Nach einer Infizierung des Bundestrojaners vermutlich noch rester drauf.

Valorhor · 16.05.2012, 14:50

Hallo,

Vor einigen Wochen hatte ich eine Infizierung des Bundestrojaners, welche ich mit dem Malwarebytes Anti Malware bekämpft habe.
Nach einer Überprüfung wurden einige Dateien gefunden, die ich gelöscht habe und im Anschluss das System wieder "einigermaßen" gefunzt hat.

Allerdings vermute ich, das nicht alle Dateien verschwunden sind. Der Rechner ist nach der Infizierung recht langsam geworden, der Start dauert ewig, die Symbole ploppen erst nach einiger Zeit auf, das System rattert wie bekloppt und kurz nach dem Start verändert sich die Helligkeit meines PC's ( Nvidea Treiber weg ) ins Dunklere.

Ab und zu verschwindet auch mal mein Lautstärke-Symbol.

Ich habe mich in dem Forum umgesehen und schon einiges Lesen können, habe nun Malwarebytes nochmal gestartet und es läuft nun gerade im vollständigen Modus erneut durch.

Bisher wurden 3 infizierte Dateien gefunden.

Vermutet ihr, dass noch was drauf ist ? Wenn nicht, warum dauert dann der Start so ewig, die Symbole tauchen lange nicht auf, der Rechner rattert, der Bildschirm wird dunkler ( laut eines Fachmannes ist mein Nvidea Treiber verschwunden ) und das Lautstärke-Symbol taucht nicht auf ?

Besten Dank für potenzielle Hilfe

Chris4You · 16.05.2012, 15:36

Hi,

Bitte das Log von MAM posten und:

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

Zusätzlich folgendes Programm runterladen LanmanCheck ausführen und Ausgabe abkopieren und posten

chris

Valorhor · 16.05.2012, 19:45

Habs durchlaufen lassen, dies ist die Meldung unten. Eben entfernt, und nun Rechner neustarten Danach lasse ich das andere Programm von dir durchlaufen.

Zitat:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.16.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19222
Christian G :: [Administrator]

16.05.2012 15:28:20
mbam-log-2012-05-16 (20-41-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 566247
Laufzeit: 5 Stunde(n), 13 Minute(n),

Infizierte Speicherprozesse: 1
C:\ProgramData\Anyplace Control 4\svcadmin.exe (Trojan.Winlock) -> 2788 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\Anyplace Control Security (Trojan.Winlock) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\Anyplace Control 4\svcadmin.exe (Trojan.Winlock) -> Keine Aktion durchgeführt.

(Ende)

OTL Bewertung

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.05.2012 21:10:05 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Christian G\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,61% Memory free
8,90 Gb Paging File | 7,77 Gb Available in Paging File | 87,27% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 93,97 Gb Free Space | 20,18% Space Free | Partition Type: NTFS
Drive D: | 1,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: HAPPYHIPPO | User Name: Christian G | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian G\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Fraps\fraps.exe (Beepa P/L)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Program DJ\Wow Video&Audio\WVAMain.exe ()
PRC - C:\Programme\Program DJ\Dualview Server\dualviewsvc.exe ()
PRC - C:\Programme\Program DJ\Wireless Switch\wlss.exe (Compal Electronics, Inc.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Program DJ\Smart Watchdog\SWDsvc.exe ()
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Program DJ\Wow Video&Audio\WVAMain.exe ()
MOD - C:\Windows\System32\RTCOM\RTCOMDLL.dll ()
MOD - C:\Windows\System32\EMSC.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (DualView Server) -- C:\Program Files\Program DJ\Dualview Server\dualviewsvc.exe ()
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Smart Watchdog) -- C:\Program Files\Program DJ\Smart Watchdog\SWDsvc.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (DualViewFilter) -- C:\Windows\System32\drivers\DualviewFilter.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (EMSC) -- C:\Windows\System32\drivers\EMSC.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{A6FB7660-C9E7-459B-A898-87DFA9C70DB3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=b4b390a4-be72-477c-b086-086a2a733137&apn_sauid=4BF6D869-5B2E-4156-A82B-DD6503F7DCD3&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Christian G\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 12:58:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.21 13:52:28 | 000,000,000 | ---D | M]
 
