Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.06.2013, 10:40   #1
Juri9
 
Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Icon21

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



Tachchen, ich bin's mal wieder!
Tja... seitdem ich heute meinen PC angeschaltet hab, ist ein wunderbarer Virus aktiv.
In jedem Browser ist das nun die neue Startseite:

Dieses "Portaldosites" lässt sich (wie es so scheint?) nicht entfernen.
Ich benutze die Browser: Internet Explorer, Firefox, Chrome, Opera.
In den Internetoptionen des IEs war das zwar aufgelistet, Entfernung des ganzen hat aber nichts gebracht.
In den anderen Browsern war das nicht mal aufgelistet sondern auf komplett anderen Seiten eingestellt (Google/Neuer Tab), "Portaldosites" blieb aber immer noch.
EDIT: Achso, und: Die mitgelieferte "Uninstall"-Anleitung funktioniert auch nicht :P
"Avast! Browser Cleanup" hat nichts gefunden und selbst nach Zurücksetzen der Browser durch dieses Programm blieb alles wie vorher.
Nun habe ich einen vollständigen Scan mit "Malwarebytes' Anti-Malware", also MBAM gemacht und er hat auch eine infizierte Datei gefunden mit "Portal" im Namen.
Hier mal kurz der Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.01.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Georg :: GEORG-PC [Administrator]

01.06.2013 09:14:10
mbam-log-2013-06-01 (09-14-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 699252
Laufzeit: 2 Stunde(n), 2 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Georg\AppData\Local\Temp\is1070216317\cor_ar_201342418305_portal.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Wie man entnehmen kann, habe ich das auch gleich löschen lassen. Keine Änderung.
Könnt ihr mir vielleicht helfen, diesen Plagegeist loszuwerden?
Das ist nämlich echt nervig und uncool.
Und irgendwo schon peinlich, weil ich eigentlich extra darauf achte, dass so eine Scheiße nicht mitinstalliert wird. D:
Mit freundlichen Grüßen,
Georg aka Juri9

Geändert von Juri9 (01.06.2013 um 10:43 Uhr) Grund: Ergänzung

Alt 01.06.2013, 11:55   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



hi,

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 01.06.2013, 12:41   #3
Juri9
 
Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



OTL.txt
Code:
ATTFilter
OTL logfile created on: 01.06.2013 13:32:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Georg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,36 Gb Available Physical Memory | 67,15% Memory free
15,96 Gb Paging File | 13,22 Gb Available in Paging File | 82,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 225,06 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
 
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Georg\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\eSafe\eGdpSvc.exe (eSafe Security Co., Ltd.)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\puush\puush.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\UMonit.exe ()
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\jmesoft\JME_LOAD.exe ()
PRC - C:\Windows\jmesoft\hotkey.exe (Lenovo)
PRC - C:\Windows\jmesoft\Service.exe ()
PRC - C:\Programme\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Windows\vphc700.exe (Sonix)
PRC - C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32com.shell.shell.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\_elementtree.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32api.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._html2.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\_socket.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\_multiprocessing.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32ts.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32crypt.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._core_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\_ssl.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._gdi_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._misc_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\pythoncom27.dll ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\PyWinTypes27.dll ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32security.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\_ctypes.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32profile.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._controls_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._windows_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\_hashlib.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\unicodedata.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\pyexpat.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._wizard.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32file.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32inet.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32process.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32pdh.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32event.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\select.pyd ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\puush\puush.exe ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll ()
MOD - C:\Windows\SysWOW64\UMonit.exe ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll ()
MOD - C:\Programme\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll ()
MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll ()
MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll ()
MOD - C:\Windows\jmesoft\VistaVolume.dll ()
MOD - C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (eSafeSvc) -- C:\ProgramData\eSafe\eGdpSvc.exe (eSafe Security Co., Ltd.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SolutoLauncherService) -- C:\Programme\Soluto\SolutoLauncherService.exe (Soluto)
SRV - (SolutoService) -- C:\Programme\Soluto\SolutoService.exe (Soluto)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (STRATO HiDrive Service) -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (GeneStor) -- C:\Windows\SysNative\drivers\GeneStor.sys (GenesysLogic)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV:64bit: - (phc700) -- C:\Windows\SysNative\drivers\phc700.sys ()
DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=3407923
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=3407923
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.msn.com/?pc=BB07 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = {C88215D9-8C4C-4C02-BD96-C2F219F35ED5}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND_deDE499
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{C88215D9-8C4C-4C02-BD96-C2F219F35ED5}: "URL" = hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/firefox"
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.2
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.2.0.2
FF - prefs.js..extensions.enabledAddons: %7Bc0c588b6-b11d-4898-af00-079fed05aa32%7D:20.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Georg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Georg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 19:17:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 17:19:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 17:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 19:17:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 17:19:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 17:52:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.30 12:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Extensions
[2012.08.30 12:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.04 08:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions
[2013.03.03 16:39:50 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013.05.04 07:46:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.05.04 08:50:20 | 000,651,215 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\stefanvandamme@stefanvd.net.xpi
[2013.05.04 08:50:20 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.05.04 08:50:20 | 003,242,364 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi
[2013.03.20 19:10:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.08 13:56:06 | 000,001,832 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\searchplugins\bing.xml
[2013.05.20 19:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.20 19:17:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.01.06 03:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [phc700] C:\Windows\vphc700.exe (Sonix)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe ()
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo)
O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe ()
O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [phc700] C:\windows\system32\vphc700.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer_de.exe (MAGIX AG)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Georg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1369826421840 (MUCatalogWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2938FA1-8998-4697-B61C-3E7448CF269D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.01 13:31:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe
[2013.05.30 21:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337
[2013.05.30 21:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013.05.30 21:01:32 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\eIntaller
[2013.05.29 18:08:46 | 000,000,000 | --SD | C] -- C:\Users\Georg\Google Drive
[2013.05.29 18:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.05.29 13:22:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscapi.dll
[2013.05.29 13:22:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscdll.dll
[2013.05.29 13:22:44 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetpp.dll
[2013.05.29 13:22:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tcpmib.dll
[2013.05.29 13:22:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tcpmib.dll
[2013.05.29 13:22:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sscore.dll
[2013.05.29 13:22:42 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2013.05.29 13:22:42 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2013.05.29 13:22:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll
[2013.05.29 13:22:42 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2013.05.29 13:22:41 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2013.05.29 13:22:41 | 000,190,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2013.05.29 13:22:41 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2013.05.29 13:22:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tcpmonui.dll
[2013.05.29 13:22:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tcpmonui.dll
[2013.05.29 13:22:40 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpdd.dll
[2013.05.29 13:22:40 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3dlg.dll
[2013.05.29 13:22:39 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gpprnext.dll
[2013.05.29 13:22:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gpprnext.dll
[2013.05.29 13:22:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013.05.29 13:22:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\svchost.exe
[2013.05.29 13:22:36 | 000,698,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netlogon.dll
[2013.05.29 13:22:36 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3msm.dll
[2013.05.29 13:22:35 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dot3msm.dll
[2013.05.29 13:22:35 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3api.dll
[2013.05.29 13:22:35 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3gpclnt.dll
[2013.05.29 13:22:35 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dot3gpclnt.dll
[2013.05.29 13:22:33 | 001,065,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll
[2013.05.29 13:22:33 | 001,039,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll
[2013.05.29 13:22:33 | 000,876,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
[2013.05.29 13:22:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013.05.29 13:22:32 | 000,965,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2013.05.29 13:22:32 | 000,832,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013.05.29 13:22:32 | 000,657,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013.05.29 13:22:32 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013.05.29 13:22:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpnpinst.exe
[2013.05.26 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\Facebook
[2013.05.25 21:27:30 | 000,000,000 | ---D | C] -- C:\Users\Georg\Lucia
[2013.05.21 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\TS3Client
[2013.05.21 15:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.05.21 15:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2013.05.20 13:46:46 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\Craften_Dev_Team
[2013.05.20 13:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal
[2013.05.20 13:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Craften Terminal
[2013.05.16 22:18:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.05.16 22:18:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.05.16 22:18:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013.05.16 22:18:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013.05.16 22:18:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013.05.16 22:18:39 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013.05.16 22:18:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.16 22:18:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013.05.16 22:18:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013.05.16 22:18:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013.05.16 22:18:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013.05.16 22:18:38 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.05.16 22:18:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.05.16 22:18:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.05.16 22:18:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.05.16 17:12:10 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 17:12:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2013.05.16 17:11:59 | 001,931,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013.05.16 17:11:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013.05.16 17:11:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013.05.16 17:11:59 | 000,111,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013.05.16 17:11:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2013.05.15 18:01:06 | 000,000,000 | ---D | C] -- C:\Users\Georg\Documents\Adobe
[2013.05.15 17:59:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2013.05.15 17:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.15 17:50:20 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\windows\SysNative\drivers\PxHlpa64.sys
[2013.05.15 17:50:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\cdralw2k.sys
[2013.05.15 17:50:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\cdr4_xp.sys
[2013.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2013.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013.05.15 17:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2013.05.15 17:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnalogX
[2013.05.13 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.05.13 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.05.05 19:21:16 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\LOVE
[2013.05.04 08:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.03.21 14:37:20 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.01 13:34:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.01 13:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe
[2013.06.01 13:31:01 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001UA.job
[2013.06.01 13:31:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001Core.job
[2013.06.01 12:45:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.01 11:29:06 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 11:29:06 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 11:18:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.01 11:18:26 | 2133,630,975 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.31 20:34:43 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Craften Terminal.lnk
[2013.05.31 15:09:25 | 002,456,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.05.30 21:01:44 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp100.dll
[2013.05.30 21:01:39 | 000,002,421 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.30 21:01:39 | 000,001,647 | ---- | M] () -- C:\Users\Georg\Desktop\Internet Explorer.lnk
[2013.05.30 21:01:39 | 000,001,313 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.29 18:08:47 | 000,001,713 | ---- | M] () -- C:\Users\Georg\Desktop\Google Drive.lnk
[2013.05.29 13:37:09 | 001,613,996 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.05.29 13:37:09 | 000,697,064 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.05.29 13:37:09 | 000,652,382 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.05.29 13:37:09 | 000,148,102 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.05.29 13:37:09 | 000,121,056 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.05.23 17:39:06 | 000,009,384 | ---- | M] () -- C:\Users\Georg\AppData\Local\recently-used.xbel
[2013.05.21 15:19:35 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.05.20 12:42:17 | 000,263,186 | ---- | M] () -- C:\Users\Georg\Desktop\Minecraft.exe
[2013.05.18 13:55:30 | 018,444,678 | ---- | M] () -- C:\Users\Georg\Desktop\cave story osu.mp4
[2013.05.18 00:06:12 | 000,170,858 | ---- | M] () -- C:\Users\Georg\Desktop\Der 2-2 Blues.pdf
[2013.05.17 19:46:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.17 19:36:53 | 007,153,538 | ---- | M] () -- C:\Users\Georg\Desktop\HASHTAGYOLOSWAG.exe
[2013.05.15 21:59:15 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.15 21:22:31 | 000,087,330 | ---- | M] () -- C:\Users\Georg\Desktop\Peach_and_Bowser_Wedding_by_EmperorTokijin.jpg
[2013.05.15 21:22:27 | 000,028,682 | ---- | M] () -- C:\Users\Georg\Desktop\600px-Prince_Mario_and_Princess_Peach.jpg
[2013.05.15 21:22:18 | 000,275,465 | ---- | M] () -- C:\Users\Georg\Desktop\marioandpeachvgloungecom1.jpg
[2013.05.15 19:34:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 19:34:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.15 17:47:06 | 000,001,518 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013.05.13 17:25:40 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2013.05.09 00:42:01 | 000,002,634 | ---- | M] () -- C:\Users\Georg\Desktop\My Movie_mp4.HDP
[2013.05.05 20:55:26 | 007,140,191 | ---- | M] () -- C:\Users\Georg\Desktop\My Movie.mp4
[2013.05.05 20:40:35 | 048,569,695 | ---- | M] () -- C:\Users\Georg\Desktop\magix at its best ... not.mp4
[2013.05.05 16:29:04 | 000,063,690 | ---- | M] () -- C:\Users\Georg\Desktop\Kuendigungsformular.pdf
[2013.05.04 07:23:27 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.29 18:08:47 | 000,001,713 | ---- | C] () -- C:\Users\Georg\Desktop\Google Drive.lnk
[2013.05.26 13:26:43 | 000,000,928 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001UA.job
[2013.05.26 13:26:42 | 000,000,906 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001Core.job
[2013.05.23 17:39:06 | 000,009,384 | ---- | C] () -- C:\Users\Georg\AppData\Local\recently-used.xbel
[2013.05.21 15:19:35 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.05.20 13:46:23 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Craften Terminal.lnk
[2013.05.20 12:42:12 | 000,263,186 | ---- | C] () -- C:\Users\Georg\Desktop\Minecraft.exe
[2013.05.18 13:52:21 | 018,444,678 | ---- | C] () -- C:\Users\Georg\Desktop\cave story osu.mp4
[2013.05.18 00:06:10 | 000,170,858 | ---- | C] () -- C:\Users\Georg\Desktop\Der 2-2 Blues.pdf
[2013.05.17 19:36:50 | 007,153,538 | ---- | C] () -- C:\Users\Georg\Desktop\HASHTAGYOLOSWAG.exe
[2013.05.15 21:22:29 | 000,087,330 | ---- | C] () -- C:\Users\Georg\Desktop\Peach_and_Bowser_Wedding_by_EmperorTokijin.jpg
[2013.05.15 21:22:25 | 000,028,682 | ---- | C] () -- C:\Users\Georg\Desktop\600px-Prince_Mario_and_Princess_Peach.jpg
[2013.05.15 21:22:17 | 000,275,465 | ---- | C] () -- C:\Users\Georg\Desktop\marioandpeachvgloungecom1.jpg
[2013.05.15 17:51:50 | 000,001,245 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CS6.lnk
[2013.05.13 17:25:40 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2013.05.05 21:04:08 | 000,002,634 | ---- | C] () -- C:\Users\Georg\Desktop\My Movie_mp4.HDP
[2013.05.05 20:51:18 | 007,140,191 | ---- | C] () -- C:\Users\Georg\Desktop\My Movie.mp4
[2013.05.05 20:36:49 | 048,569,695 | ---- | C] () -- C:\Users\Georg\Desktop\magix at its best ... not.mp4
[2013.05.05 16:29:03 | 000,063,690 | ---- | C] () -- C:\Users\Georg\Desktop\Kuendigungsformular.pdf
[2013.05.02 16:09:30 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013.05.02 16:09:30 | 000,001,518 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013.03.20 19:30:18 | 002,075,362 | ---- | C] () -- C:\Users\Georg\wmah.png
[2013.03.08 21:46:09 | 000,500,934 | ---- | C] () -- C:\Users\Georg\YT-2013-Channel-Layout.psd
[2013.03.07 20:11:38 | 000,286,787 | ---- | C] () -- C:\Users\Georg\Mario and Luigi_ Partners in Time Music - Time Hole (To Past).mp3
[2013.03.07 20:11:37 | 000,265,856 | ---- | C] () -- C:\Users\Georg\Mario & Luigi_ Partners In Time Music_ Time Hole (To Present).mp3
[2013.03.03 13:32:03 | 000,017,479 | ---- | C] () -- C:\Users\Georg\README.html
[2013.03.03 13:31:16 | 015,962,145 | ---- | C] () -- C:\Users\Georg\OpenHexagonV1.7.7z
[2013.02.28 18:25:23 | 000,003,584 | ---- | C] () -- C:\Users\Georg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.27 20:04:25 | 027,885,892 | ---- | C] () -- C:\Users\Georg\2013-02-27 - viedoe.mp4
[2013.02.27 19:59:47 | 000,096,120 | ---- | C] () -- C:\Users\Georg\2013-02-27 - 0002.JPG
[2013.02.27 19:57:32 | 000,090,108 | ---- | C] () -- C:\Users\Georg\2013-02-27 - 0001.JPG
[2013.02.05 21:23:41 | 371,802,536 | ---- | C] () -- C:\Users\Georg\OIO-v3.4.0.2724.zip
[2013.01.18 17:01:47 | 001,056,534 | ---- | C] () -- C:\Users\Georg\TK Brief Seite 2.pdf
[2013.01.18 17:01:47 | 000,528,162 | ---- | C] () -- C:\Users\Georg\TK Brief Seite 1.pdf
[2013.01.02 16:41:05 | 000,004,342 | ---- | C] () -- C:\Users\Georg\Ein_kleines_Dankeschön_für_ELSA_Ihr_10_Gutschein.eml
[2013.01.02 10:54:52 | 000,339,394 | ---- | C] () -- C:\Users\Georg\OptiFine_1.4.6_HD_U_A2.zip
[2012.11.16 20:52:58 | 000,325,327 | ---- | C] () -- C:\Users\Georg\OptiFine Mod 1.4.4.zip
[2012.10.29 21:47:52 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.10.20 23:03:45 | 000,011,351 | -HS- | C] () -- C:\Users\Georg\Folder.jpg
[2012.10.20 23:03:45 | 000,011,351 | -HS- | C] () -- C:\Users\Georg\AlbumArt_{F083D7D6-D194-444E-AD61-1A2F2DCADD22}_Large.jpg
[2012.10.20 23:03:45 | 000,002,936 | -HS- | C] () -- C:\Users\Georg\AlbumArtSmall.jpg
[2012.10.20 23:03:45 | 000,002,936 | -HS- | C] () -- C:\Users\Georg\AlbumArt_{F083D7D6-D194-444E-AD61-1A2F2DCADD22}_Small.jpg
[2012.10.20 23:03:05 | 138,968,261 | ---- | C] () -- C:\Users\Georg\News _ Infos zum Nintendo 3DS - Die dritte Dimension in der Hosentasche [HD].mp4
[2012.10.20 23:03:04 | 003,023,829 | ---- | C] () -- C:\Users\Georg\Lemon Tree with Lyrics_ By Fool's Garden (HD).mp3
[2012.10.20 23:01:33 | 000,651,923 | ---- | C] () -- C:\Users\Georg\talent.wmv
[2012.10.13 12:23:16 | 000,586,255 | ---- | C] () -- C:\Users\Georg\bank.jpg
[2012.10.12 10:59:18 | 000,331,339 | ---- | C] () -- C:\Users\Georg\Löwenzahn.pdf
[2012.10.11 14:27:18 | 005,904,128 | ---- | C] () -- C:\Users\Georg\IKS Brief.pdf
[2012.10.11 14:27:18 | 000,846,537 | ---- | C] () -- C:\Users\Georg\IKS-Brief Ergänzung.pdf
[2012.10.01 20:57:55 | 001,662,976 | ---- | C] () -- C:\Users\Georg\alexibexi klingelton.mpg
[2012.10.01 20:57:55 | 000,101,146 | ---- | C] () -- C:\Users\Georg\AlexiBexi Klingelton - I'm a scat man!.MP3
[2012.10.01 20:53:13 | 002,891,416 | ---- | C] () -- C:\Users\Georg\Kanal Screenshot.png
[2012.10.01 20:53:13 | 000,191,205 | ---- | C] () -- C:\Users\Georg\Kanaldesign.PNG
[2012.10.01 20:53:13 | 000,140,762 | ---- | C] () -- C:\Users\Georg\Kanaldesign (Küken, Name, Farbverlauf).png
[2012.10.01 20:53:13 | 000,138,319 | ---- | C] () -- C:\Users\Georg\Kanaldesign (nur Küken und Name).png
[2012.10.01 20:49:59 | 003,426,304 | ---- | C] () -- C:\Users\Georg\Schaumparty.mpg
[2012.10.01 20:49:59 | 002,118,375 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter.odp
[2012.10.01 20:49:59 | 002,118,274 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter für mich.odp
[2012.10.01 20:49:59 | 000,748,152 | ---- | C] () -- C:\Users\Georg\Schaumparty.mp4
[2012.10.01 20:49:59 | 000,052,289 | ---- | C] () -- C:\Users\Georg\Schaumparty.MP3
[2012.10.01 20:49:58 | 002,118,375 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter für Jakob.odp
[2012.09.16 15:42:31 | 000,001,229 | ---- | C] () -- C:\Users\Georg\Cave Story - Einfach Optionen.lnk
[2012.09.16 15:42:31 | 000,001,222 | ---- | C] () -- C:\Users\Georg\Cave Story - Musik.lnk
[2012.09.11 17:38:26 | 000,014,678 | ---- | C] () -- C:\Users\Georg\Informatik AB Variablen Aufgabe.odt
[2012.09.11 17:19:42 | 001,590,954 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.09.09 21:39:42 | 000,000,052 | -H-- | C] () -- C:\windows\popcreg.dat
[2012.09.09 21:39:42 | 000,000,014 | ---- | C] () -- C:\windows\popcinfot.dat
[2012.09.08 21:23:35 | 000,275,916 | ---- | C] () -- C:\Users\Georg\OptiFine_1.3.2_HD_B3.zip
[2012.09.08 15:55:19 | 000,015,488 | ---- | C] () -- C:\windows\phc700.ini
[2012.09.04 18:36:05 | 000,000,538 | ---- | C] () -- C:\Users\Georg\stern.py
[2012.09.04 18:34:02 | 000,001,463 | ---- | C] () -- C:\Users\Georg\IPI-TurtleGrafikV3.lnk
[2012.09.03 19:10:18 | 000,000,680 | RHS- | C] () -- C:\Users\Georg\ntuser.pol
[2012.09.03 18:45:34 | 000,188,803 | ---- | C] () -- C:\Users\Georg\englisch australische schilder.odt
[2012.08.31 20:21:56 | 000,000,043 | ---- | C] () -- C:\windows\popcinfo.dat
[2012.08.30 14:32:22 | 000,263,186 | ---- | C] () -- C:\Users\Georg\Minecraft.exe
[2012.08.30 12:10:37 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2012.08.30 11:39:16 | 000,011,776 | ---- | C] () -- C:\windows\SysWow64\pmsbfn32.dll
[2012.08.30 11:37:26 | 000,000,424 | ---- | C] () -- C:\windows\MAXLINK.INI
[2012.03.21 14:54:41 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2012.03.21 14:54:40 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2012.03.21 14:04:51 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\ustor.dll
[2012.03.21 14:04:51 | 000,049,152 | ---- | C] () -- C:\windows\SysWow64\UMonit.exe
[2012.03.21 14:04:48 | 000,172,097 | ---- | C] () -- C:\windows\SysWow64\NoMSGuninstall.exe
[2012.03.21 14:04:48 | 000,001,591 | ---- | C] () -- C:\windows\SysWow64\_IconCfg0.ini
[2012.03.21 14:04:48 | 000,000,840 | ---- | C] () -- C:\windows\SysWow64\ProductName.ini
[2012.03.21 14:04:48 | 000,000,187 | ---- | C] () -- C:\windows\SysWow64\IconCfg0.ini
[2012.03.21 14:01:39 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:23:59 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:27:31 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2012.10.01 21:00:46 | 000,000,000 | ---D | M](C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы
[2012.10.01 21:00:46 | 000,000,000 | ---D | M](C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы
(C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1105 bytes -> C:\Users\Georg\Ein_kleines_Dankeschön_für_ELSA_Ihr_10_Gutschein.eml:OECustomProperty

