Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Spam-Anhnag geöffnet. Viren entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 27.06.2013, 21:37   #1
Rainbow Dash
 
Spam-Anhnag geöffnet. Viren entfernen - Standard

Spam-Anhnag geöffnet. Viren entfernen



Hey Trojaner Board.

Heute bekam meine Mutter eine nette Email von einer Anwaltkanzlei, Rechnungen nicht bezahlt, Mahnung -Das Übliche eben. Sie wusste, dass die Email Fake war und dass sie den Anhang nicht öffnen sollte, nachdem wir darüber geredet hatten, hat sie's doch gemacht. Ein Hoch auf Neugier.

Virustotal hat folgende "Treffer" angegeben.

Zitat:
Artemis!638645D2A016
RDN/Generic.tfr!dm
SHeur4.BMBQ
TR/Injector.OH
Troj/Matsnu-AT
TROJ_INJECT.LTP
TROJ_INJECT.LTP
Trojan-Spy.Agent
Trojan.GenericKDZ.22829
Trojan.GenericKDZ.22829
Trojan.GenericKDZ.22829
Trojan.GenericKDZ.22829 (B)
Trojan.Inject1.23849
Trojan.Win32.Yakes.cwaw
Trojan.Zbot
Trojan/Win32.Zbot
W32/Injector.AIAO!tr
Win32/Trustezeb.C
Win32ropper-gen [Drp]
Und HijackThis hat folgenden Log herausgeworfen. (Wobei evtl zu erwähnen sei, dass HijackThis bei einem anderen Benutzeraccount am selben Computer ausgeführt wurde)


Zitat:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:12:58, on 27.06.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)

FIREFOX: 13.0.1 (de)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Tools\Avira\AntiVir Desktop\avgnt.exe
C:\Tools\Winamp\winampa.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Tools\Mozilla Firefox\firefox.exe
C:\Tools\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\tools\avira\antivir desktop\avcenter.exe
C:\Users\Rainy\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Freeware.de - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [avgnt] "C:\Tools\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Tools\Winamp\winampa.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Tools\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Tools\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1459727822-3606720762-4132554883-1000\..\Run: [DAEMON Tools Lite] "C:\Tools\DAEMON Tools Lite\DTLite.exe" -autorun (User 'Tomatenkönig')
O4 - HKUS\S-1-5-21-1459727822-3606720762-4132554883-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1459727822-3606720762-4132554883-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - S-1-5-21-1459727822-3606720762-4132554883-1000 Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (User 'Tomatenkönig')
O4 - S-1-5-21-1459727822-3606720762-4132554883-1000 User Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (User 'Tomatenkönig')
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: WISO Mein Steuer-Sparbuch heute.lnk = C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\MAMATO~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\MAMATO~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\saveby~1\sprote~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Tools\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Tools\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lexware Datenbank Plus (Lexware_Datenbank_Plus) - iAnywhere Solutions, Inc. - C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13968 bytes

Der Computer selbst ist noch online, wohl nur weil es die einzige Möglichkeit für den Moment ist. Es würde mich sehr freuen, wenn uns jemand von euch helfen könnte, es sollte vll nicht wieder in einer Formatierung enden, wenn es noch anders geht. Falls ihr noch mehr Infos braucht, stehe ich bereit. Man liest sich also .)

Liebe Grüße

Alt 28.06.2013, 00:24   #2
aharonov
/// TB-Ausbilder
 
Spam-Anhnag geöffnet. Viren entfernen - Standard

Spam-Anhnag geöffnet. Viren entfernen



Hallo,

Zitat:
Falls ihr noch mehr Infos braucht, stehe ich bereit.
Ja, solche brauche ich, denn mit HijackThis arbeiten wir nicht mehr.
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.
__________________