[2010.07.27 13:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian G\AppData\Roaming\mozilla\Extensions
[2010.07.27 13:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian G\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.12 09:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian G\AppData\Roaming\mozilla\Firefox\Profiles\b9k5246s.default\extensions
[2010.04.28 05:04:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian G\AppData\Roaming\mozilla\Firefox\Profiles\b9k5246s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.02 10:25:29 | 000,002,402 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\askcom.xml
[2010.02.01 19:53:09 | 000,002,280 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\google-und-download-suche.xml
[2012.05.10 17:40:49 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-1.xml
[2011.04.30 13:31:40 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-10.xml
[2011.06.30 15:02:36 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-11.xml
[2011.08.20 08:40:30 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-12.xml
[2011.09.18 08:28:27 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-13.xml
[2011.09.28 07:59:15 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-14.xml
[2011.10.02 10:24:39 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-15.xml
[2010.09.09 06:53:34 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-2.xml
[2010.09.09 15:31:48 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-3.xml
[2010.10.21 06:47:35 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-4.xml
[2010.10.28 20:28:47 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-5.xml
[2010.12.11 11:29:24 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-6.xml
[2011.03.06 01:56:41 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-7.xml
[2011.03.07 17:41:09 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-8.xml
[2011.03.24 01:35:57 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-9.xml
[2010.07.24 11:15:13 | 000,001,056 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin.xml
[2011.12.08 12:45:11 | 000,003,915 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\sweetim.xml
[2012.04.19 10:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.12 09:40:10 | 000,523,864 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN G\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9K5246S.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.01.12 11:18:32 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN G\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9K5246S.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.25 18:31:54 | 000,018,684 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN G\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9K5246S.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2011.12.08 13:09:23 | 000,004,543 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN G\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9K5246S.DEFAULT\EXTENSIONS\SUPPORT@FREE-HIDEIP.COM.XPI
[2012.04.27 12:58:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.16 10:39:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2012.02.14 21:18:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.14 21:18:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.14 21:18:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 21:18:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 21:18:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 21:18:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WLSS] C:\Programme\Program DJ\Wireless Switch\wlss.exe (Compal Electronics, Inc.)
O4 - HKLM..\Run: [Wow Video&Audio] C:\Programme\Program DJ\Wow Video&Audio\WVAMain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05B9A53C-EB81-4210-88B0-CD0D780CEF45}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BC9B2C5-F1E1-4852-9AF5-DE324E46C8CF}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Christian G\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christian G\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6eb31f9e-a372-11df-83b6-001eec51099d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe DACKSON-PC.vbs
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.14 21:37:56 | 000,000,000 | ---D | C] -- C:\Users\Christian G\AppData\Roaming\Fatshark
[2012.05.12 06:28:46 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.12 06:28:46 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.12 06:28:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.12 06:28:45 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.12 06:28:45 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.12 06:28:37 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.12 06:28:37 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.12 06:28:37 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.03 23:16:36 | 000,000,000 | ---D | C] -- C:\Users\Christian G\Desktop\Texture Gothic
