Hosts Datei Veränderung durch Antivir geblockt

PhiK · 25.06.2013, 22:05

Hallo liebe Community und ehrenamtlichen Helfer,
mein Avira Antivir meldete mir gerade dass es einen Zugriff auf die Hosts-Datei verhindert hätte. Nun meine Frage: gibt es auch "positive" Veränderungen der Hosts-Datei? Ich kann mich nicht erinnern etwas "böses" geöfffnet zu haben. Oder ist es schlimm wenn Antivir nicht eingegriffen hätte? Ich habe schon danach gesucht aber keine Antwort gefunden. Ich hoffe ihr könnt mir weiterhelfen.
Schonmal vielen Dank im Vorraus.
(falls dieser Post im falschen Forum gelandet ist bitte ich um Verzeihung).

aharonov · 25.06.2013, 22:11

Hallo,

kann ich so noch nicht sagen, was da auf die hosts-Datei zugreifen wollte. Kann "gut" oder "böse" sein..
Schauen wir doch einfach mal rein:

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

PhiK · 26.06.2013, 15:19

Ok dann mal sehen:
OTL.txt

Code:

ATTFilter

OTL logfile created on: 26.06.2013 16:03:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Philipp\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,88 Gb Available Physical Memory | 73,96% Memory free
15,91 Gb Paging File | 13,66 Gb Available in Paging File | 85,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 85,95 Gb Free Space | 18,45% Space Free | Partition Type: NTFS
Drive E: | 15,04 Gb Total Space | 14,14 Gb Free Space | 94,06% Space Free | Partition Type: FAT32
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.06.26 15:52:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.29 02:10:44 | 001,000,760 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDYT.exe
PRC - [2012.11.29 02:10:14 | 000,835,896 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMovieViewer.exe
PRC - [2012.11.29 02:10:08 | 000,661,304 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2012.10.25 13:37:04 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.07.19 19:00:56 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.19 19:00:54 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.19 19:00:30 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.05.30 14:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.03.27 10:14:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2010.11.21 05:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.10.22 03:00:00 | 002,105,344 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 03:00:00 | 000,376,832 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.03 20:05:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\61a3e72228441a2dc4132dda9a4fd256\IAStorCommon.ni.dll
MOD - [2012.09.03 19:55:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012.09.03 19:55:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6118deeff1762cbab137f3b1925c506d\WindowsBase.ni.dll
MOD - [2012.09.03 19:55:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2012.09.03 19:55:07 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d055ead4fc81cb53572d538556b77960\IAStorUtil.ni.dll
MOD - [2012.09.03 19:55:05 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2012.09.03 19:55:02 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2012.09.03 19:54:59 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2012.09.03 19:54:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2012.09.03 19:54:57 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2012.09.03 19:54:54 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.06.28 10:53:00 | 004,941,768 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2013.06.25 15:52:57 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.06.11 20:53:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.27 00:30:12 | 005,127,200 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013.05.19 01:06:40 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.10.25 13:37:04 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.19 19:00:56 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.19 19:00:54 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.19 19:00:30 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.06.19 19:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2010.10.22 03:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.26 15:58:17 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2012.11.07 09:49:46 | 000,113,664 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012.11.02 16:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.10.26 20:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.10.03 00:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.07.03 00:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.06.28 10:51:36 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.05.15 14:55:42 | 000,398,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012.03.27 10:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.03.27 10:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.03.27 10:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2011.12.23 11:53:10 | 000,104,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.11.22 16:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.09.28 17:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.25 02:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2010.10.25 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.08.04 21:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 21:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009.06.15 14:56:48 | 000,527,632 | ---- | M] (TechniSat Digital S.A.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UDST7000BDA.sys -- (UDST7000BDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.27 13:25:10 | 000,027,160 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {59D06C15-FE2F-473F-8A22-DAB169B4CF55}
IE:64bit: - HKLM\..\SearchScopes\{59D06C15-FE2F-473F-8A22-DAB169B4CF55}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {59D06C15-FE2F-473F-8A22-DAB169B4CF55}
IE - HKLM\..\SearchScopes\{59D06C15-FE2F-473F-8A22-DAB169B4CF55}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {59D06C15-FE2F-473F-8A22-DAB169B4CF55}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {59D06C15-FE2F-473F-8A22-DAB169B4CF55}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
IE - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
IE - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002\..\SearchScopes,DefaultScope = {59D06C15-FE2F-473F-8A22-DAB169B4CF55}
IE - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: SQLiteManager%40mrinalkant.blogspot.com:0.8.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Philipp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.19 01:06:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.03 19:49:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.09.01 13:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2013.05.27 21:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\civprflo.default\extensions
[2013.04.05 12:20:36 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\civprflo.default\extensions\ich@maltegoetz.de
[2013.05.27 21:54:36 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\civprflo.default\extensions\firebug@software.joehewitt.com.xpi
[2013.04.26 19:42:40 | 000,248,978 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\civprflo.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
[2013.05.09 16:15:50 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\civprflo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.22 23:41:36 | 000,699,333 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\civprflo.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013.05.19 01:06:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.19 01:06:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Don't Starve = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\
CHR - Extension: Gmail = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002..\Run: [\\KLOCKE-PC\EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIE.EXE /FU "C:\Users\Philipp\AppData\Local\Temp\E_SE27.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found
O4 - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002..\RunOnce: [Uninstall C:\Users\Philipp\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Philipp\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4003385855-4199284421-3610613025-1002\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AFC8B00-81C1-4592-AD3C-7520539E9D5D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8aa81a87-f427-11e1-b3a5-3085a9af1eb5}\Shell - "" = AutoRun
O33 - MountPoints2\{8aa81a87-f427-11e1-b3a5-3085a9af1eb5}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.26 15:52:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013.06.25 22:58:01 | 005,127,200 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2013.06.25 22:57:41 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2013.06.25 22:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2013.06.25 20:23:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.06.25 20:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Overwolf
[2013.06.25 20:20:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nevareth Outpost
[2013.06.25 20:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Overwolf
[2013.06.25 20:13:44 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Overwolf
[2013.06.25 20:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CABAL Online (Europe)
[2013.06.25 20:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games-Masters.com
[2013.06.25 13:45:39 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Sony Online Entertainment