__________________

Alt 28.06.2013, 12:17   #3
Rainbow Dash
 
Spam-Anhnag geöffnet. Viren entfernen - Standard

Spam-Anhnag geöffnet. Viren entfernen



Na dann:
Extras

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.06.2013 12:17:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rainy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,28 Gb Available Physical Memory | 78,63% Memory free
15,96 Gb Paging File | 14,01 Gb Available in Paging File | 87,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,96 Gb Total Space | 17,79 Gb Free Space | 8,12% Space Free | Partition Type: NTFS
Drive D: | 246,79 Gb Total Space | 221,92 Gb Free Space | 89,92% Space Free | Partition Type: NTFS
Drive E: | 218,96 Gb Total Space | 85,59 Gb Free Space | 39,09% Space Free | Partition Type: NTFS
Drive F: | 489,03 Gb Total Space | 470,73 Gb Free Space | 96,26% Space Free | Partition Type: NTFS
Drive G: | 442,38 Gb Total Space | 416,16 Gb Free Space | 94,07% Space Free | Partition Type: NTFS
Drive H: | 246,80 Gb Total Space | 48,80 Gb Free Space | 19,77% Space Free | Partition Type: NTFS
Drive K: | 194,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TOMATENKÖNIG-PC | User Name: Rainy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Tools\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\*** Tools\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\*** Tools\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- H:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Tools\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Tools\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Tools\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Mama Tools\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Mama Tools\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- H:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Tools\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Tools\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Tools\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B99F74-CA07-4691-8B89-A39809629AFB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{094C42E9-1BAC-40F8-9344-F24A986838D7}" = lport=58149 | protocol=6 | dir=in | name=pando media booster | 
"{2F83896C-66CD-4960-AFB7-DAE1DED7101F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{34AF60DC-DAF7-49F0-8C06-43C726E61E75}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3A3F1F6A-0287-47CE-87CF-088538C704FF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4C5CB43F-0E53-4685-BE93-40727C965F16}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5C6CC812-C91A-4B87-BE4A-00A49B4F6EC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{65B026E8-AF3B-4C56-B95B-ADB54A3CD57D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6CBA198E-5001-40E1-93D1-E93534E0C809}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{74A12F36-7833-4431-B6A7-3E777472D5A3}" = lport=58149 | protocol=17 | dir=in | name=pando media booster | 
"{787B2577-3480-479C-8B4E-2BE4C335451B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7AF47957-323E-4216-862F-76F1B6AA0BB5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8865B158-D130-4054-AAC1-36E85CC950AD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8B29AE97-8398-4B9C-9DDE-73F6B920ED9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8FFBF01C-5D1D-4DA5-9EA7-7CF49417F148}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90CDBBD4-803F-42D9-84E1-FBB2E11612A8}" = lport=58149 | protocol=6 | dir=in | name=pando media booster | 
"{9E62B420-C20A-45A9-A9AC-579F56DB2C8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A05FEB45-407F-49F2-965B-60FFD93E3DA7}" = lport=6004 | protocol=17 | dir=in | app=c:\mama tools\microsoft office\office14\outlook.exe | 
"{ADA0BD06-88C1-4C8E-891C-AC67A0BEB420}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AEC41139-08C3-470A-9501-279FE8FE68D8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CB651003-4114-4556-8132-96381623E8A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D81996CC-E9A7-416C-BCDC-3C6A0DBC4B2D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D938E3E1-40E4-4A61-A3F2-779F168DC735}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DFCE9FEC-6517-40DC-9121-761A937F0B03}" = lport=58149 | protocol=17 | dir=in | name=pando media booster | 
"{E265389A-74CD-4CEA-B9C8-5D81B3D37FDD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E8C16F52-C191-4B2C-9D3F-480B34C1377C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EDC2AD76-9754-4C40-BF9C-DB6783894E59}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F01B6616-2DD4-452D-B2A8-102BE8B596E6}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002DCC70-B3DD-4CA1-BDEC-28493E87D32D}" = protocol=6 | dir=in | app=h:\battlefield 2\bf2.exe | 
"{024DCAE6-DA34-4514-AF8A-6D22AC7D679C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{030F96B8-6627-43B1-A57B-D0594CA97F19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0511294F-D26C-45E6-9CF7-54E27598F022}" = protocol=17 | dir=in | app=c:\tools\starcraft ii\starcraft ii.exe | 
"{18000E35-C260-45EF-9C25-A489ED8C5E4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{1910FD63-26B0-4511-8FBC-528253334FF5}" = protocol=6 | dir=in | app=h:\dead space 3\deadspace3.exe | 
"{1AADD56B-55C4-44ED-AEDC-BC72086D2626}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2001ED55-802F-4040-B431-EC61CA34438B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30D3E68D-FFEC-4208-A7F4-E90EC5E4F70B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{31616332-6EF7-4E8D-B612-723D4F7B30D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{32773A87-F438-43F7-B802-6BE0FB97CDBE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{32DE5ECB-5CB6-4045-A11F-3C014183F2B0}" = protocol=6 | dir=in | app=h:\ioquake3hd\ioq3ded.x86.exe | 
"{3A35E486-DE60-49A2-9987-AFE1D35F6D35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3ADDCF5F-5C36-4277-B726-56DB4A9CABB6}" = protocol=17 | dir=in | app=c:\users\rainy\desktop\antichamber\antichamber v1.0 steam-rip cracked-richvsm\binaries\win32\udk.exe | 
"{3D43532E-A0D4-47F2-B392-0CEF98375ACA}" = protocol=6 | dir=in | app=c:\users\rainy\downloads\utorrent_3.2.2b28595.exe | 
"{41AFBE4A-4020-41DE-816C-90699CA6504F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{44B79202-2B21-4D7E-B037-356DD215F702}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{44BC52FF-84A7-41EC-BEA2-5EF1CF2F9E59}" = protocol=17 | dir=in | app=h:\starcraft ii\versions\base24944\sc2.exe | 
"{469C4E88-0419-42C0-8BC9-0EB0483BD15E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4708AD1B-C99E-44D7-A2BB-CA2838865EAA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{48AD653F-F4EF-4137-9B9D-B129942C2089}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5111D5A4-994C-4F2D-AD1E-0978A1F99F9B}" = protocol=6 | dir=in | app=h:\ioquake3hd\ioquake3.x86.exe | 
"{54D3F514-98AE-4E26-8C9E-1DBF5EF69C02}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{58CFFA58-C91D-4122-82E1-66DE1DBB6AB1}" = protocol=6 | dir=out | app=system | 
"{59B856F8-F2CF-4CB2-832C-AA081CD67FC5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{59C8A2B9-79FA-4FDB-9B47-DEFE6844E6D3}" = protocol=17 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbsrv9.exe | 
"{5C5CB947-331B-4CB4-8B6D-E404E4982310}" = protocol=6 | dir=in | app=c:\tools\starcraft ii\starcraft ii public test.exe | 
"{5FDFF3F6-3B2F-45F2-AB0F-F5C403FF2FA0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{62D56C26-6379-45AA-ABCF-963185D9156B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65F71103-053C-48A3-B17C-A19562BBD061}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{684EF3A5-41C2-48D1-8D31-7A537DB3540C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{68843AC0-BA58-4F2A-8209-D8D5A1347A72}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6C3229B2-438B-4FD6-B372-7C03C1DD9FBD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{6CD0263C-7300-4B1D-9C87-492E679FCEF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6CD6F5CD-5658-4D31-B17F-9A458B647226}" = protocol=17 | dir=in | app=h:\ioquake3hd\ioquake3.x86.exe | 