[2012.04.27 21:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.04.27 21:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.04.27 21:22:04 | 000,000,000 | ---D | C] -- C:\Users\Christian G\AppData\Local\LogMeIn Hamachi
[2012.04.27 12:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.27 12:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.20 19:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic Multiplayer
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.16 20:57:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.16 20:50:03 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.16 20:49:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.16 20:49:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.16 20:49:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.16 20:45:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.16 14:47:29 | 000,686,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.16 14:47:29 | 000,645,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.16 14:47:29 | 000,151,898 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.16 14:47:29 | 000,124,748 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.15 09:58:41 | 000,036,168 | ---- | M] () -- C:\Users\Christian G\Desktop\Zeug.rtf
[2012.05.14 11:13:21 | 000,412,278 | ---- | M] () -- C:\Users\Christian G\Desktop\Rechnung.odt
[2012.05.14 10:34:00 | 000,402,100 | ---- | M] () -- C:\Users\Christian G\Desktop\briefpapier.odt
[2012.05.13 03:43:15 | 000,398,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.08 18:36:46 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.08 18:36:46 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.08 11:26:01 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 11:26:01 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.02 10:55:16 | 000,210,944 | ---- | M] () -- C:\Users\Christian G\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.20 19:45:59 | 000,001,263 | ---- | M] () -- C:\Users\Christian G\Desktop\Gothic Multiplayer.lnk
[2012.04.17 16:30:01 | 000,016,930 | ---- | M] () -- C:\Program1.RPT
[2012.04.17 15:07:50 | 000,008,192 | ---- | M] () -- C:\Windows\d3dx.dat
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.14 10:09:46 | 000,402,100 | ---- | C] () -- C:\Users\Christian G\Desktop\briefpapier.odt
[2012.05.12 00:09:05 | 000,398,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.20 19:45:59 | 000,001,263 | ---- | C] () -- C:\Users\Christian G\Desktop\Gothic Multiplayer.lnk
[2012.04.17 16:30:00 | 000,016,930 | ---- | C] () -- C:\Program1.RPT
[2012.02.14 13:29:30 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2012.02.14 13:29:30 | 000,000,092 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2012.02.02 03:09:41 | 000,000,618 | ---- | C] () -- C:\Windows\eReg.dat
[2011.10.21 21:15:59 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.10.14 19:06:30 | 000,141,200 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.10.14 19:06:14 | 000,281,656 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.09.30 18:56:38 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2011.09.18 16:21:33 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.05.07 18:07:55 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011.05.07 10:44:03 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.12.10 14:25:07 | 000,007,878 | ---- | C] () -- C:\Users\Christian G\AppData\Roaming\PStrip.bk!
[2010.12.10 14:24:37 | 000,007,849 | ---- | C] () -- C:\Users\Christian G\AppData\Roaming\PStrip.bko
[2010.12.09 23:40:03 | 000,007,855 | ---- | C] () -- C:\Users\Christian G\AppData\Roaming\PStrip.bak
[2010.12.09 23:35:56 | 000,007,912 | ---- | C] () -- C:\Users\Christian G\AppData\Roaming\PStrip.ini
[2010.12.09 23:27:11 | 000,000,065 | ---- | C] () -- C:\Windows\wininit.ini
[2010.10.18 17:00:15 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.07.29 14:41:57 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.07.29 14:41:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.07.29 14:41:53 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.07.29 14:41:53 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.07.29 14:41:53 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.07.27 13:34:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.22 17:10:04 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.06.16 03:46:21 | 002,419,568 | ---- | C] () -- C:\Windows\System32\pbsvc_apb.exe