< End of report >
         
__________________

Alt 01.06.2013, 12:42   #4
Juri9
 
Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 01.06.2013 13:32:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Georg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,36 Gb Available Physical Memory | 67,15% Memory free
15,96 Gb Paging File | 13,22 Gb Available in Paging File | 82,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 225,06 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
 
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C2B37B-0671-490C-BE1C-74CA97BF5051}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{15A87F4E-241F-449E-AC03-4AA0CB80CBBC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1B4A4865-CBBC-47B0-B93E-F259D69DDDFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{53790E8C-B48C-497C-9CB8-6F1FFAAB32CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BFB543F-735A-4282-B7B9-89FC92D7F464}" = lport=139 | protocol=6 | dir=in | app=system | 
"{73B19E8F-4887-4018-867F-C07338123FE5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{78431585-D1B9-4448-AC6B-EFA1F7DC0C0B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{85FA0023-D95C-4F8E-BDED-3FCEEC7493C9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8F781AD2-AD2B-4AF6-B379-0B13174680EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{908AAB0F-491A-4425-8B3B-3B1E53E9EE31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{912AC895-789E-496C-98B0-8D72D6EC0FB5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{922C108D-6F9A-445E-BC6F-7B201DF284C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{967B93A9-BC02-4B9E-9D3B-21F4672F9DF1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9B07E23B-059A-445C-98D8-16623E81B0BE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A6C87A26-6FF6-4329-9218-97C345EC6556}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B2906482-A245-41B5-8E21-47B5D760A438}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B71C4F32-C4F5-4C90-AFE4-F8F1B9859DE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA206849-A555-4C29-A81D-BAEF3F2452DD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CB5AF48B-923E-4091-BCE3-0C9DFCA21262}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9F814A4-C1A0-46CD-97A1-6616EA6B28DB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E50537BB-09DA-4426-9B98-ABBAC72C37D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E8F4EAE9-EEF9-4598-B3D2-7E2C89B09DBA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FECD995B-6510-4C52-B774-17BC9B82B324}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006C26AA-B75E-4E6E-BF50-136FCC16C8FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe | 
"{0090712E-72D4-4727-AFE1-4C40E7C69B3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe | 
"{0137C469-5FD7-4B7D-8559-6D355FE10DE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical demo\binaries\win32\udk.exe | 
"{03812306-67F9-497C-A9F1-656207EEB295}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe | 
"{08F4477E-F6AC-479F-8EC7-54AC1609D3D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe | 
"{0D51A549-8608-43E8-8986-EBA6D1160BD3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe | 
"{0DA973A7-4FB2-4101-BDEE-9BB6C0638E8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E466B4A-A64D-4D01-8993-5EEF1C697118}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doc clock - the toasted sandwich of time\doc clock.exe | 
"{102DA8A1-2496-433A-8952-E173C78BC913}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe | 
"{12276CE7-E275-41B9-88EF-9F9E29551DD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical demo\binaries\win32\udk.exe | 
"{1235D849-DBC2-4029-A30D-0980E94EBA40}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zeit2demo\zeit2demo.exe | 
"{13150774-AB31-4C98-8F90-5444AAE1338D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe | 
"{13AA57CA-BE30-41E9-A7C2-867AED5604D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe | 
"{18DA1E93-B203-446B-A13D-3564F9D7FF52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe | 
"{18F1B629-C7A9-4B70-B2CA-1B954E15B481}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{18F5686A-5650-4E03-B04F-F0741BEE1F33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe | 
"{1C1FFCD4-26D0-4F03-B260-1CED1AAE96EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{1EAE80D8-F306-4A53-BEAE-2FB1E048FF8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{21D49862-83E6-4B73-A2EA-E1E28CBD2AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{21ECAEAE-4E2F-46C2-9A49-E0603C97B347}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{23912B69-DD7B-4930-8222-F63DF8EF5D57}" = dir=in | app=c:\users\georg\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{25701096-E906-4DB8-A436-A9255D623B60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe | 
"{2667B743-D9EF-49D6-B06D-AE17DEDFCAB0}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{28DEBE55-029F-43AD-9828-59D13B2D49C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe | 
"{28E66894-857D-4A29-9D78-B8DE3B84E4EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{2A74F4BD-796D-478C-BD72-3477E95BE753}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe | 
"{2A868817-D4D4-4DC8-96E2-A4AA1427A70B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2ACB958E-6E61-4D48-8FC7-4E5D57F7574F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\townsdemo\towns.exe | 
"{2B2AAE48-DF40-43FA-8CEA-BFF54B5B594C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah demo\hellyeah.exe | 
"{2BB755AB-E0B2-4F4C-B792-9F693CA959AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{2DF6758D-67DA-40FF-9D82-67480B050741}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe | 
"{2FF03031-A872-47B5-9066-EC5A3228BC7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waveform demo\waveform.exe | 
"{3075B07A-8889-4550-AE3F-A9FB8563E8E0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{30B2BE0E-FF95-4D90-A613-8F58737B60AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{3272AF85-56CE-4328-9E25-D06A2C623D14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe | 
"{32AC86FE-7C53-400E-9888-1A0B084C5CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe | 
"{338FBA6B-C58D-4D45-BEEF-31AD42A6CEC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{343E59B5-54F0-471F-835D-7EAC8C91799E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe | 
"{35012540-2B1A-452B-AC1A-13E4C018B093}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe | 
"{359D6A9E-EF19-45BB-96D4-0EE0346D17FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe | 
"{36AC0F5E-ACE8-41FA-84EF-6D3DF8ED7FED}" = dir=in | app=c:\users\georg\appdata\local\microsoft\skydrive\skydrive.exe | 
"{37D168D1-ED87-47EC-B87C-4ED4C637582D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashersdemo\castle.exe | 
"{38737DD7-2C7C-45AE-BEC4-139A37BE173C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nimbus\nimbus.exe | 
"{39316293-4199-475F-B0D5-D554C046F96F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe | 
"{39432546-76A6-462C-BB6D-DABB72B534B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doc clock - the toasted sandwich of time\doc clock.exe | 
"{3C109900-16F6-42EF-B13F-4487F8C7510E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{3DBC435A-75CC-4C2B-862F-8145BE80B378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nimbus\nimbus.exe | 
"{3F8516F1-106E-49D0-A6B9-C284D27BB85A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{404203E1-E20A-435C-9D0A-DDE8655AAD08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe | 
"{4083708B-0BB4-4A30-8870-E1E53684B063}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{40A9BC7E-81AB-45DF-8DE3-98EA6E34DC32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{41ED39C4-B1B6-492F-8C25-578D8829D497}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gateways demo\gateways.exe | 
"{427A2EF8-9381-436B-B79A-2116CA79F6A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe | 
"{434D6C9D-C96B-480B-968A-81BB035984FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe | 
"{44FBDDD9-4B68-46E3-A31E-4FBD772B3575}" = protocol=17 | dir=in | app=c:\users\georg\downloads\solutoinstaller-e6b8ast5l2_u64642036.exe | 
"{4612CF14-DC42-44C5-BCCB-D04AAF284A21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe | 
"{467F4A91-456B-460A-9B4E-9CEBBB82C5CD}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{46EA5F02-231B-40A3-AA1B-ACE7C87191D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe | 
"{46F5B27F-8FCF-427B-9051-7B0B06EB4BA8}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{470D34AB-C709-4BBA-8A74-8B21CFCE7161}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{47557C1C-52DF-48CF-80DC-07709D3333B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a virus named tom\avnt.exe | 
"{475F6840-5D34-4FD3-B4AA-809AA91FAC56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\q.u.b.e. demo\binaries\win32\qube_demo.exe | 
"{480CB022-9061-4747-9BF2-4A8ACE0DF6B5}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{49A6D9FA-3F91-4D14-B812-28199ED97279}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waveform demo\waveform.exe | 
"{49B90CA8-53D1-4102-B3F2-6A28CE59B8EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gateways demo\gateways.exe | 
"{4B65ECA0-FD6D-4F08-9D43-543A01BB3397}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{4BF13D70-0EFC-4B72-8122-AD7B78361EAE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4D49F35C-431A-4840-943D-97D3569577EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe | 
"{53E98F3B-149D-48E1-8154-29D062CB371A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe | 
"{541BC669-5C65-47EA-AC45-37B1C11117F6}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{5700D215-FCFC-466B-8160-C5BF1E535D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe | 
"{5720695B-05C7-4713-B132-AFDA52746706}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe | 
"{5787295B-C620-4E6E-AD9C-582497A9DFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe | 
"{57CAEA72-3580-4333-905C-F11FE74B3CCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5CAE0A55-B591-451B-A39A-589291C2DD2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe | 
"{5E41DC16-0E87-482D-A737-AB25DB21CBCC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5EA4D163-8E75-4BE3-80C5-5831F21EA25B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5FA81ACF-C636-4170-9CCF-33AA6AC1B184}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{6042AC42-1C35-4A52-BED1-20270246718B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{615F4919-C829-48EF-9345-F7432529A38F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | 
"{62BD0121-2D79-4EE2-B196-65E10C68D1A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zeit2demo\zeit2demo.exe | 
"{62F9426D-FB8B-4FF8-A880-EFC4A168F727}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{69429CD5-48AA-4956-A8D6-C9EFBB161596}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{69AD0433-7E2E-46F3-82AE-6FC4F16BC094}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah demo\hellyeah.exe | 
"{6A12B38A-1849-4642-AA1D-93B86E5DFD86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\townsdemo\towns.exe | 
"{6B8C93ED-5A8B-4391-B571-D1DE5103245F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{6DA9B463-F4A8-4CC8-92AD-542D4A42E4EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{711AD83D-D311-4B4D-9632-21DEFF874697}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{7124BE5E-3EE4-4D61-97CB-C33DEF024FCE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | 
"{7159CA44-AA4C-46AF-B694-1BD87C2615BE}" = protocol=6 | dir=in | app=c:\users\georg\downloads\solutoinstaller-e6b8ast5l2_u64642036.exe | 
"{71DEFC4B-960B-421C-940F-16C6D3C4BBAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snapshot\snapshot.exe | 
"{74EFEA79-D65C-4B92-8461-C31636966557}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dollar dash demo\binaries\win32\pkgame-win32-shipping.exe | 
"{7540E045-8BBB-4386-858B-F65126882C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynamite jack\dynamite jack.exe | 
"{76842340-811A-4F5F-81D5-4A5FFB31FC48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe | 
"{76D17AA4-EE08-4762-9FE8-91DA1AE678A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{76DB1ADD-A282-4D9D-A5F8-9418DFAC7F22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe | 
"{7AF4BF6F-46AB-4FE4-8AAA-1F143BFBF696}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B4E2733-4EEA-4CD1-B625-75C6665D26F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe | 
"{7B964A17-BBB8-4F13-80FA-A5A3AAF05E23}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{7D908B10-1C38-4769-9A75-BC9D66A95860}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7EEC5345-F3A9-44FA-B1C8-C78CF3882D21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe | 
"{82232176-6EB4-4766-AE60-377E53E8433D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge demo\edge.exe | 
"{8392C022-59A5-46AE-BEAA-C8D7C98C3C68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynamite jack\dynamite jack.exe | 
"{846B17A4-D3EF-4965-A0C5-50C1FB451412}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{84A69656-BB6B-4F93-A718-165CF398DE57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{88046B5F-9BC7-43FB-A411-E1B2A51E73CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe | 
"{893090A5-69E6-466F-83C0-8F9519F9E182}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8AD37577-D455-470E-8D86-93CCC3A2A70C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{8B31E6FF-71EB-413D-A73A-7E7C65B69995}" = protocol=6 | dir=out | app=system | 
"{8B8D8B72-72E5-4CC9-A16B-178987701E82}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8CD3848E-3792-49A9-8F38-D3F7B98045DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe | 
"{8E085FDA-E838-47E8-936F-9A1E21D02080}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{8E0CBC34-FCED-4277-A804-E6FECC0D95A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{91483DEA-C659-4458-A059-19D546C17096}" = protocol=17 | dir=in | app=c:\users\georg\appdata\roaming\dropbox\bin\dropbox.exe | 
"{920C4FCF-E1D8-4344-B758-CA8796D9E0B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\q.u.b.e. demo\binaries\win32\qube_demo.exe | 
"{92179944-7ADD-4223-B71F-C6FC0F7959AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{93174BB3-72AC-4213-A6D2-A7782D11ADE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\and yet it moves demo\and yet it moves demo steam.exe | 
"{9322A2FC-3687-4562-AB7D-B6EA3773A935}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe | 
"{93277BBD-7088-49B3-8A1C-F536A6D4C98E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{935A3F39-502F-49BF-8CF9-CD222FF4DC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe | 
"{96B6EF2D-E1D5-4B2F-8791-316F6143168C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{9A798454-2512-424B-808E-70EC7EC85EF5}" = protocol=6 | dir=in | app=c:\users\georg\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9B2C2901-C10B-4B31-9417-DADF99C877EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe | 
"{9BC448A0-B9D4-42E3-AEF5-33D211DD23B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{9C773F63-480D-48D9-851E-B5F3D7BB3A76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe | 
"{9DE63EEC-B64E-49E8-84DD-7D7E243B8E0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | 
"{9E41C02B-A035-492A-BD20-D6DE1605C802}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{A04DF716-F363-4879-B078-D60427D28276}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A18AEDC3-1A03-4830-9748-A7F2457CE7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{A2A547EE-AD30-46DB-B9FD-A818575E6174}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\construct2\construct2.exe | 
"{A31F1703-50A7-4B01-9502-A7BD5D1B3F92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe | 
"{A453E21A-8A79-4B27-A20D-6805A1D85AA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe | 
"{A559068F-2D8B-4CDB-A6DF-410A69DEF9A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snapshot\snapshot.exe | 
"{A8DBDFD4-5B05-4017-83FB-A7DC47FC4FB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe | 
"{A95C8862-2AB8-495F-A5A4-3733FBBCDD62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{AA52B48A-879D-4464-923C-5511DDB6FCA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe | 
"{AC3D4983-B57B-4871-92B6-FC6C2EA507CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe | 
"{AEEBC0BE-2D38-488A-8F20-B79974B37112}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{B03FCE91-C4C4-41EC-985D-E897A654E843}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splice\splice.exe | 
"{B0880123-0CE1-4EF8-8608-FF6261859FD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe | 
"{B242223F-BCD1-424E-AA0E-224E8B63D74E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{B63951A2-E054-45C0-9245-F98020C8C8DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe | 
"{B89C6ADF-1216-45BB-BA84-3A1686B49FD5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{B8E92B81-2811-48C5-9598-25E1D34386DF}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{BB6922F2-C7F1-439A-9C8C-1AB22ADE378A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dollar dash demo\binaries\win32\pkgame-win32-shipping.exe | 
"{C162DFD1-C932-4E4F-9662-44A07B948156}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe | 
"{C1B1965F-A9B8-410A-BA78-7E7704BD4BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe | 
"{C297135B-BE85-4F1D-B112-EFF03F01942A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{C399995E-F22C-4FE9-9E44-E2B55EA34AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe | 
"{C3EEEF3B-0E35-452E-8B9A-D0C622EAB5DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{C8BAB87C-33BF-4EE1-8957-CAF1C24A8A2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{C9731A15-D389-48C6-A389-0AD36A3CF68B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe | 
"{CAA57CAA-DC97-4861-9017-6C404866A0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe | 
"{CC64B360-7F7A-4B48-A85C-99B3FE5CF7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\construct2\construct2.exe | 
"{CDFF82B8-4954-43DA-A77E-F4B2A9CA460A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe | 
"{CE891ECD-C565-4C82-A218-7101E2BE0E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0607D3A-E6C6-4589-9283-57739F3B710B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{D0A4A1C1-43BF-478F-A5B2-BF70F4BA521E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{D296F08E-E7CC-4C23-AB17-47135ACDF78E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe | 
"{D3981BAB-E311-4F43-883E-0550CA69FE42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{D426FE15-4A86-4845-B47F-BED0B7AC2202}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe | 
"{D6A9F131-42B1-4E04-AE00-F0D65AF04911}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{D758E625-5793-489E-85BA-F5EB1F614A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe | 
"{D7F8B1E8-F136-4CEA-9EA0-143F4F931A46}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | 
"{DA0F39D1-1569-4B16-8AC3-D34A7644B32D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{DA8F01BE-0ECE-45AF-8372-741220F7DD5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe | 
"{DB162B2A-F9F1-4E5E-9445-EF2F43DCE4AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DE0671C5-72BC-4A3A-B763-B97223DA59A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe | 
"{DE455E1C-7593-48D9-8597-D08A16BE2C2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0666A68-A218-4559-A03B-3D35E951497B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashersdemo\castle.exe | 
"{E189450A-7912-454F-8A96-20D24425895A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe | 
"{E30DE2B0-6398-4ECF-B9D8-658E2BA94C26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe | 
"{E5D89B0E-3D6A-45BC-B3DB-D4F0ADD1CFC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe | 
"{E889CD10-C4FC-42FA-BE6B-F2D41CB61AA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a virus named tom\avnt.exe | 
"{E8E5251B-342D-47ED-99A9-6016311F551B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splice\splice.exe | 
"{EA36A1E3-5953-41BD-9381-2E5D7E3C27AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\and yet it moves demo\and yet it moves demo steam.exe | 
"{ED3AACEA-C243-4383-88F0-37E492E627C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe | 
"{EEBDA06C-531C-4640-ACC2-A23B7912880B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{EF335C66-8A29-43E1-A17A-FF54C8C0AFE3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{EFE42277-DA04-44FF-BDF3-76C0E6B8A5FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge demo\edge.exe | 
"{F3016282-04FE-420B-A647-F2ED96A7A43C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe | 
"{F33F69CA-A13D-458D-A79B-261DEC63F6E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe | 
"{F45077E5-AD36-400D-80C7-C7F5F8AFD506}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe | 
"{F472FA3D-59CA-4919-BE4A-4F6359518620}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe | 
"{F5062766-4699-4AE0-999F-0540885A0515}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F55EC96F-663F-46B0-8575-4DA801F0222A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe | 
"{F6597ED9-57BC-4FC5-9308-27B41005891D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe | 
"{F711FBE5-454B-42C6-A788-CDDE0DF5F143}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{FBF32FE3-14FD-4390-A6F3-03DCBF487AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe | 
"{FC5492EE-386E-4D4B-BFCB-029BB64AB48E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{FD727837-671D-4BB7-BFCE-478174A96334}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{FFEF1B46-0A1A-4DA9-B419-885A4AD0D4C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{061FD767-3EF5-47E5-A5D9-06A56A2A4CE6}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe | 
"TCP Query User{1AE0815C-48B0-4EA7-ABA6-95E313661AE3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{2C010792-5C69-484A-B1D2-4DB246405488}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{4881578F-5A0E-4687-BF89-DAF2A0DDAF32}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{6803224E-F28E-48C4-BAA6-986CFC932FD6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{7AF1649D-C5BC-474B-A8DF-99DD811691A0}C:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=6 | dir=in | app=c:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe | 
"TCP Query User{8E4D48EB-FFA5-48DC-A32F-9CEF7481F9DE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{32E80EE3-7E4D-4517-8B08-F193D3A5A801}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{5F63CE62-58D0-45EA-8A74-C551004C101F}C:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=17 | dir=in | app=c:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe | 
"UDP Query User{799FD4E8-2B74-482A-9944-87F788E22035}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{81819816-26CE-4937-BB26-EF234A999772}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe | 
"UDP Query User{937C1AB7-FB42-4F92-B2A6-5CB8098AA855}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{DBBF1DEF-B301-497C-B95F-F1DDB4BE1AEB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{DC1BB29D-3017-4E13-BA12-48E551B92548}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{34307828-B2DB-4473-A803-A314FC7AA889}" = Soluto
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel(R) Network Connections Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C2B318-E2DF-4EC4-AD1B-9FF3DD774A04}" = MAGIX Video deluxe MX Plus
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA8B68C-2576-4A4A-83BA-47941201FFB3}_is1" = skate's Thumbnail Tool Version 1.0.1
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FA06473-23F0-4372-8DD5-1EAE42503D93}" = MAGIX Video easy TERRATEC Edition
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{3629C581-D8D2-477E-A40E-D5E351DF066B}" = MAGIX Speed burnR (MSI)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.4.8
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDE6551-766A-4654-8F3A-838F0BCF15D1}_is1" = skate's Thumbnail Tool Version 1.0.0
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1" = Craften Terminal 3.3.4897.28268
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55EB2692-FAFE-4352-AACD-AB9379E57F08}" = XSplit
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{6438EBAC-5305-39A5-A93E-88CDFA6CE947}" = Google Chrome
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{709F7985-34DD-4F49-9F91-D429D3B49D26}_is1" = skate's Thumbnail Tool Version 1.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789C9644-9F82-44d3-B4CA-AC31F46F5882}" = Python 3.2.3
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5B9ED6-0344-4550-A4AB-C4499EB36053}" = SPC 700NC PC Camera
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B083076F-BCCB-4710-A4B1-6512134A16DE}" = Oozi: Earth Adventure
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{B2DC0B6C-C969-43B9-B6C3-6A6C1CAD46DF}" = MAGIX Screenshare
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative Zen Nano Plus
"{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}" = Adobe Flash Professional CS6
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DE43AA92-E8C0-4620-AFE2-FBD623C71643}" = Sizer 3.34
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akademie der Magie" = Akademie der Magie
"Audacity_is1" = Audacity 2.0
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bejeweled 3" = Bejeweled 3
"Bejeweled Twist 1.0.3.8137" = Bejeweled Twist 1.0.3.8137
"Bookworm Adventures Deluxe 1.0.1.100" = Bookworm Adventures Deluxe 1.0.1.100
"Bookworm Deluxe 1.131" = Bookworm Deluxe 1.131
"Build-a-lot" = Build-a-lot
"Build-a-lot 2" = Build-a-lot 2
"Cakewalk Sound Center_is1" = Cakewalk Sound Center 1.1.0
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cave Story" = Cave Story
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Chuzzle Deluxe 1.0.3.1132" = Chuzzle Deluxe 1.0.3.1132
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Crazy Machines Elements_is1" = Crazy Machines Elements
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"Das Drachenei: Die Geschichte des Wanderers" = Das Drachenei: Die Geschichte des Wanderers
"Das Geheimnis des Bermudadreiecks" = Das Geheimnis des Bermudadreiecks
"Das Reich des Drachen" = Das Reich des Drachen
"Das Vermächtnis der Insel" = Das Vermächtnis der Insel
"Diamond Drop 2" = Diamond Drop 2
"Die Wiege Ägyptens" = Die Wiege Ägyptens
"Die Wiege Roms" = Die Wiege Roms
"Dinos & Bubbles" = Dinos & Bubbles
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"eSafeSecControl" = eSafe Security Control 1.0.0.2359
"Flyonoid" = Flyonoid
"Fraps" = Fraps (remove only)
"Free Audio Converter_is1" = Free Audio Converter version 5.0.21.1212
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.430
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Gardenscapes_is1" = Gardenscapes
"GOGPACKCAPSIZED_is1" = Capsized
"GOGPACKDEPONIA_is1" = Deponia
"GOGPACKNEWBEGINNING_is1" = A New Beginning
"GOGPACKPID_is1" = Pid
"GOGPACKTREASUREADVENTUREGAME_is1" = Treasure Adventure Game
"Hammer Heads 1.0" = Hammer Heads 1.0
"Harvey" = Harveys Neue Augen
"Hühner-Rache Deluxe (VOLLVERSION)" = Hühner-Rache Deluxe (VOLLVERSION)
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Jumpin’ Jack" = Jumpin’ Jack
"Magic Encyclopedia" = Magic Encyclopedia
"Magic Encyclopedia 2" = Magic Encyclopedia 2
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"MAGIX_MSI_Video_easy_3_TerraTec" = MAGIX Video easy TERRATEC Edition
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Meine kleine Farm" = Meine kleine Farm
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Music Creator LE_is1" = Music Creator LE 5.0.6
"MuVo Driver" = Creative Mass Storage Drivers
"Mystery P.I. - The London Caper" = Mystery P.I. - The London Caper
"Nebel der Elfen" = Nebel der Elfen
"Nintendo_History_ScreenSaver" = Nintendo_History_ScreenSaver
"Nintendo_SMG2_ScreenSaver" = Nintendo_SMG2_ScreenSaver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Open Broadcaster Software" = Open Broadcaster Software
"OpenAL" = OpenAL
"Opera 12.15.1748" = Opera 12.15
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"Peggle Nights Deluxe 1.0.3.5802" = Peggle Nights Deluxe 1.0.3.5802
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"Perspective" = Perspective 1.0
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Puddle_is1" = Puddle
"RenegadeKidMutantMudds" = Mutant Mudds (remove only)
"Schatzinsel 2 (Vollversion)" = Schatzinsel 2 (Vollversion)
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Sheep’s Quest" = Sheep’s Quest
"Smash Frenzy 4" = Smash Frenzy 4
"Snowy" = Snowy
"Snowy Lunch Rush" = Snowy: Lunch Rush
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 105600" = Terraria
"Steam App 107110" = Bastion - Demo
"Steam App 111800" = Blocks That Matter
"Steam App 113200" = The Binding of Isaac
"Steam App 12910" = Audiosurf Demo
"Steam App 18710" = And Yet it Moves - Demo
"Steam App 200900" = Cave Story+
"Steam App 202290" = Sonic Generations Demo
"Steam App 202730" = Dynamite Jack
"Steam App 203810" = Dear Esther
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 204220" = Snapshot
"Steam App 204260" = Trine 2 Demo
"Steam App 204300" = Awesomenauts
"Steam App 204610" = Q.U.B.E. Demo
"Steam App 205700" = Quantum Conundrum Demo
"Steam App 206650" = Scoregasm Demo
"Steam App 207080" = Indie Game: The Movie
"Steam App 207100" = Castle Crashers Demo
"Steam App 207170" = Legend of Grimrock
"Steam App 207270" = DiRT Showdown Demo
"Steam App 207650" = A Virus Named TOM
"Steam App 208070" = Waveform Demo
"Steam App 209790" = Splice
"Steam App 211180" = Unmechanical
"Steam App 211360" = Offspring Fling!
"Steam App 212110" = Sugar Cube: Bittersweet Factory
"Steam App 212560" = Hell Yeah! Demo
"Steam App 214790" = The Basement Collection
"Steam App 214850" = GameMaker: Studio
"Steam App 215770" = Shad'O
"Steam App 216310" = Gateways Demo
"Steam App 218060" = BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
"Steam App 219680" = Proteus
"Steam App 220740" = Chaos on Deponia
"Steam App 220780" = Thomas Was Alone
"Steam App 221030" = Towns Demo
"Steam App 221260" = Little Inferno
"Steam App 221620" = Dollar Dash Demo
"Steam App 221640" = Super Hexagon
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 224520" = FLY'N Demo
"Steam App 227240" = Construct 2 Free
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 27000" = The Path
"Steam App 33400" = Zeit² Demo
"Steam App 35710" = Trine Demo
"Steam App 38700" = Toki Tori
"Steam App 38720" = RUSH
"Steam App 38750" = EDGE Demo
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 42170" = Krater
"Steam App 49600" = Beat Hazard
"Steam App 50010" = Nimbus Demo
"Steam App 57800" = Doc Clock: The Toasted Sandwich of Time
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 644" = Portal 2 Publishing Tool
"Steam App 65800" = Dungeon Defenders
"Steam App 70300" = VVVVVV
"Steam App 72000" = Closure
"Steam App 95300" = Capsized
"Steam App 97000" = Solar 2
"Steam App 99700" = NightSky
"STRATO HiDrive" = STRATO HiDrive (remove only)
"Strikeball 3" = Strikeball 3
"Super Mario Brothers 2 Screensaver" = Super Mario Brothers 2 Screensaver
"Superkuh" = Superkuh
"SysInfo" = Creative-Systeminformationen
"TERRATEC Grabby" = TERRATEC Grabby V5.09.1202.00
"Turtix" = Turtix
"Turtix 2" = Turtix 2
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo (entfernen)
"Yumsters 2" = Yumsters 2
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"Zuma's Revenge!" = Zuma's Revenge!
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.05.2013 06:24:39 | Computer Name = Georg-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x50b68585  Name des fehlerhaften Moduls: engine.dll_unloaded, Version: 0.0.0.0, 
Zeitstempel: 0x50b7c5f5  Ausnahmecode: 0xc0000005  Fehleroffset: 0x1037a60c  ID des fehlerhaften
 Prozesses: 0x47c  Startzeit der fehlerhaften Anwendung: 0x01ce5c56881195ff  Pfad der
 fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\smoodoosjuri9\portal\hl2.exe
Pfad
 des fehlerhaften Moduls: engine.dll  Berichtskennung: f76555d7-c849-11e2-b658-c89cdce712ed
 