[2013.06.23 22:03:10 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\dragoon
[2013.06.23 15:35:40 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.23 15:35:37 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.23 15:35:37 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.23 15:35:37 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.22 15:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2013.06.22 15:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013.06.22 15:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2013.06.21 19:24:10 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\mcp751
[2013.06.14 13:48:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.06.14 13:48:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.06.14 13:48:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.14 13:48:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.06.14 13:48:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.06.14 13:48:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.14 13:48:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.06.14 13:48:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.06.14 13:48:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.14 13:48:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.06.14 13:48:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.06.14 13:48:54 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.14 13:48:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.13 17:42:27 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\FTBLite
[2013.06.13 15:11:22 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.13 15:11:22 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.13 15:11:22 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.13 15:11:22 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.13 15:11:14 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.13 15:10:10 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.13 15:10:10 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.13 15:09:32 | 000,000,000 | ---D | C] -- C:\Users\Philipp\FeedTheBeast
[2013.06.13 15:08:58 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\ftblauncher
[2013.06.12 16:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pointofix
[2013.06.12 16:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pointofix
[2013.06.03 19:32:14 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Unity
[2013.06.03 19:26:58 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Unity
[2013.05.28 20:51:30 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\TERA
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.26 16:06:27 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.26 16:06:27 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.26 15:58:35 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.26 15:58:17 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013.06.26 15:58:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.26 15:58:02 | 2112,487,423 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.26 15:53:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.26 15:52:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013.06.26 15:49:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.26 15:44:10 | 004,918,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.26 15:43:14 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013.06.25 20:13:23 | 000,001,290 | ---- | M] () -- C:\Users\Philipp\Desktop\CABAL Online (Europe).lnk
[2013.06.25 14:02:31 | 000,001,733 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013.06.23 15:35:35 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.06.23 15:35:35 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.06.23 15:35:35 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.23 15:35:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.23 15:35:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.23 15:35:35 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.22 16:02:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2013.06.22 16:02:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2013.06.21 16:29:19 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Warzone 2100-3.1_rc2.lnk
[2013.06.21 09:32:05 | 000,416,512 | ---- | M] () -- C:\Users\Philipp\Documents\Imperius.jpg
[2013.06.21 09:32:05 | 000,002,709 | ---- | M] () -- C:\Users\Philipp\AppData\Local\recently-used.xbel
[2013.06.13 15:05:04 | 000,510,899 | ---- | M] () -- C:\Users\Philipp\Desktop\FTB_Launcher.exe
[2013.06.12 16:32:06 | 000,001,032 | ---- | M] () -- C:\Users\Philipp\Desktop\Pointofix.lnk
[2013.06.12 15:56:38 | 001,491,622 | ---- | M] () -- C:\Users\Philipp\Documents\Zertifikat.pdf
[2013.06.12 15:52:13 | 000,363,991 | ---- | M] () -- C:\Users\Philipp\Documents\BerufsTestGesamt.pdf
[2013.06.12 15:51:59 | 000,360,293 | ---- | M] () -- C:\Users\Philipp\Documents\Gesamtergebnis.pdf
[2013.06.12 15:48:55 | 000,061,233 | ---- | M] () -- C:\Users\Philipp\Documents\BerufsTest3.pdf
[2013.06.12 15:48:36 | 000,056,857 | ---- | M] () -- C:\Users\Philipp\Documents\Teil3-Leistungstest.pdf
[2013.06.12 15:24:23 | 000,399,594 | ---- | M] () -- C:\Users\Philipp\Documents\BerufsTest2.pdf
[2013.06.12 15:24:08 | 000,396,128 | ---- | M] () -- C:\Users\Philipp\Documents\Teil2-Selbsttest.pdf
[2013.06.12 15:15:54 | 000,088,110 | ---- | M] () -- C:\Users\Philipp\Documents\BerufsTest1.pdf
[2013.06.12 15:14:08 | 000,084,604 | ---- | M] () -- C:\Users\Philipp\Documents\Teil1-Interessentest.pdf
[2013.06.11 20:53:29 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.11 20:53:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.10 18:49:40 | 000,036,352 | ---- | M] () -- C:\Users\Philipp\Desktop\Bandworkshop.2013.Hausl
[2013.06.07 20:16:24 | 000,002,115 | ---- | M] () -- C:\Users\Philipp\Documents\HFBackup.SC2Bank
[2013.06.05 15:19:41 | 000,001,200 | ---- | M] () -- C:\Users\Philipp\Desktop\Minecraft.lnk
[2013.05.31 18:15:49 | 000,313,722 | ---- | M] () -- C:\Users\Philipp\Documents\SauronBlau.bmp
[2013.05.31 18:07:11 | 000,292,622 | ---- | M] () -- C:\Users\Philipp\Documents\SauronBlau.xcf
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.26 15:43:14 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013.06.25 22:57:41 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2013.06.25 20:13:23 | 000,001,290 | ---- | C] () -- C:\Users\Philipp\Desktop\CABAL Online (Europe).lnk
[2013.06.22 16:02:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2013.06.22 16:02:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2013.06.21 09:32:05 | 000,416,512 | ---- | C] () -- C:\Users\Philipp\Documents\Imperius.jpg
[2013.06.21 09:32:05 | 000,002,709 | ---- | C] () -- C:\Users\Philipp\AppData\Local\recently-used.xbel
[2013.06.13 15:05:01 | 000,510,899 | ---- | C] () -- C:\Users\Philipp\Desktop\FTB_Launcher.exe
[2013.06.12 16:32:06 | 000,001,032 | ---- | C] () -- C:\Users\Philipp\Desktop\Pointofix.lnk
[2013.06.12 15:56:38 | 001,491,622 | ---- | C] () -- C:\Users\Philipp\Documents\Zertifikat.pdf
[2013.06.12 15:52:13 | 000,363,991 | ---- | C] () -- C:\Users\Philipp\Documents\BerufsTestGesamt.pdf
[2013.06.12 15:51:59 | 000,360,293 | ---- | C] () -- C:\Users\Philipp\Documents\Gesamtergebnis.pdf
[2013.06.12 15:48:55 | 000,061,233 | ---- | C] () -- C:\Users\Philipp\Documents\BerufsTest3.pdf
[2013.06.12 15:48:36 | 000,056,857 | ---- | C] () -- C:\Users\Philipp\Documents\Teil3-Leistungstest.pdf
[2013.06.12 15:24:23 | 000,399,594 | ---- | C] () -- C:\Users\Philipp\Documents\BerufsTest2.pdf
[2013.06.12 15:24:08 | 000,396,128 | ---- | C] () -- C:\Users\Philipp\Documents\Teil2-Selbsttest.pdf
[2013.06.12 15:15:54 | 000,088,110 | ---- | C] () -- C:\Users\Philipp\Documents\BerufsTest1.pdf
[2013.06.12 15:14:08 | 000,084,604 | ---- | C] () -- C:\Users\Philipp\Documents\Teil1-Interessentest.pdf
[2013.06.10 18:49:40 | 000,036,352 | ---- | C] () -- C:\Users\Philipp\Desktop\Bandworkshop.2013.Hausl
[2013.06.07 19:42:33 | 000,002,115 | ---- | C] () -- C:\Users\Philipp\Documents\HFBackup.SC2Bank
[2013.05.31 18:09:12 | 000,313,722 | ---- | C] () -- C:\Users\Philipp\Documents\SauronBlau.bmp
[2013.05.31 18:07:11 | 000,292,622 | ---- | C] () -- C:\Users\Philipp\Documents\SauronBlau.xcf
[2013.05.05 00:07:53 | 000,000,600 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\winscp.rnd
[2013.04.22 15:31:55 | 000,001,616 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\MPQEditor.ini
[2013.02.17 19:27:01 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI
[2013.01.11 10:54:25 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2013.01.11 10:54:25 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2013.01.11 10:54:25 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2012.12.17 23:29:59 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.12.09 14:03:11 | 000,000,600 | ---- | C] () -- C:\Users\Philipp\AppData\Local\PUTTY.RND
[2012.11.03 10:39:13 | 000,007,597 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
[2012.10.25 13:37:18 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.25 13:37:04 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.18 13:33:10 | 000,038,520 | ---- | C] () -- C:\Windows\SysWow64\RGBAcodec.dll
[2012.09.03 15:29:45 | 000,007,616 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\.freeciv-client-rc-2.3
[2012.09.03 08:53:11 | 003,328,544 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.31 09:06:21 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.08.31 09:06:12 | 000,041,839 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.06.19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >

PhiK · 26.06.2013, 15:22

und hier Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 26.06.2013 16:03:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Philipp\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,88 Gb Available Physical Memory | 73,96% Memory free
15,91 Gb Paging File | 13,66 Gb Available in Paging File | 85,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 85,95 Gb Free Space | 18,45% Space Free | Partition Type: NTFS
Drive E: | 15,04 Gb Total Space | 14,14 Gb Free Space | 94,06% Space Free | Partition Type: FAT32
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4003385855-4199284421-3610613025-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AEDA68-D548-4B7E-B230-D3DCAB140C35}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{10B2977E-1D0A-44AA-A3AF-A5117AC6D21A}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{12F82DFF-3885-4E0F-88F6-8E2EAEFBF20B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{13314102-A8C3-4CAF-B679-506258709EBF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1E5F33F4-E0B8-4837-A2C5-56EBBF58358E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1EEFA366-D8F9-4BCE-99EA-488570366E0B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{33D07124-FC4B-4C5B-B3FD-4E05B282B14E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{369F7629-D226-465B-B9E0-15274A7798FE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3BAB4D79-E2EC-4890-8EC1-93015F6B2C1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{409D979A-01F5-4467-8A9D-645EAE7A853F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{53BF0923-587D-44E3-ADF6-511E4602CC67}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{57BDCDE8-544D-46F3-BF08-9C1B61D9E1AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6DDF633E-DFB1-451B-A842-D4561D5CEDB4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{74CB4505-5697-42CC-8113-B7B00946542F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8745D0BB-434F-4A41-AE42-458A12F52E09}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A6E4366-09B8-4A3A-ADC9-705C74F6C875}" = lport=137 | protocol=17 | dir=in | app=system | 
"{90A2DABF-F777-4056-89BA-74A79C0F275F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C11BB4FE-5036-4D88-9907-0BDAA19DC892}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C2E48D8B-EEB4-494F-AA0F-6C1924DED08C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C52E9962-A320-4184-9972-69A09089BCA3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CEAAC1C0-38E5-4373-9F45-FF4339E3934D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E4D03A17-68A3-4E2D-95C8-0C516D09D1B3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E699D7E4-F8DA-4AE1-BDC8-9B2801E13F2C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EF063C60-856A-4526-921A-B21BEA13008A}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{F4ECEDCD-AD3E-4298-A4B0-25F8CB40B8D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F9F18E49-3048-4AC6-A147-C5A597BF6820}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005A43F4-82D4-45D8-A125-5D08C295A519}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{014640A7-DFE0-4815-BCB5-EAECB7C8B2DC}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{0185F69F-4A5D-432D-84EB-AFBB6EA92697}" = protocol=17 | dir=in | app=c:\program files (x86)\warzone 2100-3.1_rc2\warzone2100.exe | 
"{03F71CAB-4DE0-42FB-A338-743C112A08CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{05A71940-41BF-4BC7-917F-D52BFD07708D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{06177276-0C81-471B-B2FE-C1044520BBF7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | 
"{06760EE9-C4CE-4F02-B784-694D875A432E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0697B1D4-EC17-4EF5-821D-4AD319627D0D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe | 
"{0892937D-EF67-480E-BB92-0F63FE6595E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{0910DA7A-D82A-423A-94D9-A908C09AF5B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{0C797B5F-633E-455F-9CB2-6D2CF0128100}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe | 
"{0E79E80B-0681-454B-9273-DCDEDEA42ED0}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{0FB5B15B-B4F8-457F-956D-987D1680C6B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons\dungeonsstarter.exe | 
"{116C03C1-86BA-4D35-9820-5EEE0EA07A19}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{11C6B764-E976-46A6-88DA-F5E3B5369BB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{124E18D1-060B-423F-BF56-DF4BBEB87B10}" = dir=out | app=c:\program files (x86)\dragon's prophet\dp_x86.exe | 
"{12871B5D-1971-406B-981E-90982066FB22}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"{12E9617D-469B-4F33-96D3-F238D879AD2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{153FE42C-76DA-4F78-9236-29F9C7B1E720}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{154E00D5-0CAE-4943-AC11-23F755EB8742}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"{16BB978A-58F3-4F6F-BD91-E639171CBC98}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{18C4DAC1-540A-4E98-9C2E-CDB7228407C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{18FDE05A-77F2-4E5D-8FE8-C2BF8FF386BD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1958B486-8E68-4A5E-81A8-8BF16766525E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{196A0528-8DDD-424D-BB2C-03087E99E033}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"{1A010F51-AF31-4AC3-9837-BF860F3ED638}" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"{1DDA43CD-FE28-4BD1-B6D0-C0FF9A64CD94}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1E960267-4A0D-4CEE-BD5D-ABA0D0BC2E2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"{1EDF7613-F75C-4895-9261-E4B4EA6FF3B5}" = protocol=6 | dir=in | app=c:\program files (x86)\warzone 2100-3.1_rc2\warzone2100.exe | 
"{241F2D76-055D-415C-9CEC-107BBB2177CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{266564DD-D044-45E9-B17F-D2112628E1CA}" = protocol=6 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe | 
"{26B962E6-195F-437C-BC67-8CDBA3835F18}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"{28FECCEC-1269-4754-8498-4DAFA9049269}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"{2A4FFCD4-6032-4440-B6B4-04C0861D32EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons\dungeonsstarter.exe | 
"{2AD67A29-8174-45DE-91E7-9A6C18751074}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{2B6CCB59-C6E5-414B-B458-296F0F07C401}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\killerpinguin1\source sdk base 2007\hl2.exe | 
"{2CA17EBE-250C-461E-9796-BDB65604312C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2D1A7FBB-EC56-47D1-9EE0-B19786127B5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\james cameron avatar\bin\avatar.exe | 
"{2D72B0AA-EEFE-402C-BE87-5342538B6265}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{2D769F17-236C-43E6-8F3A-B11A158A6D35}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{2E4EE102-4522-4901-9572-65D205DDF8EE}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{2EB28E7C-2256-454F-A43F-46D5E6E9A555}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kerbal space program\ksp.exe | 