"{6DF5AAC8-E713-4339-BBC0-C81A65299F27}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6F523CE9-916A-497B-9DC8-ACC30998F413}" = protocol=6 | dir=in | app=h:\counter strike\hl2.exe | 
"{738122D2-89CC-4527-AD4C-D746893D6525}" = protocol=6 | dir=in | app=h:\quake ultimate complete collection\quake iii complete\quake3.exe | 
"{75AF0415-B8AF-4F37-A532-BE598A554085}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{765B0F93-6E33-46EA-A0DF-C784D892F256}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8364FB1D-C602-4324-BCDD-7B61370B4B02}" = protocol=6 | dir=in | app=h:\diablo iii\diablo iii.exe | 
"{8B23F602-6827-4813-8B85-1F5D6C481C9D}" = protocol=17 | dir=in | app=c:\tools\starcraft ii\starcraft ii public test.exe | 
"{8BA5799B-59D9-42F6-BDD7-440BE1BA4077}" = protocol=17 | dir=in | app=h:\counter strike\hl2.exe | 
"{8CE45951-C315-4E20-8FA0-1D49F1321E51}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{8DD2A02E-595D-48DE-BD3A-4E8029FF2A8B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{91DB3C49-2626-40A7-8389-822BE1F0735B}" = protocol=17 | dir=in | app=h:\diablo iii\diablo iii.exe | 
"{95704686-A24E-44D5-A617-02FFC95FDCBB}" = protocol=6 | dir=in | app=c:\tools\starcraft ii\starcraft ii.exe | 
"{9652574A-1D0E-47B5-A4A1-8E4B7FFE0751}" = dir=in | app=c:\program files (x86)\namco bandai games\darksouls\darksouls.exe | 
"{984F538A-F291-418D-AD96-627047FBB1D3}" = protocol=6 | dir=in | app=c:\mama tools\microsoft office\office14\groove.exe | 
"{9A5DD933-B65A-4A23-BDF3-9A2E87C2BF8F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{9C21DE2D-4A17-4C0E-B3B0-1C02A9C0FA1E}" = protocol=58 | dir=in | app=system | 
"{9C88F7B4-B8C4-49B2-B9DA-EA83129CF5BA}" = protocol=6 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbsrv9.exe | 
"{9C8D0D56-71C0-4CDB-A7D3-8EEC063C4A9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E5EDB08-69E0-436F-A2E3-660EB031AF73}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{A00C05FB-55F8-4F9B-908C-EDAB80D38C64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5B0D035-00B1-4E76-8CB6-E48FEC2EC819}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A6EBB33D-2A63-448B-B875-105DDE7DD0EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A757C15D-781E-4409-BBE3-3FF4CFE27634}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A9BB3EF2-99B5-4864-AD43-19BDB6DD900F}" = protocol=17 | dir=in | app=h:\quake ultimate complete collection\quake iii complete\quake3.exe | 
"{ABF40907-D34A-412A-A918-9B8EE2F68B08}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{AE1533B9-E656-470D-A943-EEC129E90F35}" = protocol=6 | dir=in | app=h:\starcraft ii\versions\base24944\sc2.exe | 
"{AE5740F4-0DBA-4222-A68A-D0FDE99B4997}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{B180E5D3-9523-4AB9-9E8B-C9967B457806}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{B21CFC9B-B0F2-4317-B0D0-3A83137CEDC1}" = protocol=17 | dir=in | app=h:\dead space 3\deadspace3.exe | 
"{BA13896E-C8EC-4D6B-BF9B-EFAB3EDB86F8}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{BB890253-398C-4ECC-ADC8-E8B36BD6C8A4}" = protocol=17 | dir=in | app=h:\ioquake3hd\ioq3ded.x86.exe | 
"{C1314C1D-8E64-4C3F-9D20-25C684C950B1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{C1CF2B4B-20A7-4086-BAA5-D6234193A65F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C6780441-AA53-49C9-AAC1-3DC5976665EA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C6F1E945-DA62-4E64-BFFC-A8E94ADBCC6E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{C9897248-841E-4FF2-B0E0-FDA076F7FBB0}" = protocol=6 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbsrv9.exe | 
"{CE301D00-6F12-45A3-BE4F-AABB21DE8917}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{D198BC03-AC58-432E-8085-BD8A51000EF0}" = protocol=17 | dir=in | app=c:\mama tools\microsoft office\office14\groove.exe | 
"{D356D8EB-F3CF-4E28-BEF5-BC7C1C4DEAD4}" = protocol=6 | dir=in | app=c:\users\rainy\desktop\antichamber\antichamber v1.0 steam-rip cracked-richvsm\binaries\win32\udk.exe | 
"{D48E03CD-3EEA-4469-A104-A0DC55843FCD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D5355F47-3A60-4117-B31C-42B462453473}" = protocol=17 | dir=in | app=c:\mama tools\microsoft office\office14\onenote.exe | 
"{D556C315-FEC3-479B-89E6-21515D39F323}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{DB3E7DC3-A0C2-4A6F-95DB-3FA18017A4D7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DC270DE0-8B3D-4C1E-AE1D-47F7F4D4486D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{DD9F4CEF-3844-4F82-A8BA-B35F952286CC}" = protocol=17 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbsrv9.exe | 
"{E08A3AD0-E84C-4FB9-88E5-CE59C778CAA3}" = protocol=17 | dir=in | app=h:\battlefield 2\bf2.exe | 
"{E0A75CD6-D42F-4E4D-AD36-4A7FF1832719}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{E22775BD-284C-4612-A5C8-4CC76DDC48CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EFF9CE79-9532-41F4-BCD1-2B2D7BD20092}" = protocol=17 | dir=in | app=c:\users\rainy\downloads\utorrent_3.2.2b28595.exe | 
"{F34AA8FC-ACFB-4F28-AE00-0A7ED49F74CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F44431D4-1F0B-451A-8D9A-0B7EE6F46A82}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{F47113EE-6867-4957-8CB2-AFBF3164252F}" = protocol=6 | dir=in | app=c:\mama tools\microsoft office\office14\onenote.exe | 
"TCP Query User{10FF5A83-FA9D-435F-AF88-92E3BBCF32AF}H:\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=h:\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{22DB0342-0CDB-4F04-A3F0-9258F5BC91B0}C:\users\rainy\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\rainy\downloads\starcraft_2_eu_de-de.exe | 
"TCP Query User{23DAEC2C-DAD4-4239-9924-F225D0284355}C:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe | 
"TCP Query User{35E13DA9-1C26-4163-A511-2E55036DB926}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"TCP Query User{3D2E2900-FB68-49EF-99D1-B212B547530F}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{42348C35-9105-41AD-8E94-C5CA935F4550}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{4331E652-98C9-447E-83A9-B010C3A4540D}E:\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=e:\left 4 dead 2\left4dead2.exe | 
"TCP Query User{44CDF135-BE52-4F15-A8A2-BE74CEB935C6}C:\users\rainy\downloads\utorrent_3.2.2b28595.exe" = protocol=6 | dir=in | app=c:\users\rainy\downloads\utorrent_3.2.2b28595.exe | 
"TCP Query User{4A6BC642-7A0C-4327-A5F6-13C32D788670}C:\program files (x86)\steam\steamapps\rainbowdashhcooh\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\rainbowdashhcooh\team fortress 2\hl2.exe | 
"TCP Query User{5C701A42-CF25-4F0E-BFA7-5D9A460FD43F}H:\ioquake3hd\ioquake3.x86.exe" = protocol=6 | dir=in | app=h:\ioquake3hd\ioquake3.x86.exe | 
"TCP Query User{6FA25902-6AE7-4747-96A0-CB041933F046}C:\program files (x86)\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\left 4 dead 2\left 4 dead 2\left4dead2.exe | 
"TCP Query User{706950AA-A5C0-47A8-A495-CE38352ACFCC}H:\quake ultimate complete collection\quake iii complete\quake3.exe" = protocol=6 | dir=in | app=h:\quake ultimate complete collection\quake iii complete\quake3.exe | 
"TCP Query User{760850C7-EB44-4D06-B0EB-033FD4C1E586}C:\tools\java\bin\java.exe" = protocol=6 | dir=in | app=c:\tools\java\bin\java.exe | 
"TCP Query User{7619B3BB-16F8-4881-A53D-48672BF41C68}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{8BFBE2DD-DBD8-48DA-BC20-95D2EAF674D6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{91E21A6A-B68A-4B73-9C28-D74A100F1498}H:\ioquake3hd\ioq3ded.x86.exe" = protocol=6 | dir=in | app=h:\ioquake3hd\ioq3ded.x86.exe | 