Error - 29.05.2013 07:30:20 | Computer Name = Georg-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 29.05.2013 08:00:34 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".  Die abhängige Assemblierung
 "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
 werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 29.05.2013 08:45:42 | Computer Name = Georg-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SuperMeatBoy.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4ee3490b  Name des fehlerhaften Moduls: SuperMeatBoy.exe, Version:
 0.0.0.0, Zeitstempel: 0x4ee3490b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000dd403
ID
 des fehlerhaften Prozesses: 0x130c  Startzeit der fehlerhaften Anwendung: 0x01ce5c6a69063d4b
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\super
 meat boy\SuperMeatBoy.exe  Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\common\super
 meat boy\SuperMeatBoy.exe  Berichtskennung: ac03da31-c85d-11e2-abe7-c89cdce712ed
 
Error - 30.05.2013 11:28:27 | Computer Name = Georg-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 30.05.2013 13:27:05 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".  Die abhängige Assemblierung
 "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
 werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 31.05.2013 09:11:15 | Computer Name = Georg-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 31.05.2013 11:38:21 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".  Die abhängige Assemblierung
 "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
 werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 01.06.2013 02:51:28 | Computer Name = Georg-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 01.06.2013 05:20:20 | Computer Name = Georg-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
[ System Events ]
Error - 29.05.2013 07:32:32 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 29.05.2013 07:35:18 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Search" wurde nicht richtig gestartet.
 
Error - 30.05.2013 11:29:51 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 30.05.2013 11:29:51 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 31.05.2013 09:13:30 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 31.05.2013 09:13:30 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 01.06.2013 02:53:18 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 01.06.2013 02:53:18 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 01.06.2013 05:21:35 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 01.06.2013 05:21:35 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         

Alt 01.06.2013, 12:43   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches OTL log bitte.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2013, 18:08   #6
Juri9
 
Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 01/06/2013 um 18:59:31 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Georg - GEORG-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Georg\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : eSafeSvc

***** [Dateien / Ordner] *****

Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Desinfiziert : C:\Users\Georg\Desktop\Internet Explorer.lnk
Datei Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Datei Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Datei Gelöscht : C:\Users\Georg\AppData\Local\Temp\Uninstall.exe
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Georg\AppData\Local\Temp\Desk365
Ordner Gelöscht : C:\Users\Georg\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Georg\AppData\Roaming\eIntaller

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497
Daten Gelöscht : HKLM\...\StartMenuInternet\Google Chrome [(Default)] = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497
Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\portaldositesSoftware
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Andere\AppData\Roaming\Mozilla\Firefox\Profiles\751b2fvt.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.15.1748.0

Datei : C:\Users\Georg\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [7987 octets] - [01/06/2013 18:59:14]
AdwCleaner[S1].txt - [5645 octets] - [01/06/2013 18:59:31]

########## EOF - C:\AdwCleaner[S1].txt - [5705 octets] ##########
         
Zwischenstand: Chrome, IE und Opera rufen beim Start nicht mehr Portaldosites auf, Firefox macht's aber immer noch.
Ich mach dann mal weiter...
Gruß,
Georg aka Juri9

Alt 01.06.2013, 18:13   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



genau
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2013, 18:20   #8
Juri9
 
Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Georg on 01.06.2013 at 19:13:59,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Georg\appdata\local\{EAB36B59-2CF8-4E27-9CE1-A439F08F86E2}



~~~ FireFox

Emptied folder: C:\Users\Georg\AppData\Roaming\mozilla\firefox\profiles\00tp9q8u.default\minidumps [13 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.06.2013 at 19:18:29,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und gleich kommen dann noch die OTL-Logs.
Gruß,
Georg aka Juri9

Alt 01.06.2013, 18:27   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



alles klar
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2013, 18:27   #10
Juri9
 
Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



OTL.txt
Code:
ATTFilter
OTL logfile created on: 01.06.2013 19:21:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Georg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,48 Gb Available Physical Memory | 68,65% Memory free
15,96 Gb Paging File | 13,37 Gb Available in Paging File | 83,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 225,05 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
 
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Georg\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Georg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\puush\puush.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\UMonit.exe ()
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\jmesoft\JME_LOAD.exe ()
PRC - C:\Windows\jmesoft\hotkey.exe (Lenovo)
PRC - C:\Windows\jmesoft\Service.exe ()
PRC - C:\Programme\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Windows\vphc700.exe (Sonix)
PRC - C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._gdi_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._misc_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\pythoncom27.dll ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32com.shell.shell.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_elementtree.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\PyWinTypes27.dll ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32security.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32api.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_ctypes.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._html2.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_socket.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_multiprocessing.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32ts.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32profile.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32crypt.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._core_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_ssl.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._windows_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_hashlib.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._wizard.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32process.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32pdh.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._controls_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\unicodedata.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\pyexpat.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32file.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32inet.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32event.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\select.pyd ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\puush\puush.exe ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll ()
MOD - C:\Windows\SysWOW64\UMonit.exe ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll ()
MOD - C:\Programme\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll ()
MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll ()
MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll ()
MOD - C:\Windows\jmesoft\VistaVolume.dll ()
MOD - C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SolutoLauncherService) -- C:\Programme\Soluto\SolutoLauncherService.exe (Soluto)
SRV - (SolutoService) -- C:\Programme\Soluto\SolutoService.exe (Soluto)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (STRATO HiDrive Service) -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (GeneStor) -- C:\Windows\SysNative\drivers\GeneStor.sys (GenesysLogic)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV:64bit: - (phc700) -- C:\Windows\SysNative\drivers\phc700.sys ()
DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.msn.com/?pc=BB07 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{C88215D9-8C4C-4C02-BD96-C2F219F35ED5}: "URL" = hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/firefox"
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.2
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.2.0.2
FF - prefs.js..extensions.enabledAddons: %7Bc0c588b6-b11d-4898-af00-079fed05aa32%7D:20.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Georg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Georg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 19:17:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 17:19:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 17:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 19:17:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 17:19:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 17:52:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.30 12:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Extensions
[2012.08.30 12:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.04 08:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions
[2013.03.03 16:39:50 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013.05.04 07:46:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.05.04 08:50:20 | 000,651,215 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\stefanvandamme@stefanvd.net.xpi
[2013.05.04 08:50:20 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.05.04 08:50:20 | 003,242,364 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi
[2013.03.20 19:10:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.08 13:56:06 | 000,001,832 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\searchplugins\bing.xml
[2013.05.20 19:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.20 19:17:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.01.06 03:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [phc700] C:\Windows\vphc700.exe (Sonix)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe ()
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo)
O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe ()
O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [phc700] C:\windows\system32\vphc700.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer_de.exe (MAGIX AG)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Georg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1369826421840 (MUCatalogWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2938FA1-8998-4697-B61C-3E7448CF269D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.01 19:13:56 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013.06.01 19:10:43 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.01 19:10:02 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Georg\Desktop\JRT.exe
[2013.06.01 18:55:50 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\archiv
[2013.06.01 13:31:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe
[2013.05.29 18:08:46 | 000,000,000 | --SD | C] -- C:\Users\Georg\Google Drive
[2013.05.29 18:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.05.29 13:22:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscapi.dll
[2013.05.29 13:22:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscdll.dll
[2013.05.29 13:22:44 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetpp.dll
[2013.05.29 13:22:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tcpmib.dll
[2013.05.29 13:22:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tcpmib.dll
[2013.05.29 13:22:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sscore.dll
[2013.05.29 13:22:42 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2013.05.29 13:22:42 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2013.05.29 13:22:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll
[2013.05.29 13:22:42 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2013.05.29 13:22:41 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2013.05.29 13:22:41 | 000,190,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2013.05.29 13:22:41 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2013.05.29 13:22:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tcpmonui.dll
[2013.05.29 13:22:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tcpmonui.dll
[2013.05.29 13:22:40 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpdd.dll
[2013.05.29 13:22:40 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3dlg.dll
[2013.05.29 13:22:39 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gpprnext.dll
[2013.05.29 13:22:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gpprnext.dll
[2013.05.29 13:22:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013.05.29 13:22:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\svchost.exe
[2013.05.29 13:22:36 | 000,698,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netlogon.dll
[2013.05.29 13:22:36 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3msm.dll
[2013.05.29 13:22:35 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dot3msm.dll
[2013.05.29 13:22:35 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3api.dll
[2013.05.29 13:22:35 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3gpclnt.dll
[2013.05.29 13:22:35 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dot3gpclnt.dll
[2013.05.29 13:22:33 | 001,065,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll
[2013.05.29 13:22:33 | 001,039,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll
[2013.05.29 13:22:33 | 000,876,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
[2013.05.29 13:22:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013.05.29 13:22:32 | 000,965,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2013.05.29 13:22:32 | 000,832,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013.05.29 13:22:32 | 000,657,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013.05.29 13:22:32 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013.05.29 13:22:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpnpinst.exe
[2013.05.26 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\Facebook
[2013.05.25 21:27:30 | 000,000,000 | ---D | C] -- C:\Users\Georg\Lucia
[2013.05.21 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\TS3Client
[2013.05.21 15:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.05.21 15:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2013.05.20 13:46:46 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\Craften_Dev_Team
[2013.05.20 13:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal
[2013.05.20 13:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Craften Terminal
[2013.05.16 22:18:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.05.16 22:18:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.05.16 22:18:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013.05.16 22:18:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013.05.16 22:18:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013.05.16 22:18:39 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013.05.16 22:18:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.16 22:18:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013.05.16 22:18:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013.05.16 22:18:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013.05.16 22:18:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013.05.16 22:18:38 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.05.16 22:18:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.05.16 22:18:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.05.16 22:18:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.05.16 17:12:10 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 17:12:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2013.05.16 17:11:59 | 001,931,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013.05.16 17:11:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013.05.16 17:11:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013.05.16 17:11:59 | 000,111,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013.05.16 17:11:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2013.05.15 18:01:06 | 000,000,000 | ---D | C] -- C:\Users\Georg\Documents\Adobe
[2013.05.15 17:59:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2013.05.15 17:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.15 17:50:20 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\windows\SysNative\drivers\PxHlpa64.sys
[2013.05.15 17:50:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\cdralw2k.sys
[2013.05.15 17:50:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\cdr4_xp.sys
[2013.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2013.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013.05.15 17:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2013.05.15 17:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnalogX
[2013.05.13 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.05.13 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.05.05 19:21:16 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\LOVE
[2013.05.04 08:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.03.21 14:37:20 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.01 19:13:17 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 19:13:17 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 19:10:08 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Georg\Desktop\JRT.exe
[2013.06.01 19:01:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.01 19:01:07 | 2133,630,975 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.01 18:59:39 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.01 18:59:39 | 000,001,148 | ---- | M] () -- C:\Users\Georg\Desktop\Internet Explorer.lnk
[2013.06.01 18:59:39 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.01 18:56:38 | 000,632,031 | ---- | M] () -- C:\Users\Georg\Desktop\adwcleaner.exe
[2013.06.01 18:45:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.01 18:34:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.01 16:31:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001UA.job
[2013.06.01 13:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe
[2013.06.01 13:31:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001Core.job
[2013.05.31 20:34:43 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Craften Terminal.lnk
[2013.05.31 15:09:25 | 002,456,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.05.30 21:01:44 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp100.dll
[2013.05.29 18:08:47 | 000,001,713 | ---- | M] () -- C:\Users\Georg\Desktop\Google Drive.lnk
[2013.05.29 13:37:09 | 001,613,996 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.05.29 13:37:09 | 000,697,064 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.05.29 13:37:09 | 000,652,382 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.05.29 13:37:09 | 000,148,102 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.05.29 13:37:09 | 000,121,056 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.05.23 17:39:06 | 000,009,384 | ---- | M] () -- C:\Users\Georg\AppData\Local\recently-used.xbel
[2013.05.21 15:19:35 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.05.20 12:42:17 | 000,263,186 | ---- | M] () -- C:\Users\Georg\Desktop\Minecraft.exe
[2013.05.18 13:55:30 | 018,444,678 | ---- | M] () -- C:\Users\Georg\Desktop\cave story osu.mp4
[2013.05.18 00:06:12 | 000,170,858 | ---- | M] () -- C:\Users\Georg\Desktop\Der 2-2 Blues.pdf
[2013.05.17 19:46:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.17 19:36:53 | 007,153,538 | ---- | M] () -- C:\Users\Georg\Desktop\HASHTAGYOLOSWAG.exe
[2013.05.15 21:59:15 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.15 21:22:31 | 000,087,330 | ---- | M] () -- C:\Users\Georg\Desktop\Peach_and_Bowser_Wedding_by_EmperorTokijin.jpg
[2013.05.15 21:22:27 | 000,028,682 | ---- | M] () -- C:\Users\Georg\Desktop\600px-Prince_Mario_and_Princess_Peach.jpg
[2013.05.15 21:22:18 | 000,275,465 | ---- | M] () -- C:\Users\Georg\Desktop\marioandpeachvgloungecom1.jpg
[2013.05.15 19:34:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 19:34:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.15 17:47:06 | 000,001,518 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013.05.13 17:25:40 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2013.05.09 00:42:01 | 000,002,634 | ---- | M] () -- C:\Users\Georg\Desktop\My Movie_mp4.HDP
[2013.05.05 20:55:26 | 007,140,191 | ---- | M] () -- C:\Users\Georg\Desktop\My Movie.mp4
[2013.05.05 20:40:35 | 048,569,695 | ---- | M] () -- C:\Users\Georg\Desktop\magix at its best ... not.mp4
[2013.05.05 16:29:04 | 000,063,690 | ---- | M] () -- C:\Users\Georg\Desktop\Kuendigungsformular.pdf
[2013.05.04 07:23:27 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.01 18:56:34 | 000,632,031 | ---- | C] () -- C:\Users\Georg\Desktop\adwcleaner.exe
[2013.05.29 18:08:47 | 000,001,713 | ---- | C] () -- C:\Users\Georg\Desktop\Google Drive.lnk
[2013.05.26 13:26:43 | 000,000,928 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001UA.job
[2013.05.26 13:26:42 | 000,000,906 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001Core.job
[2013.05.23 17:39:06 | 000,009,384 | ---- | C] () -- C:\Users\Georg\AppData\Local\recently-used.xbel
[2013.05.21 15:19:35 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.05.20 13:46:23 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Craften Terminal.lnk
[2013.05.20 12:42:12 | 000,263,186 | ---- | C] () -- C:\Users\Georg\Desktop\Minecraft.exe
[2013.05.18 13:52:21 | 018,444,678 | ---- | C] () -- C:\Users\Georg\Desktop\cave story osu.mp4
[2013.05.18 00:06:10 | 000,170,858 | ---- | C] () -- C:\Users\Georg\Desktop\Der 2-2 Blues.pdf
[2013.05.17 19:36:50 | 007,153,538 | ---- | C] () -- C:\Users\Georg\Desktop\HASHTAGYOLOSWAG.exe
[2013.05.15 21:22:29 | 000,087,330 | ---- | C] () -- C:\Users\Georg\Desktop\Peach_and_Bowser_Wedding_by_EmperorTokijin.jpg
[2013.05.15 21:22:25 | 000,028,682 | ---- | C] () -- C:\Users\Georg\Desktop\600px-Prince_Mario_and_Princess_Peach.jpg
[2013.05.15 21:22:17 | 000,275,465 | ---- | C] () -- C:\Users\Georg\Desktop\marioandpeachvgloungecom1.jpg
[2013.05.15 17:51:50 | 000,001,245 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CS6.lnk
[2013.05.13 17:25:40 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2013.05.05 21:04:08 | 000,002,634 | ---- | C] () -- C:\Users\Georg\Desktop\My Movie_mp4.HDP
[2013.05.05 20:51:18 | 007,140,191 | ---- | C] () -- C:\Users\Georg\Desktop\My Movie.mp4
[2013.05.05 20:36:49 | 048,569,695 | ---- | C] () -- C:\Users\Georg\Desktop\magix at its best ... not.mp4
[2013.05.05 16:29:03 | 000,063,690 | ---- | C] () -- C:\Users\Georg\Desktop\Kuendigungsformular.pdf
[2013.03.20 19:30:18 | 002,075,362 | ---- | C] () -- C:\Users\Georg\wmah.png
[2013.03.08 21:46:09 | 000,500,934 | ---- | C] () -- C:\Users\Georg\YT-2013-Channel-Layout.psd
[2013.03.07 20:11:38 | 000,286,787 | ---- | C] () -- C:\Users\Georg\Mario and Luigi_ Partners in Time Music - Time Hole (To Past).mp3
[2013.03.07 20:11:37 | 000,265,856 | ---- | C] () -- C:\Users\Georg\Mario & Luigi_ Partners In Time Music_ Time Hole (To Present).mp3
[2013.03.03 13:32:03 | 000,017,479 | ---- | C] () -- C:\Users\Georg\README.html
[2013.03.03 13:31:16 | 015,962,145 | ---- | C] () -- C:\Users\Georg\OpenHexagonV1.7.7z
[2013.02.28 18:25:23 | 000,003,584 | ---- | C] () -- C:\Users\Georg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.27 20:04:25 | 027,885,892 | ---- | C] () -- C:\Users\Georg\2013-02-27 - viedoe.mp4
[2013.02.27 19:59:47 | 000,096,120 | ---- | C] () -- C:\Users\Georg\2013-02-27 - 0002.JPG
[2013.02.27 19:57:32 | 000,090,108 | ---- | C] () -- C:\Users\Georg\2013-02-27 - 0001.JPG
[2013.02.05 21:23:41 | 371,802,536 | ---- | C] () -- C:\Users\Georg\OIO-v3.4.0.2724.zip
[2013.01.18 17:01:47 | 001,056,534 | ---- | C] () -- C:\Users\Georg\TK Brief Seite 2.pdf
[2013.01.18 17:01:47 | 000,528,162 | ---- | C] () -- C:\Users\Georg\TK Brief Seite 1.pdf
[2013.01.02 16:41:05 | 000,004,342 | ---- | C] () -- C:\Users\Georg\Ein_kleines_Dankeschön_für_ELSA_Ihr_10_Gutschein.eml
[2013.01.02 10:54:52 | 000,339,394 | ---- | C] () -- C:\Users\Georg\OptiFine_1.4.6_HD_U_A2.zip
[2012.11.16 20:52:58 | 000,325,327 | ---- | C] () -- C:\Users\Georg\OptiFine Mod 1.4.4.zip
[2012.10.29 21:47:52 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.10.20 23:03:45 | 000,011,351 | -HS- | C] () -- C:\Users\Georg\Folder.jpg
[2012.10.20 23:03:45 | 000,011,351 | -HS- | C] () -- C:\Users\Georg\AlbumArt_{F083D7D6-D194-444E-AD61-1A2F2DCADD22}_Large.jpg
[2012.10.20 23:03:45 | 000,002,936 | -HS- | C] () -- C:\Users\Georg\AlbumArtSmall.jpg
[2012.10.20 23:03:45 | 000,002,936 | -HS- | C] () -- C:\Users\Georg\AlbumArt_{F083D7D6-D194-444E-AD61-1A2F2DCADD22}_Small.jpg
[2012.10.20 23:03:05 | 138,968,261 | ---- | C] () -- C:\Users\Georg\News _ Infos zum Nintendo 3DS - Die dritte Dimension in der Hosentasche [HD].mp4
[2012.10.20 23:03:04 | 003,023,829 | ---- | C] () -- C:\Users\Georg\Lemon Tree with Lyrics_ By Fool's Garden (HD).mp3
[2012.10.20 23:01:33 | 000,651,923 | ---- | C] () -- C:\Users\Georg\talent.wmv
[2012.10.13 12:23:16 | 000,586,255 | ---- | C] () -- C:\Users\Georg\bank.jpg
[2012.10.12 10:59:18 | 000,331,339 | ---- | C] () -- C:\Users\Georg\Löwenzahn.pdf
[2012.10.11 14:27:18 | 005,904,128 | ---- | C] () -- C:\Users\Georg\IKS Brief.pdf
[2012.10.11 14:27:18 | 000,846,537 | ---- | C] () -- C:\Users\Georg\IKS-Brief Ergänzung.pdf
[2012.10.01 20:57:55 | 001,662,976 | ---- | C] () -- C:\Users\Georg\alexibexi klingelton.mpg
[2012.10.01 20:57:55 | 000,101,146 | ---- | C] () -- C:\Users\Georg\AlexiBexi Klingelton - I'm a scat man!.MP3
[2012.10.01 20:53:13 | 002,891,416 | ---- | C] () -- C:\Users\Georg\Kanal Screenshot.png
[2012.10.01 20:53:13 | 000,191,205 | ---- | C] () -- C:\Users\Georg\Kanaldesign.PNG
[2012.10.01 20:53:13 | 000,140,762 | ---- | C] () -- C:\Users\Georg\Kanaldesign (Küken, Name, Farbverlauf).png
[2012.10.01 20:53:13 | 000,138,319 | ---- | C] () -- C:\Users\Georg\Kanaldesign (nur Küken und Name).png
[2012.10.01 20:49:59 | 003,426,304 | ---- | C] () -- C:\Users\Georg\Schaumparty.mpg
[2012.10.01 20:49:59 | 002,118,375 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter.odp
[2012.10.01 20:49:59 | 002,118,274 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter für mich.odp
[2012.10.01 20:49:59 | 000,748,152 | ---- | C] () -- C:\Users\Georg\Schaumparty.mp4
[2012.10.01 20:49:59 | 000,052,289 | ---- | C] () -- C:\Users\Georg\Schaumparty.MP3
[2012.10.01 20:49:58 | 002,118,375 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter für Jakob.odp
[2012.09.16 15:42:31 | 000,001,229 | ---- | C] () -- C:\Users\Georg\Cave Story - Einfach Optionen.lnk
[2012.09.16 15:42:31 | 000,001,222 | ---- | C] () -- C:\Users\Georg\Cave Story - Musik.lnk
[2012.09.11 17:38:26 | 000,014,678 | ---- | C] () -- C:\Users\Georg\Informatik AB Variablen Aufgabe.odt
[2012.09.11 17:19:42 | 001,590,954 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.09.09 21:39:42 | 000,000,052 | -H-- | C] () -- C:\windows\popcreg.dat
[2012.09.09 21:39:42 | 000,000,014 | ---- | C] () -- C:\windows\popcinfot.dat
[2012.09.08 21:23:35 | 000,275,916 | ---- | C] () -- C:\Users\Georg\OptiFine_1.3.2_HD_B3.zip
[2012.09.08 15:55:19 | 000,015,488 | ---- | C] () -- C:\windows\phc700.ini
[2012.09.04 18:36:05 | 000,000,538 | ---- | C] () -- C:\Users\Georg\stern.py
[2012.09.04 18:34:02 | 000,001,463 | ---- | C] () -- C:\Users\Georg\IPI-TurtleGrafikV3.lnk
[2012.09.03 19:10:18 | 000,000,680 | RHS- | C] () -- C:\Users\Georg\ntuser.pol
[2012.09.03 18:45:34 | 000,188,803 | ---- | C] () -- C:\Users\Georg\englisch australische schilder.odt
[2012.08.31 20:21:56 | 000,000,043 | ---- | C] () -- C:\windows\popcinfo.dat
[2012.08.30 14:32:22 | 000,263,186 | ---- | C] () -- C:\Users\Georg\Minecraft.exe
[2012.08.30 12:10:37 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2012.08.30 11:39:16 | 000,011,776 | ---- | C] () -- C:\windows\SysWow64\pmsbfn32.dll