"{2EC7B944-D776-4A3B-88C1-08857851E6E8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{2F30398D-1FC8-449D-8C00-20235276711E}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{30B65EEA-60A7-427F-88C1-81E059A1EF0D}" = protocol=6 | dir=in | app=c:\program files\openttd\openttd.exe | 
"{32B2BA23-7089-40CF-8874-55960F27FDB2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{34DE0B0B-242D-49A4-BC4A-DBA84FDC8EFC}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{36F49162-971F-4FFF-8AFA-D51FED32E268}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{38D32849-1423-4D6C-B934-E72B7753EE12}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3A9FEF60-E1B0-4210-A9A3-A4CA4EE89F50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\killerpinguin1\source sdk base 2007\hl2.exe | 
"{3B99D820-1CD2-4EC8-A6C4-8C93D51CFABB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{3CD4ABEA-F8E9-4412-A879-7115F98F20F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{42923C19-9814-4B7E-B981-4BE6998DDDF1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{42F4E32C-78A7-438A-A9DF-1AC15C57BC91}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{43E95BF9-085F-402E-A2A9-DF511E9FACAB}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"{471BDA83-1F0C-4443-A942-11F8EBC9F202}" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"{4CC141AE-2ED6-48A9-956B-8682D87D299B}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{4CCE7CEE-C75C-4869-A40A-164B12F27BDC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{4E74BC87-EDD2-4F43-898A-A5037E15693E}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"{4FF187EB-722B-4B74-97BE-644FB8DDC04C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{5013CF50-AE15-4BB0-8ECD-9866F31578A9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{55BA6BE5-6D3D-4186-AA04-6D0F355979C1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{560DC2C8-209D-4063-9928-8EC5087BC193}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{5F0F9D6D-A62E-4659-BD37-CA8AF9A940E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\killerpinguin1\team fortress 2\hl2.exe | 
"{5F2E2EB3-1611-411C-AC9A-C2215AC35DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{5FFB6991-9833-4EDA-87AF-77A2BC8B372D}" = protocol=17 | dir=in | app=c:\program files\openttd\openttd.exe | 
"{60CAE0AE-2B2A-4157-A985-FC72520B1BD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61A5C593-181F-41D2-8702-299341F43FC1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{622C02B3-F2BC-49B0-9D3E-410BC3845D9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{6265FF8D-D6D8-4C87-A6BB-6035CDFE6D45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"{6469E70A-CA13-41E4-904A-AA2B039B124C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\james cameron avatar\bin\avatar.exe | 
"{64EE9219-1C04-49A9-8B3A-136EB662FF36}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{6594466A-0C8E-45A9-9A0E-F0A15B7E57D2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{69661039-D598-4EBA-B004-3A983F30E73F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6D4F0CC9-2D40-40E3-84BF-5D179BE46907}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6EFEC285-AABD-4707-9598-82801BCCF013}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{724A3B1B-E067-465A-92DA-D1174F79F9DE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{77679085-B4DD-4BCA-94D1-B9D1E20502EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{78501E23-B4CB-4B65-9848-5C777F172CD0}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"{785323DF-CCAF-4CDA-B765-1D22691F8826}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"{786A1949-2062-4009-8A8D-A4DE403F37D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{7D3FB100-AA5B-4181-86A4-27B5732E858A}" = dir=out | app=c:\program files (x86)\dragon's prophet\launcher.exe | 
"{7D88B8E5-5DB8-43E0-AFBF-D6994800A044}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7E704C79-D16C-4B4D-9360-504E8BC4F74A}" = protocol=6 | dir=in | app=c:\program files (x86)\wing commander saga\wcsaga_sse2.exe | 
"{7F95CAB1-8B86-4E34-95D8-8E2A161531C4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7FEFFFFC-5A2D-4F1B-ACB9-3851746AAA74}" = protocol=17 | dir=in | app=c:\program files (x86)\wing commander saga\wcsaga_sse2.exe | 
"{809231B6-CB78-4D32-AAB3-0DD2EED0F8FE}" = dir=in | app=c:\program files (x86)\dragon's prophet\dp_x86.exe | 
"{80BE1917-0F20-4337-B095-D8740650C556}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{8257DF10-4ED5-481B-9AC4-163234BE7839}" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"{82930146-908F-4E5B-A6CD-80648A1257C5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{8467C2A5-15F4-4A13-B8B3-DC4C82B0F0E3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{84822140-5DF4-4C0B-ACAE-3499E2F85A3F}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"{85E91D04-07A0-42D6-9165-1463FA40BC89}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{8867813F-991E-42E4-9C6A-F261781BE91F}" = protocol=17 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe | 
"{8A091FE5-74A1-4D50-B8D4-5B97089679EA}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{8A3ECECE-54A6-4310-8F34-C53B1F1CA331}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E75E793-B7CE-4B3B-8812-C6B0CAA7245A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{8E7BB09E-2EC6-4528-B221-416636C62918}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{8EF4AB93-09CE-4F86-888A-B8358C1258AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{94602104-08FD-4012-95F6-7736A52E609F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\killerpinguin1\team fortress 2\hl2.exe | 
"{94B3F894-7880-4D5B-B8CC-51E3B87607C9}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{98315B80-86B4-4986-A32E-12751717221B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{985C711F-927B-4704-84FC-45BE2CC87676}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{98C37AEF-6EAA-4377-997E-FAE3DE06D4D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{9C6BE03C-AE32-49C2-98D7-D260CC79B58D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{9D0B6448-9627-42BC-B772-735FD4CAAD00}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{9E04B727-6446-48B8-B357-A0154EBC2BF4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{9E313285-014B-4C4D-A0CD-1A7702188857}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{9EF52F24-8D73-45F6-B920-A33FFF740A13}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9F8B30C5-F404-4DE8-BBFC-002CA6D20FB3}" = dir=in | app=c:\program files (x86)\dragon's prophet\dp_x64.exe | 
"{9FF53637-5391-4E9B-AF00-4139272B9FF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{A0A6255A-B68E-4A77-800B-472140237AB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | 
"{A19EFB85-A7A5-4648-BFD6-35B9307421ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe | 
"{A26198A9-4990-4C5E-9B4D-0FA2DC5AE0BF}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{A6C3C002-CFF5-4DB0-A197-EE765AB89213}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"{A71BA6CD-BE4F-4B3C-8F56-11AFEEED8E0D}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{A8759B3D-5317-432F-9DBC-891510F2B9DB}" = protocol=17 | dir=in | app=c:\program files (x86)\lightworks\lightworks.exe | 
