AMD AVIVO64 Codecs
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B374E6A8-501F-4BC0-BA59-4EE78F06B3B2}" = Oracle VM VirtualBox 4.1.10
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{D237D67F-E77C-4D9E-AA66-8B7A821C215F}" = MFC RunTime files x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4BB99B8-55DD-442D-B87F-54F261D519C1}" = Soluto
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Blender" = Blender
"CCleaner" = CCleaner
"Explorer Suite_is1" = Explorer Suite III
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Free Extended Task Manager" = Free Extended Task Manager
"GPL Ghostscript 9.05" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 (x64)
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05C02EE9-9F0A-4052-A4DA-8621F729B1F5}" = blueMSX
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}" = Python 2.6
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F121516-E175-4E0B-AC4D-42DD5164E396}_is1" = Need for Speed: The Run
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = AMD VISION Engine Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{2F7655DD-793E-40C6-B348-DE67C109F6FF}" = Spider-Man 2
"{32B08666-1587-435D-988C-7958A04B218A}_is1" = OMSI Addon Manager Version 1.2.4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}" = TP-LINK Wireless Client Utility
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{43430FA1-12BB-4D88-862E-4F1000008400}" = Resident Evil: Operation Raccoon City
"{43430FA1-388E-4359-A6DB-DA1000038401}" = Resident Evil: Operation Raccoon City
"{43430FA1-388E-4359-A6DB-DA1000038402}" = Resident Evil: Operation Raccoon City
"{43430FA1-388E-4359-A6DB-DA1000038403}" = Resident Evil: Operation Raccoon City
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{49C98C60-BAC3-4C92-AF4F-E890FD312D60}" = DER HERR DER RINGE: DIE GEFÄHRTEN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F06B69A-936D-4CE9-A4FF-FBB2F97A9735}" = FaceTrackNoIR
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{54F17206-BC4A-4139-AFFD-AE546C2957FF}" = Stereoscopic Player
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5BA9357B-E876-4FB2-8F1B-C7E63AC90E6F}" = Skyrim NPC Editor
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DF1B3E4-3EF6-4BFD-8C60-ABBCD423B5A6}_is1" = TrackMania 2 - Canyon
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{754854DC-2E0A-49D8-A1A1-426C1F9B1459}" = Intel(R) IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32
"{75D84EF7-0D8C-4e70-MAXP3-7B42A5D4E0EB}_is1" = Max Payne 3 version 1.02
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}" = USB/DVD-Downloadtool für Windows 7
"{7EED52BE-2247-D8E2-2196-492D03ABF276}" = HydraVision
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1" = GPU Temp version 1.0
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1" = Grand Theft Auto IV - Episodes From Liberty City
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator
"{9AFC93C3-EEE0-497C-9341-27753FAC7233}" = Prince of Persia The Two Thrones
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB419AC3-9BC1-4EC5-A75B-4D8870DD651F}_is1" = gnuplot 4.6.0
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C388D147-CCBA-411C-B9FC-2CC1B4EFB240}" = Pirates of the Caribbean
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFABC775-5386-4BA5-86B4-505BBD36E812}" = Batman: Arkham Asylum Game of the Year Edition
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5E5E46B-B56D-4CF6-9C0E-2BBCDCF46426}" = HDD Temperature v.4
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DCA0A35D-30F1-4ED0-971F-5FFD2F60BB08}" = bcTester 4.8 (de)
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Modern Air Combat
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FD31AD0D-98ED-4D54-B2C3-03646C3545B8}_is1" = Project CARS
"{FF1E64D7-700D-4503-972E-50D38B38FA39}" = Mobilink
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0630-0716-3135-7887" = JDownloader 2
"5513-1208-7298-9440" = JDownloader 0.9
"5513-1208-7298-9440-1" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alan Wake_is1" = Alan Wake
"ArtMoney SE_is1" = ArtMoney SE v7.39.1
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"Athan" = Athan Basic 4.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"Blender" = Blender (remove only)
"Call of Duty Modern Warfare 3 (c) Activision_is1" = Call of Duty Modern Warfare 3 (c) Activision version 1
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"D-Fend Reloaded" = D-Fend Reloaded 1.3.0 (deinstallieren)
"Dino Crisis 2" = Dino Crisis 2
"Driver San Francisco" = Driver San Francisco
"ESN Sonar-0.70.4" = ESN Sonar
"essentials-bundle" = TriDef 3D 5.2
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"ffdshow_is1" = ffdshow v1.1.3892 [2011-06-20]
"ffs2011_is1" = Franzis Führerschein Trainer 2012
"foobar2000" = foobar2000 v1.1.11
"Fraps" = Fraps
"Free Audio Editor_is1" = Free Audio Editor v9.0.1
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GPL Ghostscript 9.05" = GPL Ghostscript
"ImTOO Video Converter Ultimate 6" = ImTOO Video Converter Ultimate 6
"InstallShield_{2F7655DD-793E-40C6-B348-DE67C109F6FF}" = Spider-Man 2
"InstallShield_{49C98C60-BAC3-4C92-AF4F-E890FD312D60}" = DER HERR DER RINGE: DIE GEFÄHRTEN
"InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"JAFSetup" = JAF Setup
"Just Cause 2_is1" = Just Cause 2
"L.A Noire_is1" = L.A. Noire Update v1.3.2613
"Mafia II_is1" = Mafia II
"MKVtoolnix" = MKVToolNix 5.2.0 [20111203-387]
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Need for Speed High Stakes" = Need for Speed
"Network Play System" = EA Network Play System
"Nokia Suite" = Nokia Suite
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Origin" = Origin
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"PBP Unpacker_is1" = PBP Unpacker v0.94
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"Race On_is1" = Race On
"Railworks 3 Train Simulator 2012 Deluxe_is1" = Railworks 3 Train Simulator 2012 Deluxe
"rayatitray" = Ray Adams ATI Tray Tools
"Rigs of Rods 0.38.67" = Rigs of Rods 0.38.67
"Rockstar Games Social Club" = Rockstar Games Social Club
"Security Task Manager" = Security Task Manager 1.8d
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 440" = Team Fortress 2
"Super Jukebox" = Super Jukebox (Remove Only)
"Synthesia" = Synthesia (remove only)
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"TI-Nspire CAS Student Software" = TI-Nspire CAS Student Software
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"TomTom HOME" = TomTom HOME 2.8.4.2596
"TreeSize Free_is1" = TreeSize Free V2.7
"Tunatic" = Tunatic
"Tunngle beta_is1" = Tunngle beta
"UltraStar Deluxe" = UltraStar Deluxe
"Update Service" = Sony Ericsson Update Service
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"VLC media player" = VLC media player 2.0.2
"Warzone 2100-2.3.9" = Warzone 2100-2.3.9
"Warzone 2100-3.1_beta11" = Warzone 2100-3.1_beta11
"Warzone 2100-3.1_beta7" = Warzone 2100-3.1_beta7
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XMind" = XMind
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GameRanger" = GameRanger
"Google Chrome" = Google Chrome
"Meshfile Creator v1.0" = Meshfile Creator v1.0
"OMSI Spitterberg V 2.0" = OMSI Spitterberg V 2.0
"PyBluez-py2.6" = Python 2.6 PyBluez-0.18
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.07.2012 22:42:15 | Computer Name = X64-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4fd626ed  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x7cc  Startzeit der fehlerhaften Anwendung: 0x01cd6403c90ef45f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 2ec356c8-d082-11e1-a841-002421ee6a68
 