"TCP Query User{96E29646-26A6-4B4D-8700-EFA4D80A7F09}C:\tools\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\tools\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{9B83639A-E159-4BCC-8C79-7A66A87A25E4}C:\program files\planetside\planetside2.exe" = protocol=6 | dir=in | app=c:\program files\planetside\planetside2.exe | 
"TCP Query User{9D19AFBE-95BA-4639-8BC9-F2B46A438336}C:\program files (x86)\gog.com\unreal tournament 2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\unreal tournament 2004\system\ut2004.exe | 
"TCP Query User{A12FAFF7-116D-4569-B15D-4DDBBA5029BA}C:\tools\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\tools\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{A24424A8-67EB-4884-970A-DEEFBA4E20CD}C:\program files (x86)\gog.com\unreal tournament goty\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\unreal tournament goty\system\unrealtournament.exe | 
"TCP Query User{A97774FF-F46E-484D-863E-AE55FE33FA36}H:\quake ultimate complete collection\enemy territory - quake wars\etqw.exe" = protocol=6 | dir=in | app=h:\quake ultimate complete collection\enemy territory - quake wars\etqw.exe | 
"TCP Query User{AD6C2555-F719-4875-ADB9-F50673CDC339}C:\tools\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\tools\winamp\winamp.exe | 
"TCP Query User{B1AE16C8-4D42-4C28-B845-1F98000AFC8F}C:\tools\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\tools\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{B96781FA-2BCB-42AB-BDF8-3C0F91DDC122}H:\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=h:\battlefield 1942\bf1942.exe | 
"TCP Query User{BCEFD059-1A60-4B1D-967B-B88255AD3B08}C:\tools\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\tools\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{BEDD3E2B-472C-46A6-B528-38829B8028BA}C:\tools\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\tools\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{CA4D9AB9-F0C9-4B3A-8D26-C8E7CA3B8A75}H:\counter strike\hl2.exe" = protocol=6 | dir=in | app=h:\counter strike\hl2.exe | 
"TCP Query User{D833F26D-A36D-497C-A18B-1594D2B50323}H:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=h:\warcraft iii\war3.exe | 
"TCP Query User{E16012AF-FD29-4E4B-AF5D-F4B6981E53BB}H:\quake ultimate complete collection\enemy territory - quake wars\etqwded.exe" = protocol=6 | dir=in | app=h:\quake ultimate complete collection\enemy territory - quake wars\etqwded.exe | 
"TCP Query User{E32FAA1F-1E10-4408-9DCA-5D626560318E}H:\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=h:\left 4 dead 2\left4dead2.exe | 
"TCP Query User{E51F4966-CEA5-44BF-BAB8-632846491DC3}C:\games\q3ademo\quake3.exe" = protocol=6 | dir=in | app=c:\games\q3ademo\quake3.exe | 
"TCP Query User{ECEAE21A-54F4-46BE-91CB-DE05ABC17BB3}C:\users\rainy\desktop\antichamber\antichamber v1.0 steam-rip cracked-richvsm\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\users\rainy\desktop\antichamber\antichamber v1.0 steam-rip cracked-richvsm\binaries\win32\udk.exe | 
"TCP Query User{FB744752-111F-459B-8B4C-A809504BEDE5}H:\torchlightii\torchlight2.exe" = protocol=6 | dir=in | app=h:\torchlightii\torchlight2.exe | 
"TCP Query User{FD73AB2F-0B6E-496F-B980-BD0AB95E3846}C:\tools\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\tools\winamp\winamp.exe | 
"UDP Query User{09B69BBB-453B-49E8-86A6-7814C8FCCECF}C:\users\rainy\downloads\utorrent_3.2.2b28595.exe" = protocol=17 | dir=in | app=c:\users\rainy\downloads\utorrent_3.2.2b28595.exe | 
"UDP Query User{0DE58554-A515-48A5-9E33-4D6D1D9CFAD2}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"UDP Query User{14C040F1-17D9-43F7-BB86-66FB19F4D08E}C:\tools\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\tools\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{1586CCD2-17FA-4F90-88FF-914B5E1313CD}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{20E41863-20EC-49C0-8D40-C01EC17F3DFE}C:\program files (x86)\steam\steamapps\rainbowdashhcooh\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\rainbowdashhcooh\team fortress 2\hl2.exe | 
"UDP Query User{243D8422-23BE-4701-ABBE-6CE6A5DD4E59}C:\tools\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\tools\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{35260136-4156-4811-95E8-BE5C99BDDC91}E:\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=e:\left 4 dead 2\left4dead2.exe | 
"UDP Query User{42E104E4-9F6C-44F5-A73E-6B7C28258F23}C:\users\rainy\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\rainy\downloads\starcraft_2_eu_de-de.exe | 
"UDP Query User{4F0D83FB-26AC-4B23-BBDB-967C4273DB70}C:\games\q3ademo\quake3.exe" = protocol=17 | dir=in | app=c:\games\q3ademo\quake3.exe | 
"UDP Query User{52BA6B09-7FB1-45B8-B8B0-21C04ED48744}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{6C5E613E-D521-4528-B48C-328AD41726F3}H:\counter strike\hl2.exe" = protocol=17 | dir=in | app=h:\counter strike\hl2.exe | 
"UDP Query User{7ED081CB-EFB5-4A48-A171-9F97970DECF5}C:\tools\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\tools\winamp\winamp.exe | 
"UDP Query User{8000EA35-0AD5-4D6A-9544-8BE1E9B84576}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{8322BF6A-0DFB-4595-AC46-B7C9ACCB37E7}H:\quake ultimate complete collection\enemy territory - quake wars\etqwded.exe" = protocol=17 | dir=in | app=h:\quake ultimate complete collection\enemy territory - quake wars\etqwded.exe | 
"UDP Query User{8408777D-7818-4842-95E1-9C653E59E2DC}C:\users\rainy\desktop\antichamber\antichamber v1.0 steam-rip cracked-richvsm\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\users\rainy\desktop\antichamber\antichamber v1.0 steam-rip cracked-richvsm\binaries\win32\udk.exe | 
"UDP Query User{90DA530A-496C-44BA-9CAF-6F794D44EAFE}H:\ioquake3hd\ioq3ded.x86.exe" = protocol=17 | dir=in | app=h:\ioquake3hd\ioq3ded.x86.exe | 
"UDP Query User{92CE027F-6874-48CC-BCDC-91FD2C4E474D}H:\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=h:\left 4 dead 2\left4dead2.exe | 
"UDP Query User{93098145-D521-4F3F-8255-49DA8F5533E9}C:\tools\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\tools\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{944964DE-2D3C-4790-9C12-E2E7C9CF70AB}H:\torchlightii\torchlight2.exe" = protocol=17 | dir=in | app=h:\torchlightii\torchlight2.exe | 
"UDP Query User{9C49CC88-0B1A-42C6-BAA0-29CB093FE17C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{9C533713-61F9-4A3D-BC57-3995040209A5}H:\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=h:\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{A772FE6B-1B1C-48C7-93EF-394580658F96}C:\tools\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\tools\winamp\winamp.exe | 
"UDP Query User{AA5C58FF-26F9-4B2D-B3B7-53EB4B226ACF}C:\program files (x86)\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\left 4 dead 2\left 4 dead 2\left4dead2.exe | 
"UDP Query User{B49E26A3-6B92-4FF6-8DC0-FB60E6D8FC45}C:\program files (x86)\gog.com\unreal tournament 2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\unreal tournament 2004\system\ut2004.exe | 
"UDP Query User{B8A64758-694A-4511-A5DD-BA55DA29B31A}H:\ioquake3hd\ioquake3.x86.exe" = protocol=17 | dir=in | app=h:\ioquake3hd\ioquake3.x86.exe | 
"UDP Query User{BA018263-DC3C-4181-ABFE-6003EBB15111}C:\program files (x86)\gog.com\unreal tournament goty\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\unreal tournament goty\system\unrealtournament.exe | 
"UDP Query User{BABB7E35-B8B8-439E-B7BC-1C010535E92D}C:\tools\java\bin\java.exe" = protocol=17 | dir=in | app=c:\tools\java\bin\java.exe | 
"UDP Query User{BBBE03C2-85B2-4053-ABEA-DFA874263B3F}H:\quake ultimate complete collection\quake iii complete\quake3.exe" = protocol=17 | dir=in | app=h:\quake ultimate complete collection\quake iii complete\quake3.exe | 
"UDP Query User{BE1B6CEE-A619-49FA-9F5C-C149CA8924D5}H:\quake ultimate complete collection\enemy territory - quake wars\etqw.exe" = protocol=17 | dir=in | app=h:\quake ultimate complete collection\enemy territory - quake wars\etqw.exe | 