< End of report >

--- --- ---

Valorhor · 16.05.2012, 20:24

Die nächste: Text

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 16.05.2012 21:10:05 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Christian G\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,61% Memory free
8,90 Gb Paging File | 7,77 Gb Available in Paging File | 87,27% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 93,97 Gb Free Space | 20,18% Space Free | Partition Type: NTFS
Drive D: | 1,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: HAPPYHIPPO | User Name: Christian G | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{077D3024-BD8B-4BEE-A918-73CEC7FBCDE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1EF71FDC-E2D1-402E-A66F-E95CD687EB2C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{21D0A53B-1F1A-463D-B3E4-BC3B4A58625D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3580061C-1822-47D9-80D1-AEBD8B049EA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{3B2FF68A-45FF-49A2-8FEB-30DCB3E17B4B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3E1496B0-7A50-405D-882B-6ED30185D3DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6583C29D-4679-4473-BC08-245D8CB30DF6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{668B96B5-2734-4FF4-90F8-C50519693BED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6F3704D1-3E9C-41DB-9902-B557801C9D86}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6FD3563E-3E33-4786-919E-85FE2A9B88A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{71025202-1E40-4A6A-9D4B-472310F3999D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{86C1BDB4-4C02-4B21-84FB-AA37DBEED98A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88431A45-565A-4823-B983-89D14BA73252}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8D92DFF4-1E1C-453F-99CD-43182A7FEF75}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{97CA1B20-4897-4243-B35D-83336C77DE7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9DABDEBF-0724-4016-AC5B-396C63CC433C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EFC6A9F7-98F2-4D80-BA1D-B6309EB21A4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F3489AAF-92B9-412A-81BD-09476E5CFA5F}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006794F6-2D3E-4047-BCC6-61A37BF04758}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{00AB2E3F-8C30-4414-951A-600EE03B5A18}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{00C40F17-B7BE-4B5A-96EF-183F0442C352}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | 
"{00CD0BCB-24C5-4D7F-AB32-ECBFBE8811C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{00E17063-8D67-4C5C-A535-30267E4B37AB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe | 
"{00EE1CF0-5755-4312-A489-E0EEE2DFACE9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{025ECB20-E1AA-4EA6-8E57-4273BB1E1ED3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{03067C15-44A1-4457-9FE3-CD8A765B8B75}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{036AFE62-B8B5-489C-A430-802F96C05FB3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\srcds.exe | 
"{0445B191-DE44-4329-9162-CFE7A5932757}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{046BB959-80D3-40C2-9778-ACCD2303864A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{047913D8-9F22-4B1B-9600-683CD143D396}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{04D0839D-97A2-4CA5-8025-A2913E7BB738}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0687D4B8-1BE5-451B-AC0E-1F3F09A4CA2A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0A7548C2-F3D8-40D2-BB2E-E75529758FD1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C2B6665-8DF8-4194-9EAF-805AF857265B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0D477996-BF94-4E24-A35B-3DB414766C84}" = protocol=17 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mp.exe | 
"{0D77C8C4-BE50-4A00-AF84-8F08F9B8EE78}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0DEDB37D-B215-47A1-A431-9F29416F9BD0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | 
"{0E2022C2-357E-4469-87B9-163879A1A9D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E2DF8BB-3512-42E3-AA8C-8339EF80BB30}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0E2E9057-57CA-4B87-8E66-511B6C088C54}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{11B15477-E0C6-4A0E-A716-DFCC6BB50A16}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{11EC7E90-352A-46DA-8894-BC1E3DA4A542}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe | 
"{11F0F0B6-6006-47BE-AA7B-EFFDE2A077E4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{133D0944-18B2-4994-852F-EA302C06DA4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{140CC231-FFBA-4FF9-86F3-E015FE09888D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{151E2905-DE73-4024-8AF5-FF17A19A1539}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{1589EB43-B7D4-4737-AE13-65ABAED82FFA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{15ECBB16-BFE7-4540-A558-02A8941E145E}" = protocol=6 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mplite.exe | 
"{173D1F92-94B0-4F42-B8CE-533AD6279DD0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{18EBD3EA-171F-4E47-822B-F40BB2D2F3C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{195BE01C-E642-4B0B-9E42-52CEC86B841D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{19F1625C-1F3A-4DF5-A8D8-F04B29CD84EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1A0CBEFD-F83A-47BB-996C-1B51D4A2117C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1A18F083-794D-481A-B682-5CA67EC0DDC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B963133-84BC-4FA4-A266-EB5C5F51E4C7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\srcds.exe | 
"{1BF8387C-F68A-4389-85D3-AF78AA804E65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E663C36-49FD-46A9-8DCF-697DC04F3D0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1E6D8523-930C-4F26-9259-8E934D275F17}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E85D895-056F-4AA2-9438-00A43876A706}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{204F3610-38B4-4C16-BDBB-5B92FF79DB75}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{21230A7A-6D0D-41E5-935B-6A217E4420DD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | 