"{AA08ECD4-C880-4336-AB0A-95BD3A0B647C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{AA35E2C2-AFAA-4DA1-B6E4-76DED384BFCE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{AB97D24F-61C4-4F8D-8DED-63AF1262C81B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{AB981E06-0F0A-4A4D-A573-26536229FE28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AE0A4547-5F4C-4026-B6A8-DD37B3DDBE66}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"{B16CCFCB-5099-4762-86AE-041A0CFA0FF0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kerbal space program\ksp.exe | 
"{B1D71E05-15F3-43AA-AC4D-A6A1849F8AD0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B22524E1-8284-4355-9C90-ACC108012962}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"{B33B4204-0021-4397-8A44-180FE51CD243}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{B3C60141-9541-40C5-84E5-84B7220DBBDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B4641DDC-5077-4D25-95EF-BED1FFA50A70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{B50E99F1-F0DA-4D92-A62E-BF6E804CB1C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{B5F5F951-64A0-425B-8289-12643512CE69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B752113C-EC57-476E-85EC-966EAD1AE83F}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{B9089EFE-1E15-4BD0-A000-258F5912A5F2}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"{B9C48D72-82CC-4AF3-AC39-2792A971039A}" = protocol=6 | dir=out | app=system | 
"{B9E810BB-3DA9-47F1-BB3C-EF4A3B13B22E}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{BAB7492A-6D2F-4BA4-A0C2-0E156E9FCF40}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"{BD0432D0-73F1-49E0-A8FF-34FD8B998B2A}" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"{BFA5D30E-BDB8-48D9-A178-4BF68F3F43CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"{C1888F70-FE5F-4DE0-A014-E0687C1076DD}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{C1A799D8-BD23-4BD9-AE2B-30152C2CC097}" = protocol=6 | dir=in | app=c:\program files (x86)\lightworks\ntcardvt.exe | 
"{C44BCF2B-46B5-440F-A36B-D074E19CA909}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe | 
"{C634E6BE-AA27-4F4E-B012-71616B7B11C4}" = protocol=17 | dir=in | app=c:\program files (x86)\3do\heroes 3 complete\heroes3.exe | 
"{C73CC6EE-B1F8-416B-A5E4-60D581A9B32C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{C79514FD-3979-4AB2-8072-98CD8D39563C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C79A403B-4C3C-408D-92E4-21E4C379F869}" = protocol=6 | dir=in | app=c:\program files (x86)\3do\heroes 3 complete\heroes3.exe | 
"{C7EEFEBE-EE28-4F4F-93D8-8DAD19AAC5A4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CAEA4B3E-EACD-42DB-92CC-9C1EAB431D2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe | 
"{CCADCDD8-55C0-45B4-A538-2A1A36C195C4}" = protocol=6 | dir=in | app=c:\users\philipp\appdata\local\temp\gw2.exe | 
"{CEAE689D-28A8-4EBE-AEB6-41F04D634F7F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{CF63C9B6-89ED-47DB-8B2F-CE2F3FCBAEA8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{D0866598-2DE6-4527-BB29-15EB3BF3703B}" = protocol=6 | dir=in | app=c:\users\philipp\downloads\nc111nt\nc.exe | 
"{D1371D21-FD49-46B0-A55B-4790DDBAB292}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe | 
"{D2D7D358-7D3D-4965-B820-346040DC92BE}" = dir=in | app=c:\program files\tightvnc\tvnviewer.exe | 
"{D48DEE6E-629E-4DC5-A93F-B3483CFB819A}" = protocol=6 | dir=in | app=c:\program files (x86)\lightworks\lightworks.exe | 
"{D52530FD-C673-494D-BD0F-D2F4754E8024}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{D5365DED-4087-451A-B690-3A65BA8193F1}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"{D97E34B4-3919-4085-BBFD-54B5ACBF2696}" = protocol=17 | dir=in | app=c:\users\philipp\downloads\nc111nt\nc.exe | 
"{DAFD87DE-DD82-4A9B-B92D-DFC22FDE4D1C}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"{DBF581FD-BC8D-4E37-8FA4-61B06D8F8940}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DE661E6A-A0D5-4C4D-9C89-D27D7DA31593}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DE6F111A-B120-4716-86BC-A5CF9835A804}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{DFBD74C5-73AF-480D-8D4E-D6A289B6FCD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{E1EC2086-47B7-4331-8A2A-C465D1588A19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{E25C9939-6E58-4184-A35F-D9D3F2476D49}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"{E3E7E68A-1DB3-4983-B9FC-9BB250F02B2D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{E74A54C9-EC18-4188-8FDA-57FA2D38A9B4}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"{E8048A3C-C359-441D-A335-BA6FD8AC44DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe | 
"{E81C6993-3655-4763-B0E8-560B65A006C2}" = protocol=17 | dir=in | app=c:\users\philipp\appdata\local\temp\gw2.exe | 
"{E8589ACA-39DE-4036-A095-700924291F62}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E878357B-A845-44CC-A5A2-AEB206F4D43C}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"{EBC0E6EE-A10E-4768-A686-5ECF28ED68B1}" = protocol=17 | dir=in | app=c:\program files (x86)\lightworks\ntcardvt.exe | 
"{ED56744F-9B4E-4E97-B4AB-5F45CCE7D2D7}" = dir=in | app=c:\program files (x86)\dragon's prophet\launcher.exe | 
"{F02D5E52-394E-4919-B899-B09192F13144}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F160A2B6-767F-4D5F-8562-396A7769661E}" = dir=out | app=c:\program files (x86)\dragon's prophet\dp_x64.exe | 
"{F3A5CD84-E6EB-46C5-AF2B-E0674360CCDC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe | 
"{F4A66311-0537-4C34-98C9-6D2C5568FDCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5FAFE53-F054-462D-B60A-81D074987EB5}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"{F9842FA6-2F9E-4534-B899-159903DE72F0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FBE52B1E-D808-4678-AE7D-0E74F1BC1994}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{FD2EF3C2-B79F-4C99-B2CE-2D55B3543218}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{FE3CEE63-C314-488E-B4F1-ADF9FCC69FF8}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | 
"TCP Query User{1A44B413-C2E5-408C-AE9A-4847DD734276}C:\program files (x86)\steam\steamapps\killerpinguin1\source sdk base 2007\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\killerpinguin1\source sdk base 2007\hl2.exe | 
"TCP Query User{233D56AB-4B6D-457D-9EA7-245D8737E366}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{23616D37-8032-4DDA-9151-0ABE9BC94B9A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{34D25425-B0BA-4641-8F49-8BC3E63D6CD5}C:\program files (x86)\3do\heroes 3 complete\heroes3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\3do\heroes 3 complete\heroes3.exe | 
"TCP Query User{368012ED-E8CD-473C-977D-6A78023FA463}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe | 
"TCP Query User{38E0B1A3-7424-4D4D-B78E-A67475A73EE1}C:\program files (x86)\warzone 2100-3.1_rc2\warzone2100.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warzone 2100-3.1_rc2\warzone2100.exe | 