"UDP Query User{C86C4DE9-320E-4582-B518-B224B44D27F0}C:\program files\planetside\planetside2.exe" = protocol=17 | dir=in | app=c:\program files\planetside\planetside2.exe | 
"UDP Query User{E0866704-AF34-48E5-9C6B-A3E6D29C32D4}C:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe | 
"UDP Query User{E4BF4B34-49DE-4C98-950A-614C3D052832}H:\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=h:\battlefield 1942\bf1942.exe | 
"UDP Query User{EA55A317-0B24-4777-8F16-6D6DBCD3822D}H:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=h:\warcraft iii\war3.exe | 
"UDP Query User{F4A7AF74-9CBF-4A2B-9AC5-3567D2098B53}C:\tools\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\tools\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{FC69060B-EE01-4B17-AC0D-86CD65238174}C:\tools\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\tools\starcraft ii\versions\base21029\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series" = Canon MX890 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{52D5E057-0E6A-4F0A-ADE1-46488936C2A1}" = SaveByClick
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"C-Media CM108 Like Sound Driver" = USB PnP Sound Device
"DesktopIconAmazon" = Desktop Icon für Amazon
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"UDK-384bcb73-1b68-4f8a-acc4-0fa481a28d13" = My Game Long Name
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16FB2E08-AE8E-40C6-8334-B6A59E264D05}" = Lexware Admintools Plus
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{235211CA-D0E3-4EC8-95D4-C024CE37537C}" = WISO Mein Geld 2012 Professional
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{244FB715-13C4-4C85-BEB6-6C1ABB29D8B1}" = NVIDIA 3D Vision Video Player
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2B2FBD25-F0E0-412B-8DA8-ECCA2DA53673}_is1" = Quake Ultimate Complete Collection
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2EF0D7ED-F944-4E0D-AC78-7DA00C0B81E4}_is1" = Penumbra Episode Eins
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{448DA1AD-D1CA-4967-8EFA-9482F31E7BFD}" = Lexware Datenbank plus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5052F2A7-5DDE-47F5-BF29-673C10F3DA87}_is1" = Penumbra Requiem
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience)
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{61E1FF8F-C0A5-4F2F-BF24-4EA789B0C000}_is1" = Tomb Raider
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}" = Lexware buchhalter 2013
"{6B54B1AE-EBCA-48BE-92AF-61D02118F093}" = Lexware online banking
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79B3E8EE-35F2-4CCD-82D9-4A57F408E449}" = Nero 11 Platinum
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7E3137DC-4564-4267-A8A3-B4342D5106D6}" = QuickSteuer DELUXE Wissens-Center 2012
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6BFB0F-6B1F-4D1A-A9DA-42F6794C9188}" = Lexware Elster
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A5B5B6D8-DE44-44A3-90C4-8C07A1E0FAD4}" = WBFS Manager 2.5
"{A733DC44-DC71-447D-AD6C-33B9AB537828}" = QuickSteuer Deluxe 2013
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BA6144AE-88CE-4DAF-A185-CA416470A873}" = PowerLine Utility
"{BE672587-331F-42F7-BC38-D59759311C75}" = Lexware reisekosten plus 2012
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D34A78EB-78F2-48ab-8CAE-5D4DC255A491}" = Lexware reisekosten plus 2012
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4B7F2AF-AEDA-4DE8-8014-9ADAFF7B4164}" = QuickSteuer Deluxe 2012
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"BioShock Infinite_is1" = BioShock Infinite
"Borderlands 2_is1" = Borderlands 2
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"Canon MX890 series Benutzerregistrierung" = Canon MX890 series Benutzerregistrierung
"Canon MX890 series On-screen Manual" = Canon MX890 series On-screen Manual
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ezCoverMaker 3.1.0" = ezCoverMaker 3.1.0
"FileZilla Client" = FileZilla Client 3.2.7.1
"fotokasten comfort_is1" = fotokasten comfort 4.4
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Freeware.de Toolbar" = Freeware.de Toolbar
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"Google Chrome" = Google Chrome
"GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008)
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagniDriver" = marvell 91xx console driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MP Navigator EX 5.1" = Canon MP Navigator EX 5.1
"NoIPDUC" = No-IP DUC
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenAL" = OpenAL
"PDF Editor 3" = PDF Editor 3
"Quake 3 Arena Demo" = Quake 3 Arena Demo
"QuickPar" = QuickPar 0.9
"Rage_is1" = Rage
"Red Alert 2" = Command & Conquer Red Alert 2
"RXZvbGFuZA==_is1" = Evoland (c) Shiro Games version 1
"SP_661c9f97" = 
"Speed Dial Utility" = Canon Kurzwahlprogramm
"StarCraft II" = StarCraft II
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steamless Counter Strike Source Pack" = Steamless Counter Strike Source Pack
"Torchlight 2 GERMAN (c) DEADALIC_is1" = Torchlight 2 GERMAN (c) DEADALIC version 1
"Unreal Tournament  – Game of the Year Edition_is1" = Unreal Tournament  – Game of the Year Edition
"Unreal Tournament 2004_is1" = Unreal Tournament 2004
"UnrealTournament" = Unreal Tournament
"uTorrent" = µTorrent
"WBFS Manager 3.0" = WBFS Manager 3.0
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2
"WISO Mein Geld 2012 Professional" = WISO Mein Geld 2012 Professional
"Wondershare QuizCreator (Build 4.2.0)_is1" = QuizCreator
"xp-AntiSpy" = xp-AntiSpy 3.98-2
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"Opera 12.10.1652" = Opera 12.10
"SOE-C:/Program Files/planetside" = gamelauncher-ps2-psg
"SOE-PlanetSide 2 PSG" = PlanetSide 2
"System Progressive Protection" = System Progressive Protection
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.06.2013 11:29:43 | Computer Name = Tomatenkönig-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 25.06.2013 02:07:56 | Computer Name = Tomatenkönig-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.06.2013 09:02:09 | Computer Name = Tomatenkönig-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2013 02:07:16 | Computer Name = Tomatenkönig-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2013 07:43:50 | Computer Name = Tomatenkönig-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.06.2013 08:11:07 | Computer Name = Tomatenkönig-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.06.2013 09:48:41 | Computer Name = Tomatenkönig-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.06.2013 01:21:50 | Computer Name = Tomatenkönig-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.06.2013 04:21:49 | Computer Name = Tomatenkönig-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.06.2013 06:08:53 | Computer Name = Tomatenkönig-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 28.06.2013 04:22:30 | Computer Name = Tomatenkönig-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 28.06.2013 06:07:17 | Computer Name = Tomatenkönig-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 28.06.2013 06:07:22 | Computer Name = Tomatenkönig-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 28.06.2013 06:08:20 | Computer Name = Tomatenkönig-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 28.06.2013 06:09:44 | Computer Name = Tomatenkönig-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 28.06.2013 06:09:44 | Computer Name = Tomatenkönig-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 28.06.2013 06:09:44 | Computer Name = Tomatenkönig-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 28.06.2013 06:09:44 | Computer Name = Tomatenkönig-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 28.06.2013 06:09:44 | Computer Name = Tomatenkönig-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 28.06.2013 06:09:44 | Computer Name = Tomatenkönig-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
 