[2012.08.30 11:37:26 | 000,000,424 | ---- | C] () -- C:\windows\MAXLINK.INI
[2012.03.21 14:54:41 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2012.03.21 14:54:40 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2012.03.21 14:04:51 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\ustor.dll
[2012.03.21 14:04:51 | 000,049,152 | ---- | C] () -- C:\windows\SysWow64\UMonit.exe
[2012.03.21 14:04:48 | 000,172,097 | ---- | C] () -- C:\windows\SysWow64\NoMSGuninstall.exe
[2012.03.21 14:04:48 | 000,001,591 | ---- | C] () -- C:\windows\SysWow64\_IconCfg0.ini
[2012.03.21 14:04:48 | 000,000,840 | ---- | C] () -- C:\windows\SysWow64\ProductName.ini
[2012.03.21 14:04:48 | 000,000,187 | ---- | C] () -- C:\windows\SysWow64\IconCfg0.ini
[2012.03.21 14:01:39 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:23:59 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:27:31 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2012.10.01 21:00:46 | 000,000,000 | ---D | M](C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы
[2012.10.01 21:00:46 | 000,000,000 | ---D | M](C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы
(C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1105 bytes -> C:\Users\Georg\Ein_kleines_Dankeschön_für_ELSA_Ihr_10_Gutschein.eml:OECustomProperty

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 01.06.2013 19:21:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Georg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,48 Gb Available Physical Memory | 68,65% Memory free
15,96 Gb Paging File | 13,37 Gb Available in Paging File | 83,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 225,05 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
 
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C2B37B-0671-490C-BE1C-74CA97BF5051}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{15A87F4E-241F-449E-AC03-4AA0CB80CBBC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1B4A4865-CBBC-47B0-B93E-F259D69DDDFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{53790E8C-B48C-497C-9CB8-6F1FFAAB32CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BFB543F-735A-4282-B7B9-89FC92D7F464}" = lport=139 | protocol=6 | dir=in | app=system | 
"{73B19E8F-4887-4018-867F-C07338123FE5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{78431585-D1B9-4448-AC6B-EFA1F7DC0C0B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{85FA0023-D95C-4F8E-BDED-3FCEEC7493C9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8F781AD2-AD2B-4AF6-B379-0B13174680EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{908AAB0F-491A-4425-8B3B-3B1E53E9EE31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{912AC895-789E-496C-98B0-8D72D6EC0FB5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{922C108D-6F9A-445E-BC6F-7B201DF284C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{967B93A9-BC02-4B9E-9D3B-21F4672F9DF1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9B07E23B-059A-445C-98D8-16623E81B0BE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A6C87A26-6FF6-4329-9218-97C345EC6556}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B2906482-A245-41B5-8E21-47B5D760A438}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B71C4F32-C4F5-4C90-AFE4-F8F1B9859DE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA206849-A555-4C29-A81D-BAEF3F2452DD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CB5AF48B-923E-4091-BCE3-0C9DFCA21262}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9F814A4-C1A0-46CD-97A1-6616EA6B28DB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E50537BB-09DA-4426-9B98-ABBAC72C37D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E8F4EAE9-EEF9-4598-B3D2-7E2C89B09DBA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FECD995B-6510-4C52-B774-17BC9B82B324}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006C26AA-B75E-4E6E-BF50-136FCC16C8FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe | 
"{0090712E-72D4-4727-AFE1-4C40E7C69B3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe | 
"{0137C469-5FD7-4B7D-8559-6D355FE10DE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical demo\binaries\win32\udk.exe | 
"{03812306-67F9-497C-A9F1-656207EEB295}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe | 
"{08F4477E-F6AC-479F-8EC7-54AC1609D3D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe | 
"{0D51A549-8608-43E8-8986-EBA6D1160BD3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe | 
"{0DA973A7-4FB2-4101-BDEE-9BB6C0638E8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E466B4A-A64D-4D01-8993-5EEF1C697118}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doc clock - the toasted sandwich of time\doc clock.exe | 
"{102DA8A1-2496-433A-8952-E173C78BC913}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe | 
"{12276CE7-E275-41B9-88EF-9F9E29551DD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical demo\binaries\win32\udk.exe | 
"{1235D849-DBC2-4029-A30D-0980E94EBA40}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zeit2demo\zeit2demo.exe | 
"{13150774-AB31-4C98-8F90-5444AAE1338D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe | 
"{13AA57CA-BE30-41E9-A7C2-867AED5604D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe | 
"{18DA1E93-B203-446B-A13D-3564F9D7FF52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe | 
"{18F1B629-C7A9-4B70-B2CA-1B954E15B481}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{18F5686A-5650-4E03-B04F-F0741BEE1F33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe | 
"{1C1FFCD4-26D0-4F03-B260-1CED1AAE96EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{1EAE80D8-F306-4A53-BEAE-2FB1E048FF8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{21D49862-83E6-4B73-A2EA-E1E28CBD2AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{21ECAEAE-4E2F-46C2-9A49-E0603C97B347}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{23912B69-DD7B-4930-8222-F63DF8EF5D57}" = dir=in | app=c:\users\georg\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{25701096-E906-4DB8-A436-A9255D623B60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe | 
"{2667B743-D9EF-49D6-B06D-AE17DEDFCAB0}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{28DEBE55-029F-43AD-9828-59D13B2D49C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe | 
"{28E66894-857D-4A29-9D78-B8DE3B84E4EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{2A74F4BD-796D-478C-BD72-3477E95BE753}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe | 
"{2A868817-D4D4-4DC8-96E2-A4AA1427A70B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2ACB958E-6E61-4D48-8FC7-4E5D57F7574F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\townsdemo\towns.exe | 
"{2B2AAE48-DF40-43FA-8CEA-BFF54B5B594C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah demo\hellyeah.exe | 
"{2BB755AB-E0B2-4F4C-B792-9F693CA959AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{2DF6758D-67DA-40FF-9D82-67480B050741}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe | 
"{2FF03031-A872-47B5-9066-EC5A3228BC7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waveform demo\waveform.exe | 
"{3075B07A-8889-4550-AE3F-A9FB8563E8E0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{30B2BE0E-FF95-4D90-A613-8F58737B60AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{3272AF85-56CE-4328-9E25-D06A2C623D14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe | 
"{32AC86FE-7C53-400E-9888-1A0B084C5CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe | 
"{338FBA6B-C58D-4D45-BEEF-31AD42A6CEC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{343E59B5-54F0-471F-835D-7EAC8C91799E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe | 
"{35012540-2B1A-452B-AC1A-13E4C018B093}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe | 
"{359D6A9E-EF19-45BB-96D4-0EE0346D17FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe | 
"{36AC0F5E-ACE8-41FA-84EF-6D3DF8ED7FED}" = dir=in | app=c:\users\georg\appdata\local\microsoft\skydrive\skydrive.exe | 
"{37D168D1-ED87-47EC-B87C-4ED4C637582D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashersdemo\castle.exe | 
"{38737DD7-2C7C-45AE-BEC4-139A37BE173C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nimbus\nimbus.exe | 
"{39316293-4199-475F-B0D5-D554C046F96F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe | 
"{39432546-76A6-462C-BB6D-DABB72B534B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doc clock - the toasted sandwich of time\doc clock.exe | 
"{3C109900-16F6-42EF-B13F-4487F8C7510E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{3DBC435A-75CC-4C2B-862F-8145BE80B378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nimbus\nimbus.exe | 
"{3F8516F1-106E-49D0-A6B9-C284D27BB85A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{404203E1-E20A-435C-9D0A-DDE8655AAD08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe | 
"{4083708B-0BB4-4A30-8870-E1E53684B063}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{40A9BC7E-81AB-45DF-8DE3-98EA6E34DC32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{41ED39C4-B1B6-492F-8C25-578D8829D497}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gateways demo\gateways.exe | 
"{427A2EF8-9381-436B-B79A-2116CA79F6A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe | 
"{434D6C9D-C96B-480B-968A-81BB035984FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe | 
"{44FBDDD9-4B68-46E3-A31E-4FBD772B3575}" = protocol=17 | dir=in | app=c:\users\georg\downloads\solutoinstaller-e6b8ast5l2_u64642036.exe | 
"{4612CF14-DC42-44C5-BCCB-D04AAF284A21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe | 
"{467F4A91-456B-460A-9B4E-9CEBBB82C5CD}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{46EA5F02-231B-40A3-AA1B-ACE7C87191D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe | 
"{46F5B27F-8FCF-427B-9051-7B0B06EB4BA8}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{470D34AB-C709-4BBA-8A74-8B21CFCE7161}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{47557C1C-52DF-48CF-80DC-07709D3333B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a virus named tom\avnt.exe | 
"{475F6840-5D34-4FD3-B4AA-809AA91FAC56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\q.u.b.e. demo\binaries\win32\qube_demo.exe | 
"{480CB022-9061-4747-9BF2-4A8ACE0DF6B5}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{49A6D9FA-3F91-4D14-B812-28199ED97279}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waveform demo\waveform.exe | 
"{49B90CA8-53D1-4102-B3F2-6A28CE59B8EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gateways demo\gateways.exe | 
"{4B65ECA0-FD6D-4F08-9D43-543A01BB3397}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{4BF13D70-0EFC-4B72-8122-AD7B78361EAE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4D49F35C-431A-4840-943D-97D3569577EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe | 
"{53E98F3B-149D-48E1-8154-29D062CB371A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe | 
"{541BC669-5C65-47EA-AC45-37B1C11117F6}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{5700D215-FCFC-466B-8160-C5BF1E535D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe | 
"{5720695B-05C7-4713-B132-AFDA52746706}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe | 
"{5787295B-C620-4E6E-AD9C-582497A9DFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe | 
"{57CAEA72-3580-4333-905C-F11FE74B3CCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5CAE0A55-B591-451B-A39A-589291C2DD2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe | 
"{5E41DC16-0E87-482D-A737-AB25DB21CBCC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5EA4D163-8E75-4BE3-80C5-5831F21EA25B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5FA81ACF-C636-4170-9CCF-33AA6AC1B184}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{6042AC42-1C35-4A52-BED1-20270246718B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{615F4919-C829-48EF-9345-F7432529A38F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | 
"{62BD0121-2D79-4EE2-B196-65E10C68D1A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zeit2demo\zeit2demo.exe | 
"{62F9426D-FB8B-4FF8-A880-EFC4A168F727}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{69429CD5-48AA-4956-A8D6-C9EFBB161596}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{69AD0433-7E2E-46F3-82AE-6FC4F16BC094}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah demo\hellyeah.exe | 
"{6A12B38A-1849-4642-AA1D-93B86E5DFD86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\townsdemo\towns.exe | 
"{6B8C93ED-5A8B-4391-B571-D1DE5103245F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{6DA9B463-F4A8-4CC8-92AD-542D4A42E4EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{711AD83D-D311-4B4D-9632-21DEFF874697}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{7124BE5E-3EE4-4D61-97CB-C33DEF024FCE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | 
"{7159CA44-AA4C-46AF-B694-1BD87C2615BE}" = protocol=6 | dir=in | app=c:\users\georg\downloads\solutoinstaller-e6b8ast5l2_u64642036.exe | 
"{71DEFC4B-960B-421C-940F-16C6D3C4BBAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snapshot\snapshot.exe | 
"{74EFEA79-D65C-4B92-8461-C31636966557}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dollar dash demo\binaries\win32\pkgame-win32-shipping.exe | 
"{7540E045-8BBB-4386-858B-F65126882C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynamite jack\dynamite jack.exe | 
"{76842340-811A-4F5F-81D5-4A5FFB31FC48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe | 
"{76D17AA4-EE08-4762-9FE8-91DA1AE678A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{76DB1ADD-A282-4D9D-A5F8-9418DFAC7F22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe | 
"{7AF4BF6F-46AB-4FE4-8AAA-1F143BFBF696}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B4E2733-4EEA-4CD1-B625-75C6665D26F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe | 
"{7B964A17-BBB8-4F13-80FA-A5A3AAF05E23}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{7D908B10-1C38-4769-9A75-BC9D66A95860}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7EEC5345-F3A9-44FA-B1C8-C78CF3882D21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe | 
"{82232176-6EB4-4766-AE60-377E53E8433D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge demo\edge.exe | 
"{8392C022-59A5-46AE-BEAA-C8D7C98C3C68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynamite jack\dynamite jack.exe | 
"{846B17A4-D3EF-4965-A0C5-50C1FB451412}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{84A69656-BB6B-4F93-A718-165CF398DE57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{88046B5F-9BC7-43FB-A411-E1B2A51E73CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe | 
"{893090A5-69E6-466F-83C0-8F9519F9E182}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8AD37577-D455-470E-8D86-93CCC3A2A70C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{8B31E6FF-71EB-413D-A73A-7E7C65B69995}" = protocol=6 | dir=out | app=system | 
"{8B8D8B72-72E5-4CC9-A16B-178987701E82}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8CD3848E-3792-49A9-8F38-D3F7B98045DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe | 
"{8E085FDA-E838-47E8-936F-9A1E21D02080}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{8E0CBC34-FCED-4277-A804-E6FECC0D95A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{91483DEA-C659-4458-A059-19D546C17096}" = protocol=17 | dir=in | app=c:\users\georg\appdata\roaming\dropbox\bin\dropbox.exe | 
"{920C4FCF-E1D8-4344-B758-CA8796D9E0B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\q.u.b.e. demo\binaries\win32\qube_demo.exe | 
"{92179944-7ADD-4223-B71F-C6FC0F7959AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{93174BB3-72AC-4213-A6D2-A7782D11ADE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\and yet it moves demo\and yet it moves demo steam.exe | 
"{9322A2FC-3687-4562-AB7D-B6EA3773A935}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe | 
"{93277BBD-7088-49B3-8A1C-F536A6D4C98E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{935A3F39-502F-49BF-8CF9-CD222FF4DC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe | 
"{96B6EF2D-E1D5-4B2F-8791-316F6143168C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{9A798454-2512-424B-808E-70EC7EC85EF5}" = protocol=6 | dir=in | app=c:\users\georg\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9B2C2901-C10B-4B31-9417-DADF99C877EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe | 
"{9BC448A0-B9D4-42E3-AEF5-33D211DD23B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{9C773F63-480D-48D9-851E-B5F3D7BB3A76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe | 
"{9DE63EEC-B64E-49E8-84DD-7D7E243B8E0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | 
"{9E41C02B-A035-492A-BD20-D6DE1605C802}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{A04DF716-F363-4879-B078-D60427D28276}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A18AEDC3-1A03-4830-9748-A7F2457CE7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{A2A547EE-AD30-46DB-B9FD-A818575E6174}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\construct2\construct2.exe | 
"{A31F1703-50A7-4B01-9502-A7BD5D1B3F92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe | 
"{A453E21A-8A79-4B27-A20D-6805A1D85AA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe | 
"{A559068F-2D8B-4CDB-A6DF-410A69DEF9A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snapshot\snapshot.exe | 
"{A8DBDFD4-5B05-4017-83FB-A7DC47FC4FB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe | 
"{A95C8862-2AB8-495F-A5A4-3733FBBCDD62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{AA52B48A-879D-4464-923C-5511DDB6FCA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe | 
"{AC3D4983-B57B-4871-92B6-FC6C2EA507CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe | 
"{AEEBC0BE-2D38-488A-8F20-B79974B37112}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{B03FCE91-C4C4-41EC-985D-E897A654E843}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splice\splice.exe | 
"{B0880123-0CE1-4EF8-8608-FF6261859FD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe | 
"{B242223F-BCD1-424E-AA0E-224E8B63D74E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{B63951A2-E054-45C0-9245-F98020C8C8DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe | 
"{B89C6ADF-1216-45BB-BA84-3A1686B49FD5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{B8E92B81-2811-48C5-9598-25E1D34386DF}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{BB6922F2-C7F1-439A-9C8C-1AB22ADE378A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dollar dash demo\binaries\win32\pkgame-win32-shipping.exe | 
"{C162DFD1-C932-4E4F-9662-44A07B948156}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe | 
"{C1B1965F-A9B8-410A-BA78-7E7704BD4BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe | 
"{C297135B-BE85-4F1D-B112-EFF03F01942A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{C399995E-F22C-4FE9-9E44-E2B55EA34AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe | 
"{C3EEEF3B-0E35-452E-8B9A-D0C622EAB5DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{C8BAB87C-33BF-4EE1-8957-CAF1C24A8A2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{C9731A15-D389-48C6-A389-0AD36A3CF68B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe | 
"{CAA57CAA-DC97-4861-9017-6C404866A0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe | 
"{CC64B360-7F7A-4B48-A85C-99B3FE5CF7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\construct2\construct2.exe | 
"{CDFF82B8-4954-43DA-A77E-F4B2A9CA460A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe | 
"{CE891ECD-C565-4C82-A218-7101E2BE0E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0607D3A-E6C6-4589-9283-57739F3B710B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{D0A4A1C1-43BF-478F-A5B2-BF70F4BA521E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{D296F08E-E7CC-4C23-AB17-47135ACDF78E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe | 
"{D3981BAB-E311-4F43-883E-0550CA69FE42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{D426FE15-4A86-4845-B47F-BED0B7AC2202}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe | 
"{D6A9F131-42B1-4E04-AE00-F0D65AF04911}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{D758E625-5793-489E-85BA-F5EB1F614A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe | 
"{D7F8B1E8-F136-4CEA-9EA0-143F4F931A46}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | 
"{DA0F39D1-1569-4B16-8AC3-D34A7644B32D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{DA8F01BE-0ECE-45AF-8372-741220F7DD5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe | 
"{DB162B2A-F9F1-4E5E-9445-EF2F43DCE4AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DE0671C5-72BC-4A3A-B763-B97223DA59A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe | 
"{DE455E1C-7593-48D9-8597-D08A16BE2C2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0666A68-A218-4559-A03B-3D35E951497B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashersdemo\castle.exe | 
"{E189450A-7912-454F-8A96-20D24425895A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe | 
"{E30DE2B0-6398-4ECF-B9D8-658E2BA94C26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe | 
"{E5D89B0E-3D6A-45BC-B3DB-D4F0ADD1CFC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe | 
"{E889CD10-C4FC-42FA-BE6B-F2D41CB61AA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a virus named tom\avnt.exe | 
"{E8E5251B-342D-47ED-99A9-6016311F551B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splice\splice.exe | 
"{EA36A1E3-5953-41BD-9381-2E5D7E3C27AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\and yet it moves demo\and yet it moves demo steam.exe | 
"{ED3AACEA-C243-4383-88F0-37E492E627C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe | 
"{EEBDA06C-531C-4640-ACC2-A23B7912880B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{EF335C66-8A29-43E1-A17A-FF54C8C0AFE3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{EFE42277-DA04-44FF-BDF3-76C0E6B8A5FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge demo\edge.exe | 
"{F3016282-04FE-420B-A647-F2ED96A7A43C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe | 
"{F33F69CA-A13D-458D-A79B-261DEC63F6E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe | 
"{F45077E5-AD36-400D-80C7-C7F5F8AFD506}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe | 
"{F472FA3D-59CA-4919-BE4A-4F6359518620}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe | 
"{F5062766-4699-4AE0-999F-0540885A0515}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F55EC96F-663F-46B0-8575-4DA801F0222A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe | 
"{F6597ED9-57BC-4FC5-9308-27B41005891D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe | 
"{F711FBE5-454B-42C6-A788-CDDE0DF5F143}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{FBF32FE3-14FD-4390-A6F3-03DCBF487AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe | 
"{FC5492EE-386E-4D4B-BFCB-029BB64AB48E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{FD727837-671D-4BB7-BFCE-478174A96334}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{FFEF1B46-0A1A-4DA9-B419-885A4AD0D4C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{061FD767-3EF5-47E5-A5D9-06A56A2A4CE6}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe | 
"TCP Query User{1AE0815C-48B0-4EA7-ABA6-95E313661AE3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{2C010792-5C69-484A-B1D2-4DB246405488}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{4881578F-5A0E-4687-BF89-DAF2A0DDAF32}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{6803224E-F28E-48C4-BAA6-986CFC932FD6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{7AF1649D-C5BC-474B-A8DF-99DD811691A0}C:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=6 | dir=in | app=c:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe | 
"TCP Query User{8E4D48EB-FFA5-48DC-A32F-9CEF7481F9DE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{32E80EE3-7E4D-4517-8B08-F193D3A5A801}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{5F63CE62-58D0-45EA-8A74-C551004C101F}C:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=17 | dir=in | app=c:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe | 
"UDP Query User{799FD4E8-2B74-482A-9944-87F788E22035}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{81819816-26CE-4937-BB26-EF234A999772}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe | 
"UDP Query User{937C1AB7-FB42-4F92-B2A6-5CB8098AA855}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{DBBF1DEF-B301-497C-B95F-F1DDB4BE1AEB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{DC1BB29D-3017-4E13-BA12-48E551B92548}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{34307828-B2DB-4473-A803-A314FC7AA889}" = Soluto