Error - 18.07.2012 07:52:11 | Computer Name = X64-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.07.2012 07:55:44 | Computer Name = X64-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 18.07.2012 07:55:44 | Computer Name = X64-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 18.07.2012 07:55:44 | Computer Name = X64-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 18.07.2012 07:57:54 | Computer Name = X64-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: xsecva.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ffa4706  Name des fehlerhaften Moduls: RASAPI32.dll, Version: 6.1.7600.16385, 
Zeitstempel: 0x4a5bdad7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000017e9  ID des fehlerhaften
 Prozesses: 0x980  Startzeit der fehlerhaften Anwendung: 0x01cd64db955ab182  Pfad der
 fehlerhaften Anwendung: C:\Users\X64\AppData\Roaming\xsecva\xsecva.exe  Pfad des 
fehlerhaften Moduls: C:\Windows\system32\RASAPI32.dll  Berichtskennung: ce63da89-d0cf-11e1-93fe-0015833d0a57
 
Error - 18.07.2012 10:23:52 | Computer Name = X64-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4445c334  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x47e2d72b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0037553e
ID
 des fehlerhaften Prozesses: 0x64c  Startzeit der fehlerhaften Anwendung: 0x01cd64eeff10a883
Pfad
 der fehlerhaften Anwendung: D:\Games\Counter-Strike Source\hl2.exe  Pfad des fehlerhaften
 Moduls: filesystem_steam.dll  Berichtskennung: 3250c5c1-d0e4-11e1-93fe-0015833d0a57
 
Error - 18.07.2012 10:51:48 | Computer Name = X64-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 18.07.2012 10:51:48 | Computer Name = X64-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 18.07.2012 10:51:48 | Computer Name = X64-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
[ Media Center Events ]
Error - 28.02.2012 23:14:24 | Computer Name = X64-PC | Source = MCUpdate | ID = 0
Description = 04:14:24 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
 konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')  
 
Error - 28.02.2012 23:14:38 | Computer Name = X64-PC | Source = MCUpdate | ID = 0
Description = 04:14:29 - Fehler beim Herstellen der Internetverbindung.  04:14:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 21.07.2012 13:14:51 | Computer Name = X64-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 21.07.2012 13:14:54 | Computer Name = X64-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 21.07.2012 13:15:27 | Computer Name = X64-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Soluto PCGenome Core Service erreicht.
 
Error - 21.07.2012 13:15:27 | Computer Name = X64-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Soluto PCGenome Core Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 21.07.2012 13:15:32 | Computer Name = X64-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Soluto
 
Error - 21.07.2012 21:37:22 | Computer Name = X64-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 21.07.2012 21:37:40 | Computer Name = X64-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 22.07.2012 08:20:22 | Computer Name = X64-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 22.07.2012 08:20:25 | Computer Name = X64-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 22.07.2012 08:20:39 | Computer Name = X64-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Soluto
 
 
< End of report >

hakimza · 25.07.2012, 22:19

Schade das mir keiner weiterhelfen kann, ich mach Windows neu und dann hat sich die Sache.

rundll32.dll Virus

Plagegeister aller Art und deren Bekämpfung: rundll32.dll Virus