"TCP Query User{397B4172-D68E-464F-997E-D5E36555EE45}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{3EE410D0-A1A2-464C-91AB-F03DEFC5DE3E}C:\program files\openttd\openttd.exe" = protocol=6 | dir=in | app=c:\program files\openttd\openttd.exe | 
"TCP Query User{41776FA9-C348-43EA-92F5-331AC843D2D4}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=6 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe | 
"TCP Query User{4C50E3EC-45FB-45B3-B9B7-D3001C7F5D8A}C:\users\philipp\downloads\tshock 3.7.0.0204\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\philipp\downloads\tshock 3.7.0.0204\terrariaserver.exe | 
"TCP Query User{5428A4CA-98EB-4A1D-9501-8AC5D4899502}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{557D7F77-53B1-43E5-9276-19C131A83BB6}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{5BBAE833-4ED6-4E1E-91D7-8D1BC8203B5E}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{5E4406DE-E12F-48A8-A9BC-925218451CBD}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{6D96DDBF-CC0E-4AAD-BEC6-5B31D3588EB9}C:\program files (x86)\steam\steamapps\killerpinguin1\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\killerpinguin1\team fortress 2\hl2.exe | 
"TCP Query User{6DFA855D-B1F8-4740-B58C-6A67C28C404E}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{78E4CA40-94C5-4F0B-A73D-2FC853F0CCDA}C:\program files (x86)\gogcom\dungeon keeper 2\dkii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gogcom\dungeon keeper 2\dkii.exe | 
"TCP Query User{7B0359FD-8EFA-40DC-B25C-DA4C4AA7090E}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{7B6B079B-F63B-4092-B7D9-8CD526EC24A1}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{85E38EE0-3A21-4DDB-A297-5BCAE0F9D26E}C:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe | 
"TCP Query User{90995ED3-1556-4341-8193-3A33702AB7A9}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{A505F9EF-EF19-4C1B-A73F-F7254F5C411A}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{A6CD06F4-0564-4DC3-BCB1-A7701E6E798D}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{A9891425-4088-4973-8B03-F00F7E7A0FE1}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{AAC5B70F-7C24-432E-AA92-8F92C99ED385}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{B359703B-A846-4EE8-B309-FD9861889ADF}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{B934B96C-5071-4940-A51E-9E5B913F046E}C:\users\philipp\downloads\nc111nt\nc.exe" = protocol=6 | dir=in | app=c:\users\philipp\downloads\nc111nt\nc.exe | 
"TCP Query User{C937C4F4-B472-4ECE-8D06-72404EF29DA0}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{CABC7A59-A87E-416E-924A-664732E58F38}C:\program files (x86)\wing commander saga\wcsaga_sse2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wing commander saga\wcsaga_sse2.exe | 
"TCP Query User{D88DE254-A97C-437F-BC5C-4B6064670DCE}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{DAD42EAD-3626-4876-AEFB-8EB740F0D968}C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe | 
"TCP Query User{EF887B86-C652-4077-AB3F-FC926E38522E}C:\users\philipp\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\philipp\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{F2E75C50-FEE9-439C-8F05-C7A50DD8C58A}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{F5CE6917-0130-48BB-B500-F62DA3DAAB70}C:\users\philipp\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\philipp\appdata\local\temp\gw2.exe | 
"UDP Query User{0461FFC4-61D8-4A15-975D-22138986EF9A}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{0C840A4F-F22F-476A-89A9-A10A65719A48}C:\users\philipp\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\philipp\appdata\local\temp\gw2.exe | 
"UDP Query User{165F829B-E3A3-4A4B-8278-255F56B1C958}C:\program files (x86)\3do\heroes 3 complete\heroes3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\3do\heroes 3 complete\heroes3.exe | 
"UDP Query User{22CC600A-1D95-48D2-AC53-4932180D7717}C:\program files (x86)\steam\steamapps\killerpinguin1\source sdk base 2007\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\killerpinguin1\source sdk base 2007\hl2.exe | 
"UDP Query User{25E9C9AE-AAAA-45B4-BD74-3ABE8E405D54}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=17 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe | 
"UDP Query User{350105CC-046E-4078-BC92-3AA1C4600C72}C:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe | 
"UDP Query User{3A22D596-A359-43E9-A84D-D99CFDEAC04F}C:\program files (x86)\gogcom\dungeon keeper 2\dkii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gogcom\dungeon keeper 2\dkii.exe | 
"UDP Query User{46721A4D-11F5-40E1-A305-94AB42249ED3}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{4CDC946A-E4CA-47A8-9A14-7CDCF8CF1B22}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{66B66AE4-6A26-441A-B13C-E3481FFF2DFC}C:\users\philipp\downloads\tshock 3.7.0.0204\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\philipp\downloads\tshock 3.7.0.0204\terrariaserver.exe | 
"UDP Query User{6E263383-8FB4-4D30-AE1F-A52AA705E380}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{7098F7C2-AA20-4B28-ABC8-870921EFA396}C:\program files (x86)\warzone 2100-3.1_rc2\warzone2100.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warzone 2100-3.1_rc2\warzone2100.exe | 
"UDP Query User{7C489803-269E-4C87-859C-D3653DAA93FD}C:\program files (x86)\wing commander saga\wcsaga_sse2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wing commander saga\wcsaga_sse2.exe | 
"UDP Query User{83431DD8-362D-4983-8624-654BF1DDC58A}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{83BCDA8F-65F5-4DCB-A473-FD77A36FCC8B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{8FFCE552-3070-41C4-92F2-B61C4ACAE13E}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{94299BA3-E6F1-4079-8CBD-D73C4E440D71}C:\program files (x86)\steam\steamapps\killerpinguin1\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\killerpinguin1\team fortress 2\hl2.exe | 
"UDP Query User{9A8B6F5C-3746-4ED2-8623-CFDAA00C0619}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{9B5318C8-9403-45E4-B658-5410C97C52DF}C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe | 
"UDP Query User{9E0E50C2-4DDA-433A-BA39-C6CD2FF15194}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{A24BE276-16CE-4108-B545-4EB7F0DAC765}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{A95C787D-3CFF-4F4B-AA4B-60DDC0D064E0}C:\users\philipp\downloads\nc111nt\nc.exe" = protocol=17 | dir=in | app=c:\users\philipp\downloads\nc111nt\nc.exe | 
"UDP Query User{AA92AAC6-7481-40A3-A2E1-E6E4E3F42621}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{B46715AA-1B8C-44B5-84BB-464A940D39CA}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe | 
"UDP Query User{BF136425-EA31-46F8-B0F9-F8A82FF7AD08}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{C37DF647-1BC0-4F2C-A732-0AEEF4DF40EA}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{C63AFA6A-F0A2-4CF9-A0E6-242D6DA6AC0B}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{CDD7F3E4-BDF0-4622-85DB-E8D03948F05A}C:\users\philipp\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\philipp\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{CED782EA-2A63-4062-AA51-DAEA4471B9F3}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{D5ADF7DE-B3F0-4A01-8BEC-330F8661E74B}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{DD9764E8-174B-4AB9-8275-2C7F10872AC7}C:\program files\openttd\openttd.exe" = protocol=17 | dir=in | app=c:\program files\openttd\openttd.exe | 