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel(R) Network Connections Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C2B318-E2DF-4EC4-AD1B-9FF3DD774A04}" = MAGIX Video deluxe MX Plus
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA8B68C-2576-4A4A-83BA-47941201FFB3}_is1" = skate's Thumbnail Tool Version 1.0.1
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FA06473-23F0-4372-8DD5-1EAE42503D93}" = MAGIX Video easy TERRATEC Edition
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{3629C581-D8D2-477E-A40E-D5E351DF066B}" = MAGIX Speed burnR (MSI)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.4.8
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDE6551-766A-4654-8F3A-838F0BCF15D1}_is1" = skate's Thumbnail Tool Version 1.0.0
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1" = Craften Terminal 3.3.4897.28268
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55EB2692-FAFE-4352-AACD-AB9379E57F08}" = XSplit
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{6438EBAC-5305-39A5-A93E-88CDFA6CE947}" = Google Chrome
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{709F7985-34DD-4F49-9F91-D429D3B49D26}_is1" = skate's Thumbnail Tool Version 1.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789C9644-9F82-44d3-B4CA-AC31F46F5882}" = Python 3.2.3
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5B9ED6-0344-4550-A4AB-C4499EB36053}" = SPC 700NC PC Camera
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B083076F-BCCB-4710-A4B1-6512134A16DE}" = Oozi: Earth Adventure
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{B2DC0B6C-C969-43B9-B6C3-6A6C1CAD46DF}" = MAGIX Screenshare
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative Zen Nano Plus
"{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}" = Adobe Flash Professional CS6
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DE43AA92-E8C0-4620-AFE2-FBD623C71643}" = Sizer 3.34
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akademie der Magie" = Akademie der Magie
"Audacity_is1" = Audacity 2.0
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bejeweled 3" = Bejeweled 3
"Bejeweled Twist 1.0.3.8137" = Bejeweled Twist 1.0.3.8137
"Bookworm Adventures Deluxe 1.0.1.100" = Bookworm Adventures Deluxe 1.0.1.100
"Bookworm Deluxe 1.131" = Bookworm Deluxe 1.131
"Build-a-lot" = Build-a-lot
"Build-a-lot 2" = Build-a-lot 2
"Cakewalk Sound Center_is1" = Cakewalk Sound Center 1.1.0
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cave Story" = Cave Story
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Chuzzle Deluxe 1.0.3.1132" = Chuzzle Deluxe 1.0.3.1132
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Crazy Machines Elements_is1" = Crazy Machines Elements
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"Das Drachenei: Die Geschichte des Wanderers" = Das Drachenei: Die Geschichte des Wanderers
"Das Geheimnis des Bermudadreiecks" = Das Geheimnis des Bermudadreiecks
"Das Reich des Drachen" = Das Reich des Drachen
"Das Vermächtnis der Insel" = Das Vermächtnis der Insel
"Diamond Drop 2" = Diamond Drop 2
"Die Wiege Ägyptens" = Die Wiege Ägyptens
"Die Wiege Roms" = Die Wiege Roms
"Dinos & Bubbles" = Dinos & Bubbles
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Flyonoid" = Flyonoid
"Fraps" = Fraps (remove only)
"Free Audio Converter_is1" = Free Audio Converter version 5.0.21.1212
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.430
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Gardenscapes_is1" = Gardenscapes
"GOGPACKCAPSIZED_is1" = Capsized
"GOGPACKDEPONIA_is1" = Deponia
"GOGPACKNEWBEGINNING_is1" = A New Beginning
"GOGPACKPID_is1" = Pid
"GOGPACKTREASUREADVENTUREGAME_is1" = Treasure Adventure Game
"Hammer Heads 1.0" = Hammer Heads 1.0
"Harvey" = Harveys Neue Augen
"Hühner-Rache Deluxe (VOLLVERSION)" = Hühner-Rache Deluxe (VOLLVERSION)
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Jumpin’ Jack" = Jumpin’ Jack
"Magic Encyclopedia" = Magic Encyclopedia
"Magic Encyclopedia 2" = Magic Encyclopedia 2
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"MAGIX_MSI_Video_easy_3_TerraTec" = MAGIX Video easy TERRATEC Edition
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Meine kleine Farm" = Meine kleine Farm
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Music Creator LE_is1" = Music Creator LE 5.0.6
"MuVo Driver" = Creative Mass Storage Drivers
"Mystery P.I. - The London Caper" = Mystery P.I. - The London Caper
"Nebel der Elfen" = Nebel der Elfen
"Nintendo_History_ScreenSaver" = Nintendo_History_ScreenSaver
"Nintendo_SMG2_ScreenSaver" = Nintendo_SMG2_ScreenSaver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Open Broadcaster Software" = Open Broadcaster Software
"OpenAL" = OpenAL
"Opera 12.15.1748" = Opera 12.15
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"Peggle Nights Deluxe 1.0.3.5802" = Peggle Nights Deluxe 1.0.3.5802
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"Perspective" = Perspective 1.0
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Puddle_is1" = Puddle
"RenegadeKidMutantMudds" = Mutant Mudds (remove only)
"Schatzinsel 2 (Vollversion)" = Schatzinsel 2 (Vollversion)
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Sheep’s Quest" = Sheep’s Quest
"Smash Frenzy 4" = Smash Frenzy 4
"Snowy" = Snowy
"Snowy Lunch Rush" = Snowy: Lunch Rush
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 105600" = Terraria
"Steam App 107110" = Bastion - Demo
"Steam App 111800" = Blocks That Matter
"Steam App 113200" = The Binding of Isaac
"Steam App 12910" = Audiosurf Demo
"Steam App 18710" = And Yet it Moves - Demo
"Steam App 200900" = Cave Story+
"Steam App 202290" = Sonic Generations Demo
"Steam App 202730" = Dynamite Jack
"Steam App 203810" = Dear Esther
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 204220" = Snapshot
"Steam App 204260" = Trine 2 Demo
"Steam App 204300" = Awesomenauts
"Steam App 204610" = Q.U.B.E. Demo
"Steam App 205700" = Quantum Conundrum Demo
"Steam App 206650" = Scoregasm Demo
"Steam App 207080" = Indie Game: The Movie
"Steam App 207100" = Castle Crashers Demo
"Steam App 207170" = Legend of Grimrock
"Steam App 207270" = DiRT Showdown Demo
"Steam App 207650" = A Virus Named TOM
"Steam App 208070" = Waveform Demo
"Steam App 209790" = Splice
"Steam App 211180" = Unmechanical
"Steam App 211360" = Offspring Fling!
"Steam App 212110" = Sugar Cube: Bittersweet Factory
"Steam App 212560" = Hell Yeah! Demo
"Steam App 214790" = The Basement Collection
"Steam App 214850" = GameMaker: Studio
"Steam App 215770" = Shad'O
"Steam App 216310" = Gateways Demo
"Steam App 218060" = BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
"Steam App 219680" = Proteus
"Steam App 220740" = Chaos on Deponia
"Steam App 220780" = Thomas Was Alone
"Steam App 221030" = Towns Demo
"Steam App 221260" = Little Inferno
"Steam App 221620" = Dollar Dash Demo
"Steam App 221640" = Super Hexagon
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 224520" = FLY'N Demo
"Steam App 227240" = Construct 2 Free
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 27000" = The Path
"Steam App 33400" = Zeit² Demo
"Steam App 35710" = Trine Demo
"Steam App 38700" = Toki Tori
"Steam App 38720" = RUSH
"Steam App 38750" = EDGE Demo
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 42170" = Krater
"Steam App 49600" = Beat Hazard
"Steam App 50010" = Nimbus Demo
"Steam App 57800" = Doc Clock: The Toasted Sandwich of Time
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 644" = Portal 2 Publishing Tool
"Steam App 65800" = Dungeon Defenders
"Steam App 70300" = VVVVVV
"Steam App 72000" = Closure
"Steam App 95300" = Capsized
"Steam App 97000" = Solar 2
"Steam App 99700" = NightSky
"STRATO HiDrive" = STRATO HiDrive (remove only)
"Strikeball 3" = Strikeball 3
"Super Mario Brothers 2 Screensaver" = Super Mario Brothers 2 Screensaver
"Superkuh" = Superkuh
"SysInfo" = Creative-Systeminformationen
"TERRATEC Grabby" = TERRATEC Grabby V5.09.1202.00
"Turtix" = Turtix
"Turtix 2" = Turtix 2
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo (entfernen)
"Yumsters 2" = Yumsters 2
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"Zuma's Revenge!" = Zuma's Revenge!
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
 
< End of report >
         
Gruß,
Georg aka Juri9

Alt 01.06.2013, 18:30   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


und ein frisches OTL log bitte. Noch probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2013, 22:48   #12
Juri9
 
Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



Hui @.@
Nach fast 4 Stunden scannen kann ich dann auch mal den ESET-Log hier posten:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a4e95a9d05254449b6ff74e0cb3f6f2c
# engine=13971
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-01 09:43:48
# local_time=2013-06-01 11:43:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 20263738 121752878 0 0
# scanned=485218
# found=0
# cleaned=0
# scan_time=14247
         
Hab zwar nur Hauptfestplatte und unsere zwei externen Festplatten gescannt (für'n USB-Stick gab's keinen USB-Anschluss mehr D: ), aber das sollte schon hinhauen~
Na dann mal ran an SecurityCheck. Hoffentlich dauert das nicht so lang... :'D

EDIT:

Nun... das ging schnell xD
Dubdidu, ran an OTL~

EDIT2:
-> Achtung: Kleine Änderung - Ich hab gesehen, dass bei dem Feld "Scanne alle Benutzer" kein Haken drin und hab mir gedacht, dass ich einfach mal einen reinsetze. Es gibt ja 2 Benutzerkonten an diesem PC. Das macht doch nichts aus, oder? <-

OTL.txt
Code:
ATTFilter
OTL logfile created on: 01.06.2013 23:55:54 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Georg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 4,77 Gb Available Physical Memory | 59,77% Memory free
15,96 Gb Paging File | 12,71 Gb Available in Paging File | 79,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 225,04 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
Drive E: | 931,28 Gb Total Space | 894,31 Gb Free Space | 96,03% Space Free | Partition Type: FAT32
Drive F: | 465,76 Gb Total Space | 185,96 Gb Free Space | 39,93% Space Free | Partition Type: NTFS
 
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Georg\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\puush\puush.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\UMonit.exe ()
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\jmesoft\JME_LOAD.exe ()
PRC - C:\Windows\jmesoft\hotkey.exe (Lenovo)
PRC - C:\Windows\jmesoft\Service.exe ()
PRC - C:\Programme\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Windows\vphc700.exe (Sonix)
PRC - C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._gdi_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._misc_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\pythoncom27.dll ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32com.shell.shell.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_elementtree.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\PyWinTypes27.dll ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32security.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32api.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_ctypes.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._html2.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_socket.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_multiprocessing.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32ts.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32profile.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32crypt.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._core_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_ssl.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._windows_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_hashlib.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._wizard.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32process.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32pdh.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._controls_.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\unicodedata.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\pyexpat.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32file.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32inet.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32event.pyd ()
MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\select.pyd ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\puush\puush.exe ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll ()
MOD - C:\Windows\SysWOW64\UMonit.exe ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll ()
MOD - C:\Programme\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll ()
MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll ()
MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll ()
MOD - C:\Windows\jmesoft\VistaVolume.dll ()
MOD - C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SolutoLauncherService) -- C:\Programme\Soluto\SolutoLauncherService.exe (Soluto)
SRV - (SolutoService) -- C:\Programme\Soluto\SolutoService.exe (Soluto)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (STRATO HiDrive Service) -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (GeneStor) -- C:\Windows\SysNative\drivers\GeneStor.sys (GenesysLogic)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV:64bit: - (phc700) -- C:\Windows\SysNative\drivers\phc700.sys ()
DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.msn.com/?pc=BB07 [binary data]
IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\..\SearchScopes\{C88215D9-8C4C-4C02-BD96-C2F219F35ED5}: "URL" = hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/firefox"
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.2
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.2.0.2
FF - prefs.js..extensions.enabledAddons: %7Bc0c588b6-b11d-4898-af00-079fed05aa32%7D:20.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Georg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Georg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 19:17:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 17:19:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 17:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 19:17:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 17:19:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 17:52:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.30 12:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Extensions
[2012.08.30 12:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.04 08:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions
[2013.03.03 16:39:50 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013.05.04 07:46:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.05.04 08:50:20 | 000,651,215 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\stefanvandamme@stefanvd.net.xpi
[2013.05.04 08:50:20 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.05.04 08:50:20 | 003,242,364 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi
[2013.03.20 19:10:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.08 13:56:06 | 000,001,832 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\searchplugins\bing.xml
[2013.05.20 19:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.20 19:17:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.01.06 03:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [phc700] C:\Windows\vphc700.exe (Sonix)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe ()
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo)
O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe ()
O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [phc700] C:\windows\system32\vphc700.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer_de.exe (MAGIX AG)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001..\Run: [Facebook Update] C:\Users\Georg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O4 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1369826421840 (MUCatalogWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2938FA1-8998-4697-B61C-3E7448CF269D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.15 06:12:14 | 000,000,080 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.01 23:56:08 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\archiv2
[2013.06.01 19:35:28 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe
[2013.06.01 19:13:56 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013.06.01 19:10:43 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.01 19:10:02 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Georg\Desktop\JRT.exe
[2013.06.01 18:55:50 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\archiv
[2013.06.01 13:31:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe
[2013.05.29 18:08:46 | 000,000,000 | --SD | C] -- C:\Users\Georg\Google Drive
[2013.05.29 18:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.05.29 13:22:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscapi.dll
[2013.05.29 13:22:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscdll.dll
[2013.05.29 13:22:44 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetpp.dll
[2013.05.29 13:22:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tcpmib.dll
[2013.05.29 13:22:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tcpmib.dll
[2013.05.29 13:22:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sscore.dll
[2013.05.29 13:22:42 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2013.05.29 13:22:42 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2013.05.29 13:22:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll
[2013.05.29 13:22:42 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2013.05.29 13:22:41 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2013.05.29 13:22:41 | 000,190,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2013.05.29 13:22:41 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2013.05.29 13:22:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tcpmonui.dll
[2013.05.29 13:22:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tcpmonui.dll
[2013.05.29 13:22:40 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpdd.dll
[2013.05.29 13:22:40 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3dlg.dll
[2013.05.29 13:22:39 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gpprnext.dll
[2013.05.29 13:22:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gpprnext.dll
[2013.05.29 13:22:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013.05.29 13:22:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\svchost.exe
[2013.05.29 13:22:36 | 000,698,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netlogon.dll
[2013.05.29 13:22:36 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3msm.dll
[2013.05.29 13:22:35 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dot3msm.dll
[2013.05.29 13:22:35 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3api.dll
[2013.05.29 13:22:35 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3gpclnt.dll
[2013.05.29 13:22:35 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dot3gpclnt.dll
[2013.05.29 13:22:33 | 001,065,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll
[2013.05.29 13:22:33 | 001,039,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll
[2013.05.29 13:22:33 | 000,876,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
[2013.05.29 13:22:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013.05.29 13:22:32 | 000,965,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2013.05.29 13:22:32 | 000,832,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013.05.29 13:22:32 | 000,657,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013.05.29 13:22:32 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013.05.29 13:22:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpnpinst.exe
[2013.05.26 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\Facebook
[2013.05.25 21:27:30 | 000,000,000 | ---D | C] -- C:\Users\Georg\Lucia
[2013.05.21 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\TS3Client
[2013.05.21 15:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.05.21 15:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2013.05.20 13:46:46 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\Craften_Dev_Team
[2013.05.20 13:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal
[2013.05.20 13:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Craften Terminal
[2013.05.16 22:18:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.05.16 22:18:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.05.16 22:18:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013.05.16 22:18:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013.05.16 22:18:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013.05.16 22:18:39 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013.05.16 22:18:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.16 22:18:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013.05.16 22:18:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013.05.16 22:18:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013.05.16 22:18:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013.05.16 22:18:38 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.05.16 22:18:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.05.16 22:18:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.05.16 22:18:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.05.16 17:12:10 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 17:12:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2013.05.16 17:11:59 | 001,931,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013.05.16 17:11:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013.05.16 17:11:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013.05.16 17:11:59 | 000,111,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013.05.16 17:11:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2013.05.15 18:01:06 | 000,000,000 | ---D | C] -- C:\Users\Georg\Documents\Adobe
[2013.05.15 17:59:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2013.05.15 17:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.15 17:50:20 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\windows\SysNative\drivers\PxHlpa64.sys
[2013.05.15 17:50:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\cdralw2k.sys
[2013.05.15 17:50:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\cdr4_xp.sys
[2013.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2013.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013.05.15 17:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2013.05.15 17:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnalogX
[2013.05.13 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.05.13 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.05.05 19:21:16 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\LOVE
[2013.05.04 08:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.03.21 14:37:20 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.01 23:51:06 | 000,890,839 | ---- | M] () -- C:\Users\Georg\Desktop\SecurityCheck.exe
[2013.06.01 23:45:05 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.01 23:34:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.01 22:31:03 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001UA.job
[2013.06.01 19:45:30 | 001,613,996 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.06.01 19:45:30 | 000,697,064 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.06.01 19:45:30 | 000,652,382 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.06.01 19:45:30 | 000,148,102 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.06.01 19:45:30 | 000,121,056 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.06.01 19:35:30 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe
[2013.06.01 19:13:17 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 19:13:17 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 19:10:08 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Georg\Desktop\JRT.exe
[2013.06.01 19:01:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.01 19:01:07 | 2133,630,975 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.01 18:59:39 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.01 18:59:39 | 000,001,148 | ---- | M] () -- C:\Users\Georg\Desktop\Internet Explorer.lnk