< End of report >
         
--- --- ---


OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.06.2013 12:17:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rainy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,28 Gb Available Physical Memory | 78,63% Memory free
15,96 Gb Paging File | 14,01 Gb Available in Paging File | 87,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,96 Gb Total Space | 17,79 Gb Free Space | 8,12% Space Free | Partition Type: NTFS
Drive D: | 246,79 Gb Total Space | 221,92 Gb Free Space | 89,92% Space Free | Partition Type: NTFS
Drive E: | 218,96 Gb Total Space | 85,59 Gb Free Space | 39,09% Space Free | Partition Type: NTFS
Drive F: | 489,03 Gb Total Space | 470,73 Gb Free Space | 96,26% Space Free | Partition Type: NTFS
Drive G: | 442,38 Gb Total Space | 416,16 Gb Free Space | 94,07% Space Free | Partition Type: NTFS
Drive H: | 246,80 Gb Total Space | 48,80 Gb Free Space | 19,77% Space Free | Partition Type: NTFS
Drive K: | 194,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TOMATENKÖNIG-PC | User Name: Rainy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.28 12:12:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rainy\Desktop\OTL.exe
PRC - [2013.05.15 12:08:46 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.01 18:05:54 | 001,386,136 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.08.08 19:12:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Tools\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.20 18:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Tools\Winamp\winampa.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Tools\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Tools\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.08.04 14:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011.07.31 15:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011.06.29 16:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.24 13:16:54 | 001,050,112 | ---- | M] () -- c:\progra~2\saveby~1\sprote~1.dll
MOD - [2012.11.01 20:00:38 | 002,025,624 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2013\wfvie13.dll
MOD - [2012.11.01 18:05:54 | 001,386,136 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe
MOD - [2012.11.01 15:47:14 | 008,748,696 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2013\wgui13.dll
MOD - [2012.11.01 15:47:00 | 002,950,296 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2013\wcore13.dll
MOD - [2012.11.01 15:46:50 | 000,308,376 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2013\rscorewinapi48.dll
MOD - [2012.11.01 15:46:48 | 004,070,040 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2013\wauff13.dll
MOD - [2012.11.01 15:46:36 | 001,710,232 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2013\wreli13.dll
MOD - [2012.11.01 15:46:34 | 001,596,568 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2013\wsteu13.dll
MOD - [2012.11.01 15:46:34 | 000,320,664 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2013\rsguiwinapi48.dll
MOD - [2012.11.01 15:46:20 | 000,135,832 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2013\rsodbc48.dll
MOD - [2012.11.01 15:46:16 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2013\rsdcom48.dll
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.06.14 10:14:32 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012.06.14 10:14:23 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012.06.14 10:12:27 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.06.14 10:12:23 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012.06.14 10:12:19 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.06.14 10:12:12 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.08.12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.12 20:15:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Tools\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Tools\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.06.29 16:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Datenbank_Plus)
SRV - [2010.12.28 00:27:52 | 051,727,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Mama Tools\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.10.27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.15 16:07:00 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013.05.15 16:06:55 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.06.28 23:09:31 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.15 14:55:40 | 000,398,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 15:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.09.21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010.08.27 19:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.04.27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.09.03 17:56:20 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7Ba95d8332-e4b4-6e7f-98ac-20b733364387%7D:0.6.4
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\MAMATO~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Tools\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Rainy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Tools\Mozilla Firefox\components [2013.05.17 13:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Tools\Mozilla Firefox\plugins [2013.05.17 13:57:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Mama Tools\Mozilla Thunderbird\components [2013.06.27 17:09:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Mama Tools\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Tools\Mozilla Firefox\components [2013.05.17 13:57:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Tools\Mozilla Firefox\plugins [2013.05.17 13:57:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Mama Tools\Mozilla Thunderbird\components [2013.06.27 17:09:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Mama Tools\Mozilla Thunderbird\plugins
 