"UDP Query User{DE31DB6C-576B-4F93-9AA1-5596AFF5941B}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{E4A8B468-7E34-4E5B-8C00-BF917087F77A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{F3C050A2-07D1-43C7-BE0C-C696523459AB}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170130}" = Java SE Development Kit 7 Update 13 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}" = Python 2.7.3 (64-bit)
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D71C967C-8709-4334-BF16-952469E96DCD}" = TightVNC
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6FD24B4-34A3-4635-8ECD-7B5C791EAE5F}" = Wing Commander Saga 1.0.2.7795
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"FlightGear_is1" = FlightGear 2.8.0.5
"GIMP-2_is1" = GIMP 2.8.2
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AA59D7-B92D-4A06-8D06-0596081C0E68}" = Photo Gallery
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.5.0
"{0DB44859-4112-4946-BE5E-A4275B3FFB5E}" = Furry Voices for Second Life
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1951F3A1-110D-4F5B-8346-9D0E735A54E0}" = Windows Live Writer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{216E21F4-0489-4311-92D6-20D1FB950FCE}" = Sci-Fi Voice Pack
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
"{2AE414B5-7FE6-49A3-93C8-D864162CDEBC}" = Windows Live UX Platform Language Pack
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38547BC2-D932-4D3D-88DB-B0C33A34B469}" = Windows Live Messenger
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{43475DF9-3F29-4C45-9045-BDCEF39C17E8}" = Windows Live Writer
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}" = Male Voice Pack
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{46B14AF1-EDFA-4088-AB2B-22A8128A1C54}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{602A1471-063B-4E03-9DCE-0210B914EFF5}" = Translator Fun Voice Pack
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{60ADEF86-A867-47A0-9C8E-9B7E2AB3F87C}" = Windows Live Writer Resources
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{62DAB694-358E-4C6F-82BF-26DA64B297A6}" = MorphVOX Pro
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{698ED639-3A26-49EF-B1EF-CD89CB97C778}" = Windows Live Essentials
"{6BF29613-DEEF-44BA-93C1-431B9723041C}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73954A36-638C-4052-91BF-3FB59948B301}" = Windows Live Family Safety
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7541F284-7167-4729-B1C1-0A3F7FC38EF3}" = Windows Live Messenger
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{803D4B7D-71CD-46B9-8F89-8BFD73920FAF}" = Windows Live UX Platform Language Pack
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{884DF67C-F47D-4B09-B474-C3B7D51CA52A}" = Windows Live Family Safety
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{913C4C4F-9E3E-41A6-A614-1BDC1352A225}" = Special Effects Voices
"{91B930B5-9281-4A6E-8E74-978247499AE7}" = DayZ Commander
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959BC6D1-38C8-441F-9466-9ECCD4E68413}" = Galería de fotos
"{97373E60-D071-418A-87F1-A969EEEEBDAC}" = Windows Live Essentials
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A929A7EA-4DFB-48F9-AAF6-C880DF64FB73}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AFFBC271-AA8F-4908-BEAE-491B96AC57C4}" = Windows Live Mail
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B2091805-8B42-44C2-AE76-AD1183E63985}" = Windows Live Family Safety
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B89EE842-D398-4EAC-A3DF-47280B285DD9}" = Windows Live Mail
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C427F09B-25F5-49F7-9AD8-9AFD10EA925C}" = Windows Live Family Safety
"{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
"{CCDB7ADB-1643-4C30-B39D-1562CFE51420}" = Movie Maker
"{CDA04BEC-2F20-4E3C-A0E0-D75C8DE255D8}" = Windows Live Writer Resources
"{CE9F9FBC-5253-46D2-9883-09E55003D794}" = TechniSat DVB-PC TV Star
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D555C389-F793-443A-B012-A3D70590CF3D}" = Windows Live Writer Resources
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D77A6FED-256C-4E2F-9873-59C92C854A4E}" = Photo Common
"{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer
"{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}" = Galactic Voices
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1DA4302-1C06-4533-AF6D-9D68B01FCB34}" = Movie Maker
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"CABAL Online (Europe)_is1" = CABAL Online Europe (Europe)
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CrypTool" = CrypTool 1.4.30
"Diablo III" = Diablo III
"DVBViewer TE2_is1" = DVBViewer TE2
"Dyson_is1" = Dyson v1.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FileZilla Client" = FileZilla Client 3.6.0.2
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"HD Tune_is1" = HD Tune 2.55
"Hero Fighter" = Hero Fighter
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"IrfanView" = IrfanView (remove only)
"Little Fighter 2" = Little Fighter 2 version 2.0a
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"marsshooter" = M.A.R.S. - a ridiculous shooter (remove only)
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.2.2
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"phase-6" = phase-6 2.3.1
"Pointofix_is1" = Pointofix
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 105600" = Terraria
"Steam App 113200" = The Binding of Isaac
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12900" = Audiosurf
"Steam App 201790" = Orcs Must Die! 2
"Steam App 212680" = FTL: Faster Than Light
"Steam App 218" = Source SDK Base 2007
"Steam App 218230" = PlanetSide 2
"Steam App 220200" = Kerbal Space Program
"Steam App 230410" = Warframe
"Steam App 33280" = James Cameron’s Avatar™: The Game
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 570" = Dota 2
"Steam App 57650" = DUNGEONS - Steam Special Edition
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VLC media player 2.0.3
"Warzone 2100-3.1_rc2" = Warzone 2100-3.1_rc2
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.1.4
"xampp" = XAMPP 1.8.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4003385855-4199284421-3610613025-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"SkyDriveSetup.exe" = Microsoft SkyDrive
"SOE-C:/Users/Philipp/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2013 11:13:40 | Computer Name = Philipp-PC | Source = Application Hang | ID = 1002
Description = Programm League of Legends.exe, Version 3.8.0.228 kann nicht mehr 
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: f78    Startzeit: 01ce71b6345152eb    Endzeit: 38    Anwendungspfad: 
C:\Program Files\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.235\deploy\League
 of Legends.exe    Berichts-ID:   
 