[2013.06.01 18:59:39 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.01 18:56:38 | 000,632,031 | ---- | M] () -- C:\Users\Georg\Desktop\adwcleaner.exe
[2013.06.01 13:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe
[2013.06.01 13:31:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001Core.job
[2013.05.31 20:34:43 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Craften Terminal.lnk
[2013.05.31 15:09:25 | 002,456,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.05.30 21:01:44 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp100.dll
[2013.05.29 18:08:47 | 000,001,713 | ---- | M] () -- C:\Users\Georg\Desktop\Google Drive.lnk
[2013.05.23 17:39:06 | 000,009,384 | ---- | M] () -- C:\Users\Georg\AppData\Local\recently-used.xbel
[2013.05.21 15:19:35 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.05.20 12:42:17 | 000,263,186 | ---- | M] () -- C:\Users\Georg\Desktop\Minecraft.exe
[2013.05.18 13:55:30 | 018,444,678 | ---- | M] () -- C:\Users\Georg\Desktop\cave story osu.mp4
[2013.05.18 00:06:12 | 000,170,858 | ---- | M] () -- C:\Users\Georg\Desktop\Der 2-2 Blues.pdf
[2013.05.17 19:46:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.17 19:36:53 | 007,153,538 | ---- | M] () -- C:\Users\Georg\Desktop\HASHTAGYOLOSWAG.exe
[2013.05.15 21:59:15 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.15 21:22:31 | 000,087,330 | ---- | M] () -- C:\Users\Georg\Desktop\Peach_and_Bowser_Wedding_by_EmperorTokijin.jpg
[2013.05.15 21:22:27 | 000,028,682 | ---- | M] () -- C:\Users\Georg\Desktop\600px-Prince_Mario_and_Princess_Peach.jpg
[2013.05.15 21:22:18 | 000,275,465 | ---- | M] () -- C:\Users\Georg\Desktop\marioandpeachvgloungecom1.jpg
[2013.05.15 19:34:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 19:34:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.15 17:47:06 | 000,001,518 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013.05.13 17:25:40 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2013.05.09 00:42:01 | 000,002,634 | ---- | M] () -- C:\Users\Georg\Desktop\My Movie_mp4.HDP
[2013.05.05 20:55:26 | 007,140,191 | ---- | M] () -- C:\Users\Georg\Desktop\My Movie.mp4
[2013.05.05 20:40:35 | 048,569,695 | ---- | M] () -- C:\Users\Georg\Desktop\magix at its best ... not.mp4
[2013.05.05 16:29:04 | 000,063,690 | ---- | M] () -- C:\Users\Georg\Desktop\Kuendigungsformular.pdf
[2013.05.04 07:23:27 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.01 23:51:03 | 000,890,839 | ---- | C] () -- C:\Users\Georg\Desktop\SecurityCheck.exe
[2013.06.01 18:56:34 | 000,632,031 | ---- | C] () -- C:\Users\Georg\Desktop\adwcleaner.exe
[2013.05.29 18:08:47 | 000,001,713 | ---- | C] () -- C:\Users\Georg\Desktop\Google Drive.lnk
[2013.05.26 13:26:43 | 000,000,928 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001UA.job
[2013.05.26 13:26:42 | 000,000,906 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001Core.job
[2013.05.23 17:39:06 | 000,009,384 | ---- | C] () -- C:\Users\Georg\AppData\Local\recently-used.xbel
[2013.05.21 15:19:35 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.05.20 13:46:23 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Craften Terminal.lnk
[2013.05.20 12:42:12 | 000,263,186 | ---- | C] () -- C:\Users\Georg\Desktop\Minecraft.exe
[2013.05.18 13:52:21 | 018,444,678 | ---- | C] () -- C:\Users\Georg\Desktop\cave story osu.mp4
[2013.05.18 00:06:10 | 000,170,858 | ---- | C] () -- C:\Users\Georg\Desktop\Der 2-2 Blues.pdf
[2013.05.17 19:36:50 | 007,153,538 | ---- | C] () -- C:\Users\Georg\Desktop\HASHTAGYOLOSWAG.exe
[2013.05.15 21:22:29 | 000,087,330 | ---- | C] () -- C:\Users\Georg\Desktop\Peach_and_Bowser_Wedding_by_EmperorTokijin.jpg
[2013.05.15 21:22:25 | 000,028,682 | ---- | C] () -- C:\Users\Georg\Desktop\600px-Prince_Mario_and_Princess_Peach.jpg
[2013.05.15 21:22:17 | 000,275,465 | ---- | C] () -- C:\Users\Georg\Desktop\marioandpeachvgloungecom1.jpg
[2013.05.15 17:51:50 | 000,001,245 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CS6.lnk
[2013.05.13 17:25:40 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2013.05.05 21:04:08 | 000,002,634 | ---- | C] () -- C:\Users\Georg\Desktop\My Movie_mp4.HDP
[2013.05.05 20:51:18 | 007,140,191 | ---- | C] () -- C:\Users\Georg\Desktop\My Movie.mp4
[2013.05.05 20:36:49 | 048,569,695 | ---- | C] () -- C:\Users\Georg\Desktop\magix at its best ... not.mp4
[2013.05.05 16:29:03 | 000,063,690 | ---- | C] () -- C:\Users\Georg\Desktop\Kuendigungsformular.pdf
[2013.03.20 19:30:18 | 002,075,362 | ---- | C] () -- C:\Users\Georg\wmah.png
[2013.03.08 21:46:09 | 000,500,934 | ---- | C] () -- C:\Users\Georg\YT-2013-Channel-Layout.psd
[2013.03.07 20:11:38 | 000,286,787 | ---- | C] () -- C:\Users\Georg\Mario and Luigi_ Partners in Time Music - Time Hole (To Past).mp3
[2013.03.07 20:11:37 | 000,265,856 | ---- | C] () -- C:\Users\Georg\Mario & Luigi_ Partners In Time Music_ Time Hole (To Present).mp3
[2013.03.03 13:32:03 | 000,017,479 | ---- | C] () -- C:\Users\Georg\README.html
[2013.03.03 13:31:16 | 015,962,145 | ---- | C] () -- C:\Users\Georg\OpenHexagonV1.7.7z
[2013.02.28 18:25:23 | 000,003,584 | ---- | C] () -- C:\Users\Georg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.27 20:04:25 | 027,885,892 | ---- | C] () -- C:\Users\Georg\2013-02-27 - viedoe.mp4
[2013.02.27 19:59:47 | 000,096,120 | ---- | C] () -- C:\Users\Georg\2013-02-27 - 0002.JPG
[2013.02.27 19:57:32 | 000,090,108 | ---- | C] () -- C:\Users\Georg\2013-02-27 - 0001.JPG
[2013.02.05 21:23:41 | 371,802,536 | ---- | C] () -- C:\Users\Georg\OIO-v3.4.0.2724.zip
[2013.01.18 17:01:47 | 001,056,534 | ---- | C] () -- C:\Users\Georg\TK Brief Seite 2.pdf
[2013.01.18 17:01:47 | 000,528,162 | ---- | C] () -- C:\Users\Georg\TK Brief Seite 1.pdf
[2013.01.02 16:41:05 | 000,004,342 | ---- | C] () -- C:\Users\Georg\Ein_kleines_Dankeschön_für_ELSA_Ihr_10_Gutschein.eml
[2013.01.02 10:54:52 | 000,339,394 | ---- | C] () -- C:\Users\Georg\OptiFine_1.4.6_HD_U_A2.zip
[2012.11.16 20:52:58 | 000,325,327 | ---- | C] () -- C:\Users\Georg\OptiFine Mod 1.4.4.zip
[2012.10.29 21:47:52 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.10.20 23:03:45 | 000,011,351 | -HS- | C] () -- C:\Users\Georg\Folder.jpg
[2012.10.20 23:03:45 | 000,011,351 | -HS- | C] () -- C:\Users\Georg\AlbumArt_{F083D7D6-D194-444E-AD61-1A2F2DCADD22}_Large.jpg
[2012.10.20 23:03:45 | 000,002,936 | -HS- | C] () -- C:\Users\Georg\AlbumArtSmall.jpg
[2012.10.20 23:03:45 | 000,002,936 | -HS- | C] () -- C:\Users\Georg\AlbumArt_{F083D7D6-D194-444E-AD61-1A2F2DCADD22}_Small.jpg
[2012.10.20 23:03:05 | 138,968,261 | ---- | C] () -- C:\Users\Georg\News _ Infos zum Nintendo 3DS - Die dritte Dimension in der Hosentasche [HD].mp4
[2012.10.20 23:03:04 | 003,023,829 | ---- | C] () -- C:\Users\Georg\Lemon Tree with Lyrics_ By Fool's Garden (HD).mp3
[2012.10.20 23:01:33 | 000,651,923 | ---- | C] () -- C:\Users\Georg\talent.wmv
[2012.10.13 12:23:16 | 000,586,255 | ---- | C] () -- C:\Users\Georg\bank.jpg
[2012.10.12 10:59:18 | 000,331,339 | ---- | C] () -- C:\Users\Georg\Löwenzahn.pdf
[2012.10.11 14:27:18 | 005,904,128 | ---- | C] () -- C:\Users\Georg\IKS Brief.pdf
[2012.10.11 14:27:18 | 000,846,537 | ---- | C] () -- C:\Users\Georg\IKS-Brief Ergänzung.pdf
[2012.10.01 20:57:55 | 001,662,976 | ---- | C] () -- C:\Users\Georg\alexibexi klingelton.mpg
[2012.10.01 20:57:55 | 000,101,146 | ---- | C] () -- C:\Users\Georg\AlexiBexi Klingelton - I'm a scat man!.MP3
[2012.10.01 20:53:13 | 002,891,416 | ---- | C] () -- C:\Users\Georg\Kanal Screenshot.png
[2012.10.01 20:53:13 | 000,191,205 | ---- | C] () -- C:\Users\Georg\Kanaldesign.PNG
[2012.10.01 20:53:13 | 000,140,762 | ---- | C] () -- C:\Users\Georg\Kanaldesign (Küken, Name, Farbverlauf).png
[2012.10.01 20:53:13 | 000,138,319 | ---- | C] () -- C:\Users\Georg\Kanaldesign (nur Küken und Name).png
[2012.10.01 20:49:59 | 003,426,304 | ---- | C] () -- C:\Users\Georg\Schaumparty.mpg
[2012.10.01 20:49:59 | 002,118,375 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter.odp
[2012.10.01 20:49:59 | 002,118,274 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter für mich.odp
[2012.10.01 20:49:59 | 000,748,152 | ---- | C] () -- C:\Users\Georg\Schaumparty.mp4
[2012.10.01 20:49:59 | 000,052,289 | ---- | C] () -- C:\Users\Georg\Schaumparty.MP3
[2012.10.01 20:49:58 | 002,118,375 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter für Jakob.odp
[2012.09.16 15:42:31 | 000,001,229 | ---- | C] () -- C:\Users\Georg\Cave Story - Einfach Optionen.lnk
[2012.09.16 15:42:31 | 000,001,222 | ---- | C] () -- C:\Users\Georg\Cave Story - Musik.lnk
[2012.09.11 17:38:26 | 000,014,678 | ---- | C] () -- C:\Users\Georg\Informatik AB Variablen Aufgabe.odt
[2012.09.11 17:19:42 | 001,590,954 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.09.09 21:39:42 | 000,000,052 | -H-- | C] () -- C:\windows\popcreg.dat
[2012.09.09 21:39:42 | 000,000,014 | ---- | C] () -- C:\windows\popcinfot.dat
[2012.09.08 21:23:35 | 000,275,916 | ---- | C] () -- C:\Users\Georg\OptiFine_1.3.2_HD_B3.zip
[2012.09.08 15:55:19 | 000,015,488 | ---- | C] () -- C:\windows\phc700.ini
[2012.09.04 18:36:05 | 000,000,538 | ---- | C] () -- C:\Users\Georg\stern.py
[2012.09.04 18:34:02 | 000,001,463 | ---- | C] () -- C:\Users\Georg\IPI-TurtleGrafikV3.lnk
[2012.09.03 19:10:18 | 000,000,680 | RHS- | C] () -- C:\Users\Georg\ntuser.pol
[2012.09.03 18:45:34 | 000,188,803 | ---- | C] () -- C:\Users\Georg\englisch australische schilder.odt
[2012.08.31 20:21:56 | 000,000,043 | ---- | C] () -- C:\windows\popcinfo.dat
[2012.08.30 14:32:22 | 000,263,186 | ---- | C] () -- C:\Users\Georg\Minecraft.exe
[2012.08.30 12:10:37 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2012.08.30 11:39:16 | 000,011,776 | ---- | C] () -- C:\windows\SysWow64\pmsbfn32.dll
[2012.08.30 11:37:26 | 000,000,424 | ---- | C] () -- C:\windows\MAXLINK.INI
[2012.03.21 14:54:41 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2012.03.21 14:54:40 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2012.03.21 14:04:51 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\ustor.dll
[2012.03.21 14:04:51 | 000,049,152 | ---- | C] () -- C:\windows\SysWow64\UMonit.exe
[2012.03.21 14:04:48 | 000,172,097 | ---- | C] () -- C:\windows\SysWow64\NoMSGuninstall.exe
[2012.03.21 14:04:48 | 000,001,591 | ---- | C] () -- C:\windows\SysWow64\_IconCfg0.ini
[2012.03.21 14:04:48 | 000,000,840 | ---- | C] () -- C:\windows\SysWow64\ProductName.ini
[2012.03.21 14:04:48 | 000,000,187 | ---- | C] () -- C:\windows\SysWow64\IconCfg0.ini
[2012.03.21 14:01:39 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:23:59 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:27:31 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2012.10.01 21:00:46 | 000,000,000 | ---D | M](C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы
[2012.10.01 21:00:46 | 000,000,000 | ---D | M](C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы
(C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1105 bytes -> C:\Users\Georg\Ein_kleines_Dankeschön_für_ELSA_Ihr_10_Gutschein.eml:OECustomProperty

< End of report >
         

Geändert von Juri9 (01.06.2013 um 23:06 Uhr) Grund: Ergänzung

Alt 01.06.2013, 23:08   #13
Juri9
 
Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 01.06.2013 23:55:54 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Georg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 4,77 Gb Available Physical Memory | 59,77% Memory free
15,96 Gb Paging File | 12,71 Gb Available in Paging File | 79,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 225,04 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
Drive E: | 931,28 Gb Total Space | 894,31 Gb Free Space | 96,03% Space Free | Partition Type: FAT32
Drive F: | 465,76 Gb Total Space | 185,96 Gb Free Space | 39,93% Space Free | Partition Type: NTFS
 
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C2B37B-0671-490C-BE1C-74CA97BF5051}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{15A87F4E-241F-449E-AC03-4AA0CB80CBBC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1B4A4865-CBBC-47B0-B93E-F259D69DDDFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{53790E8C-B48C-497C-9CB8-6F1FFAAB32CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BFB543F-735A-4282-B7B9-89FC92D7F464}" = lport=139 | protocol=6 | dir=in | app=system | 
"{73B19E8F-4887-4018-867F-C07338123FE5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{78431585-D1B9-4448-AC6B-EFA1F7DC0C0B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{85FA0023-D95C-4F8E-BDED-3FCEEC7493C9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8F781AD2-AD2B-4AF6-B379-0B13174680EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{908AAB0F-491A-4425-8B3B-3B1E53E9EE31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{912AC895-789E-496C-98B0-8D72D6EC0FB5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{922C108D-6F9A-445E-BC6F-7B201DF284C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{967B93A9-BC02-4B9E-9D3B-21F4672F9DF1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9B07E23B-059A-445C-98D8-16623E81B0BE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A6C87A26-6FF6-4329-9218-97C345EC6556}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B2906482-A245-41B5-8E21-47B5D760A438}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B71C4F32-C4F5-4C90-AFE4-F8F1B9859DE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA206849-A555-4C29-A81D-BAEF3F2452DD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CB5AF48B-923E-4091-BCE3-0C9DFCA21262}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9F814A4-C1A0-46CD-97A1-6616EA6B28DB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E50537BB-09DA-4426-9B98-ABBAC72C37D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E8F4EAE9-EEF9-4598-B3D2-7E2C89B09DBA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FECD995B-6510-4C52-B774-17BC9B82B324}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006C26AA-B75E-4E6E-BF50-136FCC16C8FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe | 
"{0090712E-72D4-4727-AFE1-4C40E7C69B3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe | 
"{0137C469-5FD7-4B7D-8559-6D355FE10DE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical demo\binaries\win32\udk.exe | 
"{03812306-67F9-497C-A9F1-656207EEB295}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe | 
"{08F4477E-F6AC-479F-8EC7-54AC1609D3D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe | 
"{0D51A549-8608-43E8-8986-EBA6D1160BD3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe | 
"{0DA973A7-4FB2-4101-BDEE-9BB6C0638E8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E466B4A-A64D-4D01-8993-5EEF1C697118}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doc clock - the toasted sandwich of time\doc clock.exe | 
"{102DA8A1-2496-433A-8952-E173C78BC913}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe | 
"{12276CE7-E275-41B9-88EF-9F9E29551DD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical demo\binaries\win32\udk.exe | 
"{1235D849-DBC2-4029-A30D-0980E94EBA40}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zeit2demo\zeit2demo.exe | 
"{13150774-AB31-4C98-8F90-5444AAE1338D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe | 
"{13AA57CA-BE30-41E9-A7C2-867AED5604D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe | 
"{18DA1E93-B203-446B-A13D-3564F9D7FF52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe | 
"{18F1B629-C7A9-4B70-B2CA-1B954E15B481}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{18F5686A-5650-4E03-B04F-F0741BEE1F33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe | 
"{1C1FFCD4-26D0-4F03-B260-1CED1AAE96EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{1EAE80D8-F306-4A53-BEAE-2FB1E048FF8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{21D49862-83E6-4B73-A2EA-E1E28CBD2AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{21ECAEAE-4E2F-46C2-9A49-E0603C97B347}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{23912B69-DD7B-4930-8222-F63DF8EF5D57}" = dir=in | app=c:\users\georg\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{25701096-E906-4DB8-A436-A9255D623B60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe | 
"{2667B743-D9EF-49D6-B06D-AE17DEDFCAB0}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{28DEBE55-029F-43AD-9828-59D13B2D49C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe | 
"{28E66894-857D-4A29-9D78-B8DE3B84E4EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{2A74F4BD-796D-478C-BD72-3477E95BE753}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe | 
"{2A868817-D4D4-4DC8-96E2-A4AA1427A70B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2ACB958E-6E61-4D48-8FC7-4E5D57F7574F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\townsdemo\towns.exe | 
"{2B2AAE48-DF40-43FA-8CEA-BFF54B5B594C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah demo\hellyeah.exe | 
"{2BB755AB-E0B2-4F4C-B792-9F693CA959AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{2DF6758D-67DA-40FF-9D82-67480B050741}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe | 
"{2FF03031-A872-47B5-9066-EC5A3228BC7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waveform demo\waveform.exe | 
"{3075B07A-8889-4550-AE3F-A9FB8563E8E0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{30B2BE0E-FF95-4D90-A613-8F58737B60AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{3272AF85-56CE-4328-9E25-D06A2C623D14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe | 
"{32AC86FE-7C53-400E-9888-1A0B084C5CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe | 
"{338FBA6B-C58D-4D45-BEEF-31AD42A6CEC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{343E59B5-54F0-471F-835D-7EAC8C91799E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe | 
"{35012540-2B1A-452B-AC1A-13E4C018B093}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe | 
"{359D6A9E-EF19-45BB-96D4-0EE0346D17FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe | 
"{36AC0F5E-ACE8-41FA-84EF-6D3DF8ED7FED}" = dir=in | app=c:\users\georg\appdata\local\microsoft\skydrive\skydrive.exe | 
"{37D168D1-ED87-47EC-B87C-4ED4C637582D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashersdemo\castle.exe | 
"{38737DD7-2C7C-45AE-BEC4-139A37BE173C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nimbus\nimbus.exe | 
"{39316293-4199-475F-B0D5-D554C046F96F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe | 
"{39432546-76A6-462C-BB6D-DABB72B534B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doc clock - the toasted sandwich of time\doc clock.exe | 
"{3C109900-16F6-42EF-B13F-4487F8C7510E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{3DBC435A-75CC-4C2B-862F-8145BE80B378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nimbus\nimbus.exe | 
"{3F8516F1-106E-49D0-A6B9-C284D27BB85A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{404203E1-E20A-435C-9D0A-DDE8655AAD08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe | 
"{4083708B-0BB4-4A30-8870-E1E53684B063}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{40A9BC7E-81AB-45DF-8DE3-98EA6E34DC32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{41ED39C4-B1B6-492F-8C25-578D8829D497}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gateways demo\gateways.exe | 
"{427A2EF8-9381-436B-B79A-2116CA79F6A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe | 
"{434D6C9D-C96B-480B-968A-81BB035984FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe | 
"{44FBDDD9-4B68-46E3-A31E-4FBD772B3575}" = protocol=17 | dir=in | app=c:\users\georg\downloads\solutoinstaller-e6b8ast5l2_u64642036.exe | 
"{4612CF14-DC42-44C5-BCCB-D04AAF284A21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe | 
"{467F4A91-456B-460A-9B4E-9CEBBB82C5CD}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{46EA5F02-231B-40A3-AA1B-ACE7C87191D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe | 
"{46F5B27F-8FCF-427B-9051-7B0B06EB4BA8}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{470D34AB-C709-4BBA-8A74-8B21CFCE7161}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{47557C1C-52DF-48CF-80DC-07709D3333B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a virus named tom\avnt.exe | 
"{475F6840-5D34-4FD3-B4AA-809AA91FAC56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\q.u.b.e. demo\binaries\win32\qube_demo.exe | 
"{480CB022-9061-4747-9BF2-4A8ACE0DF6B5}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{49A6D9FA-3F91-4D14-B812-28199ED97279}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waveform demo\waveform.exe | 
"{49B90CA8-53D1-4102-B3F2-6A28CE59B8EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gateways demo\gateways.exe | 
"{4B65ECA0-FD6D-4F08-9D43-543A01BB3397}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{4BF13D70-0EFC-4B72-8122-AD7B78361EAE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4D49F35C-431A-4840-943D-97D3569577EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe | 
"{53E98F3B-149D-48E1-8154-29D062CB371A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe | 
"{541BC669-5C65-47EA-AC45-37B1C11117F6}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{5700D215-FCFC-466B-8160-C5BF1E535D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe | 
"{5720695B-05C7-4713-B132-AFDA52746706}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe | 
"{5787295B-C620-4E6E-AD9C-582497A9DFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe | 
"{57CAEA72-3580-4333-905C-F11FE74B3CCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5CAE0A55-B591-451B-A39A-589291C2DD2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe | 
"{5E41DC16-0E87-482D-A737-AB25DB21CBCC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5EA4D163-8E75-4BE3-80C5-5831F21EA25B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5FA81ACF-C636-4170-9CCF-33AA6AC1B184}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{6042AC42-1C35-4A52-BED1-20270246718B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{615F4919-C829-48EF-9345-F7432529A38F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | 
"{62BD0121-2D79-4EE2-B196-65E10C68D1A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zeit2demo\zeit2demo.exe | 
"{62F9426D-FB8B-4FF8-A880-EFC4A168F727}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{69429CD5-48AA-4956-A8D6-C9EFBB161596}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{69AD0433-7E2E-46F3-82AE-6FC4F16BC094}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah demo\hellyeah.exe | 
"{6A12B38A-1849-4642-AA1D-93B86E5DFD86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\townsdemo\towns.exe | 
"{6B8C93ED-5A8B-4391-B571-D1DE5103245F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{6DA9B463-F4A8-4CC8-92AD-542D4A42E4EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{711AD83D-D311-4B4D-9632-21DEFF874697}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{7124BE5E-3EE4-4D61-97CB-C33DEF024FCE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | 
"{7159CA44-AA4C-46AF-B694-1BD87C2615BE}" = protocol=6 | dir=in | app=c:\users\georg\downloads\solutoinstaller-e6b8ast5l2_u64642036.exe | 
"{71DEFC4B-960B-421C-940F-16C6D3C4BBAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snapshot\snapshot.exe | 
"{74EFEA79-D65C-4B92-8461-C31636966557}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dollar dash demo\binaries\win32\pkgame-win32-shipping.exe | 
"{7540E045-8BBB-4386-858B-F65126882C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynamite jack\dynamite jack.exe | 
"{76842340-811A-4F5F-81D5-4A5FFB31FC48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe | 
"{76D17AA4-EE08-4762-9FE8-91DA1AE678A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{76DB1ADD-A282-4D9D-A5F8-9418DFAC7F22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe | 
"{7AF4BF6F-46AB-4FE4-8AAA-1F143BFBF696}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B4E2733-4EEA-4CD1-B625-75C6665D26F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe | 
"{7B964A17-BBB8-4F13-80FA-A5A3AAF05E23}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{7D908B10-1C38-4769-9A75-BC9D66A95860}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7EEC5345-F3A9-44FA-B1C8-C78CF3882D21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe | 
"{82232176-6EB4-4766-AE60-377E53E8433D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge demo\edge.exe | 
"{8392C022-59A5-46AE-BEAA-C8D7C98C3C68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynamite jack\dynamite jack.exe | 
"{846B17A4-D3EF-4965-A0C5-50C1FB451412}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{84A69656-BB6B-4F93-A718-165CF398DE57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{88046B5F-9BC7-43FB-A411-E1B2A51E73CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe | 