[2012.07.01 11:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rainy\AppData\Roaming\mozilla\Extensions
[2013.06.07 20:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rainy\AppData\Roaming\mozilla\Firefox\Profiles\bd7rnn6m.default-1368618891935\extensions
[2013.06.07 20:54:11 | 000,008,025 | ---- | M] () (No name found) -- C:\Users\Rainy\AppData\Roaming\mozilla\firefox\profiles\bd7rnn6m.default-1368618891935\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.06.03 20:14:51 | 000,054,689 | ---- | M] () (No name found) -- C:\Users\Rainy\AppData\Roaming\mozilla\firefox\profiles\bd7rnn6m.default-1368618891935\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
[2013.05.15 13:56:43 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Rainy\AppData\Roaming\mozilla\firefox\profiles\bd7rnn6m.default-1368618891935\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2013.06.14 21:00:43 | 000,004,205 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       activate.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       adobeereg.com
O1 - Hosts: 127.0.0.1       practivate.adobe.com
O1 - Hosts: 127.0.0.1       ereg.adobe.com
O1 - Hosts: 127.0.0.1       www.adobeereg.com
O1 - Hosts: 127.0.0.1       activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1       wip3.adobe.com
O1 - Hosts: 127.0.0.1       3dns-3.adobe.com
O1 - Hosts: 127.0.0.1       3dns-2.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1       ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1       activate-sea.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1       activate.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       adobeereg.com
O1 - Hosts: 127.0.0.1       practivate.adobe.com
O1 - Hosts: 127.0.0.1       ereg.adobe.com
O1 - Hosts: 127.0.0.1       www.adobeereg.com
O1 - Hosts: 127.0.0.1       activate.wip3.adobe.com
O1 - Hosts: 68 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Mama Tools\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Mama Tools\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [BCSSync] C:\Mama Tools\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Tools\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Tools\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Tools\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - Startup: C:\Users\Rainy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Mama Tools\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Mama Tools\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Mama Tools\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Mama Tools\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Mama Tools\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Mama Tools\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Mama Tools\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Mama Tools\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D9EF6C7-4E77-4D73-B86B-BE7CE59249C0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93B03C5D-735A-4AAA-B491-6440247F6FF3}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\saveby~1\sprote~1.dll) - c:\progra~2\saveby~1\sprote~1.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Mama Tools\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.25 17:57:47 | 000,000,042 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9f92edac-c161-11e1-aedd-004095338007}\Shell - "" = AutoRun
O33 - MountPoints2\{9f92edac-c161-11e1-aedd-004095338007}\Shell\AutoRun\command - "" = K:\penumbra_requiem_eng.exe -- [2008.08.25 17:55:10 | 122,303,323 | R--- | M] (Frictional Games                                            )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.28 12:12:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rainy\Desktop\OTL.exe
[2013.06.28 12:09:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Atheros
[2013.06.28 12:07:32 | 000,000,000 | R--D | C] -- C:\Users\Rainy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.06.14 21:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013.06.14 21:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.06.14 21:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2013.06.14 21:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013.06.14 21:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.06.12 17:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.06.12 17:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.06.05 19:12:44 | 000,000,000 | ---D | C] -- C:\Users\Rainy\Documents\Penumbra
[2013.06.04 16:38:20 | 000,000,000 | ---D | C] -- C:\Users\Rainy\Documents\Penumbra Overture
[2013.06.04 16:38:13 | 000,431,104 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.06.04 16:38:13 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.06.04 16:38:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2013.06.04 16:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Penumbra
[2013.05.30 16:43:34 | 000,000,000 | ---D | C] -- C:\Users\Rainy\Desktop\Bücher Dokumente Spiritual
[2013.05.30 16:18:05 | 000,000,000 | ---D | C] -- C:\Users\Rainy\Desktop\Spiele
[2012.09.28 13:42:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.28 12:16:14 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.28 12:16:14 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.28 12:15:01 | 000,000,140 | ---- | M] () -- C:\Users\Rainy\defogger_reenable
[2013.06.28 12:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.28 12:13:54 | 000,377,856 | ---- | M] () -- C:\Users\Rainy\Desktop\gmer_2.1.19163.exe
[2013.06.28 12:12:48 | 000,050,477 | ---- | M] () -- C:\Users\Rainy\Desktop\Defogger.exe
[2013.06.28 12:12:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rainy\Desktop\OTL.exe
[2013.06.28 12:12:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.28 12:08:49 | 000,001,969 | ---- | M] () -- C:\Users\Rainy\Desktop\Skype.lnk
[2013.06.28 12:07:31 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.06.28 12:07:21 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.28 12:07:15 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.06.28 12:07:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.28 12:07:01 | 2132,025,343 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.20 17:10:56 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.20 17:10:56 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.20 17:10:56 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.20 17:10:56 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.20 17:10:56 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.15 06:47:37 | 005,004,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.14 21:00:43 | 000,004,205 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.07 23:31:57 | 000,000,004 | ---- | M] () -- C:\Users\Rainy\Documents\schmup.123
[2013.06.04 16:38:13 | 000,431,104 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.06.04 16:38:13 | 000,409,600 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
 