Error - 25.06.2013 16:58:11 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: itype.exe, Version: 2.0.162.0, Zeitstempel:
 0x50934cc8  Name des fehlerhaften Moduls: npggNT64.des_unloaded, Version: 0.0.0.0,
 Zeitstempel: 0x519f3d8c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000458a30f5
ID
 des fehlerhaften Prozesses: 0x83c  Startzeit der fehlerhaften Anwendung: 0x01ce71a5c307e7f8
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Pfad
 des fehlerhaften Moduls: npggNT64.des  Berichtskennung: f17116e5-ddd9-11e2-97fb-bc05430d5837
 
Error - 26.06.2013 09:44:19 | Computer Name = Philipp-PC | Source = ISCT Agent | ID = 1003
Description = 
 
Error - 26.06.2013 09:45:38 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2013 09:58:17 | Computer Name = Philipp-PC | Source = ISCT Agent | ID = 1003
Description = 
 
Error - 26.06.2013 09:59:59 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.06.2013 09:52:45 | Computer Name = Philipp-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800736b3 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2604115)
 
Error - 26.06.2013 09:52:45 | Computer Name = Philipp-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800736b3 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2790113)
 
Error - 26.06.2013 09:52:45 | Computer Name = Philipp-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800736b3 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2758857)
 
Error - 26.06.2013 09:52:45 | Computer Name = Philipp-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800736b3 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2829361)
 
Error - 26.06.2013 09:57:20 | Computer Name = Philipp-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7 für x64-basierte
 Systeme
 
Error - 26.06.2013 09:57:20 | Computer Name = Philipp-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800736b3 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
Error - 26.06.2013 09:58:19 | Computer Name = Philipp-PC | Source = hasplms | ID = 458755
Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
manner! 
 
Error - 26.06.2013 09:58:57 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   HWiNFO32
 
Error - 26.06.2013 10:01:16 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 26.06.2013 10:01:16 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >

aharonov · 26.06.2013, 20:09

Hi,

ich seh da bis jetzt keine Anzeichen für Malware. Läuft der Rechner denn sonst normal?

Schritt 1

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 2

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Log von MBAM
Log von SecurityCheck

PhiK · 26.06.2013, 21:25

hier MBAM

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Philipp :: PHILIPP-PC [Administrator]

26.06.2013 22:14:01
mbam-log-2013-06-26 (22-14-01).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 269063
Laufzeit: 3 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Philipp\Downloads\nc111nt.zip (PUP.Netcat) -> Keine Aktion durchgeführt.
C:\Users\Philipp\Downloads\PS6 amtlib 32- & 64-Bit.rar (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ich hab die erste datei nicht gelöscht da sie nur einen netcat befehl auf einen windows shell umsetzt und somit wirklich ein netcat sein soll.

und hier security check

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox 21.0 Firefox out of Date!  
 Mozilla Thunderbird (17.0.) 
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

aharonov · 26.06.2013, 21:33

Nein, da ist nichts zu sehen.

Schritt 1

Dein Firefox ist nicht mehr aktuell.
Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch.
Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird.

Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten.

Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
- Schliesse alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.

>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.

Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:

Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.

Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.

Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:

NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:

Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

PhiK · 26.06.2013, 21:50

Super dann danke ich dir vielmals. Ich habe jetzt auch die Quelle ausfindig gemacht. Die Meldung tritt beim starten des Spiels "CABAL online" auf, das wohl mein bruder heruntergeladen hat. Wird gleich von der Platte geworfen

. Dann nochmal ein herzliches Dankeschön und hoffentlich auf ein nicht so baldiges wiedersehen.

aharonov · 26.06.2013, 21:57

Danke für die Rückmeldung.

Freut mich, dass wir helfen konnten.

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

Hosts Datei Veränderung durch Antivir geblockt

Plagegeister aller Art und deren Bekämpfung: Hosts Datei Veränderung durch Antivir geblockt