"{893090A5-69E6-466F-83C0-8F9519F9E182}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8AD37577-D455-470E-8D86-93CCC3A2A70C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{8B31E6FF-71EB-413D-A73A-7E7C65B69995}" = protocol=6 | dir=out | app=system | 
"{8B8D8B72-72E5-4CC9-A16B-178987701E82}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8CD3848E-3792-49A9-8F38-D3F7B98045DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe | 
"{8E085FDA-E838-47E8-936F-9A1E21D02080}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{8E0CBC34-FCED-4277-A804-E6FECC0D95A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{91483DEA-C659-4458-A059-19D546C17096}" = protocol=17 | dir=in | app=c:\users\georg\appdata\roaming\dropbox\bin\dropbox.exe | 
"{920C4FCF-E1D8-4344-B758-CA8796D9E0B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\q.u.b.e. demo\binaries\win32\qube_demo.exe | 
"{92179944-7ADD-4223-B71F-C6FC0F7959AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{93174BB3-72AC-4213-A6D2-A7782D11ADE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\and yet it moves demo\and yet it moves demo steam.exe | 
"{9322A2FC-3687-4562-AB7D-B6EA3773A935}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe | 
"{93277BBD-7088-49B3-8A1C-F536A6D4C98E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{935A3F39-502F-49BF-8CF9-CD222FF4DC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe | 
"{96B6EF2D-E1D5-4B2F-8791-316F6143168C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{9A798454-2512-424B-808E-70EC7EC85EF5}" = protocol=6 | dir=in | app=c:\users\georg\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9B2C2901-C10B-4B31-9417-DADF99C877EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe | 
"{9BC448A0-B9D4-42E3-AEF5-33D211DD23B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{9C773F63-480D-48D9-851E-B5F3D7BB3A76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe | 
"{9DE63EEC-B64E-49E8-84DD-7D7E243B8E0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | 
"{9E41C02B-A035-492A-BD20-D6DE1605C802}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{A04DF716-F363-4879-B078-D60427D28276}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A18AEDC3-1A03-4830-9748-A7F2457CE7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{A2A547EE-AD30-46DB-B9FD-A818575E6174}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\construct2\construct2.exe | 
"{A31F1703-50A7-4B01-9502-A7BD5D1B3F92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe | 
"{A453E21A-8A79-4B27-A20D-6805A1D85AA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe | 
"{A559068F-2D8B-4CDB-A6DF-410A69DEF9A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snapshot\snapshot.exe | 
"{A8DBDFD4-5B05-4017-83FB-A7DC47FC4FB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe | 
"{A95C8862-2AB8-495F-A5A4-3733FBBCDD62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{AA52B48A-879D-4464-923C-5511DDB6FCA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe | 
"{AC3D4983-B57B-4871-92B6-FC6C2EA507CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe | 
"{AEEBC0BE-2D38-488A-8F20-B79974B37112}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{B03FCE91-C4C4-41EC-985D-E897A654E843}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splice\splice.exe | 
"{B0880123-0CE1-4EF8-8608-FF6261859FD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe | 
"{B242223F-BCD1-424E-AA0E-224E8B63D74E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{B63951A2-E054-45C0-9245-F98020C8C8DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe | 
"{B89C6ADF-1216-45BB-BA84-3A1686B49FD5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{B8E92B81-2811-48C5-9598-25E1D34386DF}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{BB6922F2-C7F1-439A-9C8C-1AB22ADE378A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dollar dash demo\binaries\win32\pkgame-win32-shipping.exe | 
"{C162DFD1-C932-4E4F-9662-44A07B948156}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe | 
"{C1B1965F-A9B8-410A-BA78-7E7704BD4BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe | 
"{C297135B-BE85-4F1D-B112-EFF03F01942A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{C399995E-F22C-4FE9-9E44-E2B55EA34AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe | 
"{C3EEEF3B-0E35-452E-8B9A-D0C622EAB5DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{C8BAB87C-33BF-4EE1-8957-CAF1C24A8A2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{C9731A15-D389-48C6-A389-0AD36A3CF68B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe | 
"{CAA57CAA-DC97-4861-9017-6C404866A0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe | 
"{CC64B360-7F7A-4B48-A85C-99B3FE5CF7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\construct2\construct2.exe | 
"{CDFF82B8-4954-43DA-A77E-F4B2A9CA460A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe | 
"{CE891ECD-C565-4C82-A218-7101E2BE0E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0607D3A-E6C6-4589-9283-57739F3B710B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{D0A4A1C1-43BF-478F-A5B2-BF70F4BA521E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{D296F08E-E7CC-4C23-AB17-47135ACDF78E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe | 
"{D3981BAB-E311-4F43-883E-0550CA69FE42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{D426FE15-4A86-4845-B47F-BED0B7AC2202}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe | 
"{D6A9F131-42B1-4E04-AE00-F0D65AF04911}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{D758E625-5793-489E-85BA-F5EB1F614A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe | 
"{D7F8B1E8-F136-4CEA-9EA0-143F4F931A46}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | 
"{DA0F39D1-1569-4B16-8AC3-D34A7644B32D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{DA8F01BE-0ECE-45AF-8372-741220F7DD5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe | 
"{DB162B2A-F9F1-4E5E-9445-EF2F43DCE4AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DE0671C5-72BC-4A3A-B763-B97223DA59A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe | 
"{DE455E1C-7593-48D9-8597-D08A16BE2C2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0666A68-A218-4559-A03B-3D35E951497B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashersdemo\castle.exe | 
"{E189450A-7912-454F-8A96-20D24425895A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe | 
"{E30DE2B0-6398-4ECF-B9D8-658E2BA94C26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe | 
"{E5D89B0E-3D6A-45BC-B3DB-D4F0ADD1CFC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe | 
"{E889CD10-C4FC-42FA-BE6B-F2D41CB61AA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a virus named tom\avnt.exe | 
"{E8E5251B-342D-47ED-99A9-6016311F551B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splice\splice.exe | 
"{EA36A1E3-5953-41BD-9381-2E5D7E3C27AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\and yet it moves demo\and yet it moves demo steam.exe | 
"{ED3AACEA-C243-4383-88F0-37E492E627C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe | 
"{EEBDA06C-531C-4640-ACC2-A23B7912880B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{EF335C66-8A29-43E1-A17A-FF54C8C0AFE3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{EFE42277-DA04-44FF-BDF3-76C0E6B8A5FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge demo\edge.exe | 
"{F3016282-04FE-420B-A647-F2ED96A7A43C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe | 
"{F33F69CA-A13D-458D-A79B-261DEC63F6E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe | 
"{F45077E5-AD36-400D-80C7-C7F5F8AFD506}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe | 
"{F472FA3D-59CA-4919-BE4A-4F6359518620}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe | 
"{F5062766-4699-4AE0-999F-0540885A0515}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F55EC96F-663F-46B0-8575-4DA801F0222A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe | 
"{F6597ED9-57BC-4FC5-9308-27B41005891D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe | 
"{F711FBE5-454B-42C6-A788-CDDE0DF5F143}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{FBF32FE3-14FD-4390-A6F3-03DCBF487AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe | 
"{FC5492EE-386E-4D4B-BFCB-029BB64AB48E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{FD727837-671D-4BB7-BFCE-478174A96334}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{FFEF1B46-0A1A-4DA9-B419-885A4AD0D4C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{061FD767-3EF5-47E5-A5D9-06A56A2A4CE6}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe | 
"TCP Query User{1AE0815C-48B0-4EA7-ABA6-95E313661AE3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{2C010792-5C69-484A-B1D2-4DB246405488}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{4881578F-5A0E-4687-BF89-DAF2A0DDAF32}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{6803224E-F28E-48C4-BAA6-986CFC932FD6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{7AF1649D-C5BC-474B-A8DF-99DD811691A0}C:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=6 | dir=in | app=c:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe | 
"TCP Query User{8E4D48EB-FFA5-48DC-A32F-9CEF7481F9DE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{32E80EE3-7E4D-4517-8B08-F193D3A5A801}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{5F63CE62-58D0-45EA-8A74-C551004C101F}C:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=17 | dir=in | app=c:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe | 
"UDP Query User{799FD4E8-2B74-482A-9944-87F788E22035}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{81819816-26CE-4937-BB26-EF234A999772}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe | 
"UDP Query User{937C1AB7-FB42-4F92-B2A6-5CB8098AA855}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{DBBF1DEF-B301-497C-B95F-F1DDB4BE1AEB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{DC1BB29D-3017-4E13-BA12-48E551B92548}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{34307828-B2DB-4473-A803-A314FC7AA889}" = Soluto
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel(R) Network Connections Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C2B318-E2DF-4EC4-AD1B-9FF3DD774A04}" = MAGIX Video deluxe MX Plus
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA8B68C-2576-4A4A-83BA-47941201FFB3}_is1" = skate's Thumbnail Tool Version 1.0.1
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FA06473-23F0-4372-8DD5-1EAE42503D93}" = MAGIX Video easy TERRATEC Edition
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{3629C581-D8D2-477E-A40E-D5E351DF066B}" = MAGIX Speed burnR (MSI)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.4.8
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDE6551-766A-4654-8F3A-838F0BCF15D1}_is1" = skate's Thumbnail Tool Version 1.0.0
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1" = Craften Terminal 3.3.4897.28268
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55EB2692-FAFE-4352-AACD-AB9379E57F08}" = XSplit
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{6438EBAC-5305-39A5-A93E-88CDFA6CE947}" = Google Chrome
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{709F7985-34DD-4F49-9F91-D429D3B49D26}_is1" = skate's Thumbnail Tool Version 1.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789C9644-9F82-44d3-B4CA-AC31F46F5882}" = Python 3.2.3
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5B9ED6-0344-4550-A4AB-C4499EB36053}" = SPC 700NC PC Camera
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B083076F-BCCB-4710-A4B1-6512134A16DE}" = Oozi: Earth Adventure
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{B2DC0B6C-C969-43B9-B6C3-6A6C1CAD46DF}" = MAGIX Screenshare
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative Zen Nano Plus
"{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}" = Adobe Flash Professional CS6
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DE43AA92-E8C0-4620-AFE2-FBD623C71643}" = Sizer 3.34
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akademie der Magie" = Akademie der Magie
"Audacity_is1" = Audacity 2.0
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bejeweled 3" = Bejeweled 3
"Bejeweled Twist 1.0.3.8137" = Bejeweled Twist 1.0.3.8137
"Bookworm Adventures Deluxe 1.0.1.100" = Bookworm Adventures Deluxe 1.0.1.100
"Bookworm Deluxe 1.131" = Bookworm Deluxe 1.131
"Build-a-lot" = Build-a-lot
"Build-a-lot 2" = Build-a-lot 2
"Cakewalk Sound Center_is1" = Cakewalk Sound Center 1.1.0
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cave Story" = Cave Story
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Chuzzle Deluxe 1.0.3.1132" = Chuzzle Deluxe 1.0.3.1132
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Crazy Machines Elements_is1" = Crazy Machines Elements
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"Das Drachenei: Die Geschichte des Wanderers" = Das Drachenei: Die Geschichte des Wanderers
"Das Geheimnis des Bermudadreiecks" = Das Geheimnis des Bermudadreiecks
"Das Reich des Drachen" = Das Reich des Drachen
"Das Vermächtnis der Insel" = Das Vermächtnis der Insel
"Diamond Drop 2" = Diamond Drop 2
"Die Wiege Ägyptens" = Die Wiege Ägyptens
"Die Wiege Roms" = Die Wiege Roms
"Dinos & Bubbles" = Dinos & Bubbles
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Flyonoid" = Flyonoid
"Fraps" = Fraps (remove only)
"Free Audio Converter_is1" = Free Audio Converter version 5.0.21.1212
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.430
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Gardenscapes_is1" = Gardenscapes
"GOGPACKCAPSIZED_is1" = Capsized
"GOGPACKDEPONIA_is1" = Deponia
"GOGPACKNEWBEGINNING_is1" = A New Beginning
"GOGPACKPID_is1" = Pid
"GOGPACKTREASUREADVENTUREGAME_is1" = Treasure Adventure Game
"Hammer Heads 1.0" = Hammer Heads 1.0
"Harvey" = Harveys Neue Augen
"Hühner-Rache Deluxe (VOLLVERSION)" = Hühner-Rache Deluxe (VOLLVERSION)
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Jumpin’ Jack" = Jumpin’ Jack
"Magic Encyclopedia" = Magic Encyclopedia
"Magic Encyclopedia 2" = Magic Encyclopedia 2
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"MAGIX_MSI_Video_easy_3_TerraTec" = MAGIX Video easy TERRATEC Edition
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Meine kleine Farm" = Meine kleine Farm
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Music Creator LE_is1" = Music Creator LE 5.0.6
"MuVo Driver" = Creative Mass Storage Drivers
"Mystery P.I. - The London Caper" = Mystery P.I. - The London Caper
"Nebel der Elfen" = Nebel der Elfen
"Nintendo_History_ScreenSaver" = Nintendo_History_ScreenSaver
"Nintendo_SMG2_ScreenSaver" = Nintendo_SMG2_ScreenSaver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Open Broadcaster Software" = Open Broadcaster Software
"OpenAL" = OpenAL
"Opera 12.15.1748" = Opera 12.15
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"Peggle Nights Deluxe 1.0.3.5802" = Peggle Nights Deluxe 1.0.3.5802
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"Perspective" = Perspective 1.0
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Puddle_is1" = Puddle
"RenegadeKidMutantMudds" = Mutant Mudds (remove only)
"Schatzinsel 2 (Vollversion)" = Schatzinsel 2 (Vollversion)
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Sheep’s Quest" = Sheep’s Quest
"Smash Frenzy 4" = Smash Frenzy 4
"Snowy" = Snowy
"Snowy Lunch Rush" = Snowy: Lunch Rush
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 105600" = Terraria
"Steam App 107110" = Bastion - Demo
"Steam App 111800" = Blocks That Matter
"Steam App 113200" = The Binding of Isaac
"Steam App 12910" = Audiosurf Demo
"Steam App 18710" = And Yet it Moves - Demo
"Steam App 200900" = Cave Story+
"Steam App 202290" = Sonic Generations Demo
"Steam App 202730" = Dynamite Jack
"Steam App 203810" = Dear Esther
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 204220" = Snapshot
"Steam App 204260" = Trine 2 Demo
"Steam App 204300" = Awesomenauts
"Steam App 204610" = Q.U.B.E. Demo
"Steam App 205700" = Quantum Conundrum Demo
"Steam App 206650" = Scoregasm Demo
"Steam App 207080" = Indie Game: The Movie
"Steam App 207100" = Castle Crashers Demo
"Steam App 207170" = Legend of Grimrock
"Steam App 207270" = DiRT Showdown Demo
"Steam App 207650" = A Virus Named TOM
"Steam App 208070" = Waveform Demo
"Steam App 209790" = Splice
"Steam App 211180" = Unmechanical
"Steam App 211360" = Offspring Fling!
"Steam App 212110" = Sugar Cube: Bittersweet Factory
"Steam App 212560" = Hell Yeah! Demo
"Steam App 214790" = The Basement Collection
"Steam App 214850" = GameMaker: Studio
"Steam App 215770" = Shad'O
"Steam App 216310" = Gateways Demo
"Steam App 218060" = BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
"Steam App 219680" = Proteus
"Steam App 220740" = Chaos on Deponia
"Steam App 220780" = Thomas Was Alone
"Steam App 221030" = Towns Demo
"Steam App 221260" = Little Inferno
"Steam App 221620" = Dollar Dash Demo
"Steam App 221640" = Super Hexagon
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 224520" = FLY'N Demo
"Steam App 227240" = Construct 2 Free
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 27000" = The Path
"Steam App 33400" = Zeit² Demo
"Steam App 35710" = Trine Demo
"Steam App 38700" = Toki Tori
"Steam App 38720" = RUSH
"Steam App 38750" = EDGE Demo
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 42170" = Krater
"Steam App 49600" = Beat Hazard
"Steam App 50010" = Nimbus Demo
"Steam App 57800" = Doc Clock: The Toasted Sandwich of Time
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 644" = Portal 2 Publishing Tool
"Steam App 65800" = Dungeon Defenders
"Steam App 70300" = VVVVVV
"Steam App 72000" = Closure
"Steam App 95300" = Capsized
"Steam App 97000" = Solar 2
"Steam App 99700" = NightSky
"STRATO HiDrive" = STRATO HiDrive (remove only)
"Strikeball 3" = Strikeball 3
"Super Mario Brothers 2 Screensaver" = Super Mario Brothers 2 Screensaver
"Superkuh" = Superkuh
"SysInfo" = Creative-Systeminformationen
"TERRATEC Grabby" = TERRATEC Grabby V5.09.1202.00
"Turtix" = Turtix
"Turtix 2" = Turtix 2
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo (entfernen)
"Yumsters 2" = Yumsters 2
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"Zuma's Revenge!" = Zuma's Revenge!
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2013 13:35:30 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 01.06.2013 13:35:31 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 01.06.2013 13:45:07 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 01.06.2013 17:44:45 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 01.06.2013 14:16:25 | Computer Name = Georg-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Da es nur Scans waren und keine Fixes oder sowas ist natürlich immer noch alles wie vorher. Außer dem Firefox wurden alle Browser bereinigt.

Gruß,
Georg aka Juri9

P.S.: Ich finde es merkwürdig, wie das ganze mit dem Zeichenlimit funktioniert. Bei neuen Postings werden die Sachen entweder an den letzten Post angehängt oder, wenn zu lang, ein neuer Post erstellt.
Das könnte mit der Reihenfolge leicht verwirren :'D

Geändert von Juri9 (01.06.2013 um 23:12 Uhr) Grund: Das Nachwort

Alt 02.06.2013, 06:42   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
FF - prefs.js..extensions.enabledAddons: %7Bc0c588b6-b11d-4898-af00-079fed05aa32%7D:20.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Georg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
[2013.05.04 08:50:20 | 000,651,215 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\stefanvandamme@stefanvd.net.xpi
[2013.05.04 08:50:20 | 003,242,364 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi
[2013.03.20 19:10:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Was macht Firefox?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.06.2013, 07:56   #15
Juri9
 
Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Standard

Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?



Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: %7Bc0c588b6-b11d-4898-af00-079fed05aa32%7D:20.1 removed from extensions.enabledAddons
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 removed from extensions.enabledItems
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\ deleted successfully.
C:\Users\Georg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll moved successfully.
C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\stefanvandamme@stefanvd.net.xpi moved successfully.
C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi moved successfully.
C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2764890169-2354917355-972681180-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Andere
->Temp folder emptied: 57341230 bytes
->Temporary Internet Files folder emptied: 523216449 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 172506406 bytes
->Google Chrome cache emptied: 400093784 bytes
->Flash cache emptied: 5843 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Georg
->Temp folder emptied: 1127797942 bytes
->Temporary Internet Files folder emptied: 914095451 bytes
->Java cache emptied: 983530 bytes
->FireFox cache emptied: 1141509060 bytes
->Opera cache emptied: 21475361 bytes
->Flash cache emptied: 65276 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 504984879 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78140 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 4.639,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06022013_084026

Files\Folders moved on Reboot...
C:\Users\Georg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Georg\AppData\Local\Temp\PDApp.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Firefox wurde nicht davon geheilt.

Gruß,
Georg aka Juri9

Antwort

Themen zu Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?
administrator, autostart, avast, browser, datei, dateien, explorer, firefox, gelöscht, infizierte, internet, internet explorer, log, löschen, malwarebytes, malwarebytes anti-malware, neue, nicht löschbar, portaldosites, programm, scan, seite, seiten, startseite, temp, virus, zurücksetzen



Ähnliche Themen: Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?


  1. Windows 8.1: MBAM meldet Fund "Heuristics.Reserved.Word.Exploit"
    Log-Analyse und Auswertung - 02.07.2015 (11)
  2. MBAM meldet "bösartige" Webseiten obwohl noch kein Browser geöffnet ist
    Log-Analyse und Auswertung - 08.03.2015 (10)
  3. Chrome Extension"BlOckThheADs" nicht löschbar
    Log-Analyse und Auswertung - 13.05.2014 (11)
  4. "You might enjoy reading" in jedem Browser
    Plagegeister aller Art und deren Bekämpfung - 28.03.2014 (15)
  5. Win-XP, Avira und MBAM Fund, Trojaner "TR/Drop.Softomat.AN"
    Log-Analyse und Auswertung - 23.02.2014 (9)
  6. Win8: Browser/Progs -"Not Responding" - Mbam--> 3xPUP optional.Installer
    Log-Analyse und Auswertung - 30.01.2014 (5)
  7. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  8. "Portaldosites" in jedem Browser
    Log-Analyse und Auswertung - 04.10.2013 (7)
  9. Browser/Werbe popup, "AppsHat", MBAM Funde, nach "Schrift-Download"
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (31)
  10. Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM
    Log-Analyse und Auswertung - 22.08.2013 (19)
  11. "Portaldosites" in jedem Browser
    Plagegeister aller Art und deren Bekämpfung - 03.06.2013 (3)
  12. Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM
    Log-Analyse und Auswertung - 13.01.2013 (20)
  13. Avira Fund "js/obfuscated.cf" und gleich darauf ""TR/SPY.KeyLogger.301" fund auf vista
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (19)
  14. Fenster mit "Das Profil konnte nicht gefunden werden" bei jedem Start Virus? Trojaner?
    Log-Analyse und Auswertung - 31.01.2012 (0)
  15. Habe "TrojanDownloader:Win32/Renos.jm" auf Rechner.Trotz Programme nicht löschbar
    Plagegeister aller Art und deren Bekämpfung - 17.02.2010 (31)
  16. Hartnäckiger Trojaner "Vundo" NICHT löschbar bzw. entfernbar!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2007 (1)
  17. Unbekannte Datei "XlmFJFc.exe" nicht löschbar.
    Log-Analyse und Auswertung - 06.06.2006 (37)

Zum Thema Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? - Tachchen, ich bin's mal wieder! Tja... seitdem ich heute meinen PC angeschaltet hab, ist ein wunderbarer Virus aktiv. In jedem Browser ist das nun die neue Startseite: Dieses "Portaldosites" lässt - Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?...
Archiv
Du betrachtest: Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.