========== Files Created - No Company Name ==========
 
[2013.06.28 12:15:01 | 000,000,140 | ---- | C] () -- C:\Users\Rainy\defogger_reenable
[2013.06.28 12:13:54 | 000,377,856 | ---- | C] () -- C:\Users\Rainy\Desktop\gmer_2.1.19163.exe
[2013.06.28 12:12:48 | 000,050,477 | ---- | C] () -- C:\Users\Rainy\Desktop\Defogger.exe
[2013.06.28 12:08:49 | 000,001,969 | ---- | C] () -- C:\Users\Rainy\Desktop\Skype.lnk
[2013.06.28 12:07:31 | 000,000,035 | ---- | C] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.06.14 21:07:39 | 000,000,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2013.06.14 21:07:21 | 000,000,696 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2013.06.14 21:06:20 | 000,000,670 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2013.06.14 21:06:14 | 000,000,733 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2013.06.14 21:04:51 | 000,000,790 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2013.06.14 21:04:46 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2013.06.14 21:04:29 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013.06.10 19:14:22 | 001,272,843 | ---- | C] () -- C:\Users\Rainy\Desktop\Bardon, Franz - Der Weg zum wahren Adepten.pdf
[2013.06.07 23:00:43 | 000,000,004 | ---- | C] () -- C:\Users\Rainy\Documents\schmup.123
[2013.03.24 12:42:54 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2013.02.16 18:06:46 | 000,001,209 | ---- | C] () -- C:\Windows\eReg.dat
[2013.01.21 19:11:14 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini
[2012.10.07 13:23:10 | 000,207,488 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2012.10.07 13:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2012.10.07 13:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2012.10.07 13:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2012.10.01 19:42:57 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.10.01 19:41:17 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.09.14 08:59:14 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.06.29 08:41:38 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2012.06.29 08:41:38 | 000,000,169 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2012.06.29 08:41:29 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2012.06.29 08:41:29 | 000,000,123 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2012.06.29 08:41:28 | 000,001,151 | ---- | C] () -- C:\Windows\cm108.ini
[2012.06.29 00:16:22 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.28 23:30:27 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012.06.28 23:23:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.06.28 23:23:21 | 000,025,181 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.06.28 23:04:54 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 12:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.16 18:29:25 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\.minecraft
[2013.04.12 22:34:44 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\Audacity
[2012.12.16 10:45:22 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\Canon
[2013.05.19 16:24:20 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\com.shirogames.evoland
[2013.05.27 18:26:07 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.08.27 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\DAEMON Tools Lite
[2013.05.25 09:42:52 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\DVDVideoSoft
[2013.04.01 12:08:40 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.03.24 16:45:13 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\FileOpen
[2013.01.05 18:47:58 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\FileZilla
[2013.01.03 20:17:29 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\GrabIt
[2012.08.04 21:41:29 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\Leadertech
[2012.07.01 11:17:46 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\Lexware
[2012.07.09 15:03:33 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\LolClient
[2013.03.24 16:45:13 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\Nitro
[2013.02.15 13:31:56 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\OpenOffice.org
[2012.11.07 16:47:06 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\Opera
[2013.01.12 12:48:05 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\Quake3
[2012.11.07 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\TeamViewer
[2012.07.02 17:06:20 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\Thunderbird
[2013.05.12 09:21:44 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\TS3Client
[2013.06.14 20:45:31 | 000,000,000 | ---D | M] -- C:\Users\Rainy\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Gmer

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-28 13:07:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD501LJ rev.CR100-10 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Rainy\AppData\Local\Temp\awtdapod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000075391465 2 bytes [39, 75]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000753914bb 2 bytes [39, 75]
.text  ...                                                                                                                                      * 2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000075391465 2 bytes [39, 75]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000753914bb 2 bytes [39, 75]
.text  ...                                                                                                                                      * 2
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075391465 2 bytes [39, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000753914bb 2 bytes [39, 75]
.text  ...                                                                                                                                      * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002683115a51                                                              
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002683115a51 (not active ControlSet)                                          

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk1\DR1                                                                                                                    unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---


Ist HijackThis veraltet, oder gab es speziellere Gründe, warum es nichtmehr genutzt wird?
Ansonsten, vielen Dank schonmal für deine Antwort, falls es noch was gibt - Das Übliche: Bin da.

Liebe Grüße
__________________

Alt 28.06.2013, 12:24   #4
aharonov
/// TB-Ausbilder
 
Spam-Anhnag geöffnet. Viren entfernen - Standard

Spam-Anhnag geöffnet. Viren entfernen



Hallo,

Zitat:
Ist HijackThis veraltet
So ist es.

Aber leider läuft auf diesem Rechner mehr als eine unsaubere Software...

Wir suchen nicht gezielt nach solchen Hinweisen, aber wenn wir sie sehen, dann können wir nicht mehr beide Augen zudrücken. Deshalb:
Cracks und Keygens

Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Nebst ihrer Illegalität sind Cracks und Patches aus dubioser Quelle auch sehr oft mit Schädlingen versehen, womit man sich also fast schon vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Wir haben dich in unserer Anleitung unter Punkt 8 der Foren-Regeln auch unmissverständlich darauf hingewiesen, wie wir damit umgehen werden.

Diese Software hat ihren Preis und die Softwarefirmen leben von diesen Einnahmen. Als Alternative gibt es überall jede Menge sehr gute Freeware oder abgespeckte, günstig zu erwerbende Versionen.

Unsere Empfehlung hier lautet, einen sauberen Neuanfang zu vollziehen, und unsere Hilfe beschränkt sich daher auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Unterforum Alles rund um Windows.
__________________
cheers,
Leo

Antwort

Themen zu Spam-Anhnag geöffnet. Viren entfernen
acrobat update, antivir, avira, bho, browser, canon, computer, desktop, email, entfernen, flash player, google, helper, hijack, hijackthis, internet, internet explorer, logfile, monitor.exe, mozilla, nicht öffnen, object, plug-in, senden, system, trojaner, usb, viren, windows, wiso



Ähnliche Themen: Spam-Anhnag geöffnet. Viren entfernen


  1. DHL Spam Mail auf dem Smartphone geöffnet
    Smartphone, Tablet & Handy Security - 05.06.2015 (8)
  2. DHL Spam-Anhang mit Mac geöffnet?
    Alles rund um Mac OSX & Linux - 29.05.2015 (1)
  3. DHL Spam-Anhang mit Mac geöffnet
    Alles rund um Mac OSX & Linux - 28.05.2015 (8)
  4. DHL Spam geöffnet Mac
    Alles rund um Mac OSX & Linux - 23.05.2015 (6)
  5. DHL PDF im Spam Email geöffnet
    Log-Analyse und Auswertung - 20.05.2015 (13)
  6. Amazon Spam Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (7)
  7. Zip- Datei in Spam-mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 14.10.2013 (23)
  8. Spam-Mail und Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (3)
  9. Spam-Email-Anhang (Zip) geöffnet
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (9)
  10. Spam Email mit Mahnung, Zip geöffnet
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (9)
  11. spam mail geöffnet :-(
    Log-Analyse und Auswertung - 23.08.2013 (3)
  12. Spam Anhang geöffnet Trojaner
    Log-Analyse und Auswertung - 17.07.2013 (14)
  13. Anhang von Spam Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (3)
  14. Dubiose Mail mit dubiosem Anhnag noch NICHT geöffnet
    Log-Analyse und Auswertung - 14.05.2013 (5)
  15. spam-mail von linkedin geöffnet
    Überwachung, Datenschutz und Spam - 21.04.2013 (1)
  16. Lufthansa Spam: Flugdetails & Reiseinformationen - geöffnet
    Plagegeister aller Art und deren Bekämpfung - 06.01.2013 (24)
  17. Lufthansa Spam - Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (28)

Zum Thema Spam-Anhnag geöffnet. Viren entfernen - Hey Trojaner Board. Heute bekam meine Mutter eine nette Email von einer Anwaltkanzlei, Rechnungen nicht bezahlt, Mahnung -Das Übliche eben. Sie wusste, dass die Email Fake war und dass sie - Spam-Anhnag geöffnet. Viren entfernen...
Archiv
Du betrachtest: Spam-Anhnag geöffnet. Viren entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.