"{24035050-E1AB-4543-8290-10804628F853}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{24CC5D02-BBE2-4D22-BC59-052ADE80F02B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{25C38929-7B7C-4504-BF0C-5FDB9C4F5AB3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe | 
"{261242EC-9471-42D9-8195-A22B5829283C}" = protocol=17 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe | 
"{264C1A83-2436-48CB-8F44-42589F82780A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{26D66945-6AD1-4CB6-93B7-FB92AD96FBC1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2753D907-2843-438C-92AA-C23A2F5EC9B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{27636AB4-8096-411C-9FB2-65E82451C251}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{279C2B13-7846-4DF0-AF37-3F8F73CB98A4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{284683F4-D8BC-4E9D-90F6-E94CD4AA67CA}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe | 
"{28BD2DD8-E376-4A3E-AEF7-0DE754565301}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A1DDB5D-B014-4626-8A2C-FB9053BFEFAE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2AB8DB28-E9BE-491F-9470-EB326BFDF682}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | 
"{2D6EDE2B-6792-4A9B-A715-3D4B4D693D24}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{2DFEB68A-AEC3-4BDC-99A1-B7AE0EA3E9A9}" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"{2E657F4D-8EB5-4375-A5B0-41133526C837}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{308905B1-90D3-4169-9D2B-54A2FB8EB89F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{331EEC89-E9F5-4AAB-ACC3-E015EF248B86}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{347966A7-D83B-47C8-9482-3382E9379640}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{34ACFD98-9EFB-4168-B04D-8D2ABDAD8576}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\srcds.exe | 
"{34F61841-608F-47D7-AF1C-4F998A222D2E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{35402BBC-4495-4E3E-8A2D-35285DDD58D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3543FBE6-006A-405C-86A5-14A3E47CC567}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{3618A09A-FADB-454B-9402-976318A82E1A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | 
"{36480B1B-1825-498D-B4E5-4C71C369EE49}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3693206C-3727-4912-955B-F070868890F9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{36C8F3C9-920C-4C0F-94A6-681AFCFF3A34}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{3702F82D-DE96-4FFA-9D0D-75ACC0C907DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{38AACCA7-5360-4CCF-8380-777AF3E84B1C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{399DCAEA-B16C-4A69-B8C5-BC01C765DAC7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | 
"{3AEF2441-3A49-4EAF-9052-6CC89956C548}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3D493DD2-333C-4A1F-944D-41E04A928FE3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3E914080-B1A1-43AA-8C9E-7F11C9DD5CFD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3E9A4BFA-2B0A-43CA-A346-E4E809B22314}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{3E9E91FA-777C-4719-8D94-3234511EA1B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{406031D7-E817-4862-8D4E-B9B3BD3B312D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{406ABE56-23F2-4BC2-9B97-2CFBC5A36052}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\krushnak123\counter-strike source\hl2.exe | 
"{427D0D5E-ABA2-4928-9F0B-841F32A1EB77}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{432E79F5-B866-45A5-A012-1CB3A316518C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{43428F9A-2612-4082-BC95-60B059D80BCC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{435B1246-3D2C-470C-A299-4C4ACFDD82C0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{45C2C6DD-635D-40EE-B89C-5B829C3DCB9B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{45F8F598-0DE0-4D31-9D7E-26B05A42C855}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{47E4BB7F-A7D4-4385-B688-5B4C7AF08A6D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{47E9CDBA-E899-449B-BB5D-A631742E856E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{486D9086-B49E-4128-AFAB-56387AF4FDE9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4995BB4A-C03E-45F2-93E9-87AF7975A6C9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe | 
"{4AFCAA4B-4D1F-4B7F-9067-1F0D6372D8AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4B2B1E63-AEBD-4B0C-8634-525CB90AA544}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4B2FD466-6718-4E74-8904-B27C144FE13B}" = protocol=6 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe | 
"{4DA7B4A8-012D-48AF-992A-74D291A266BB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{4EDBB4B5-E211-47A8-BF4D-0C7DB1B30D9D}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{50CB1663-F271-473F-B9B5-D04B8D3E4F38}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_cli.exe | 
"{527807EB-26F3-439F-8140-4641565CA277}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{52AD5631-F083-4742-9BFA-D9D57C248126}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{52CD550D-B6BA-4811-905D-7C1C21979EB0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53B66441-C20B-410B-A99C-C6D58862E13D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53D3AFC5-297A-44A5-8405-751F4DC5483F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{564542B8-EB3D-4518-BF20-47DF8F15B34A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57C72641-CD90-4F28-A084-465276F9FB60}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57F7B0CD-93BD-4B8C-BBDD-7FEA76C25307}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{58932836-7C38-4792-AEEB-B87EDB253DBB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{58CFE361-797F-4D77-9A68-D67AE56262DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{599C4870-ABD3-48A3-9B6F-40BCAC8FE2C8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{59B276CB-893B-4A4D-BE99-4592564D4FB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5A1B2CBE-6855-4C57-88FC-BD85B98BD32D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A39F4A2-893F-49A0-BA57-2AD45E6E6061}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5A503B46-DF19-400D-9262-B6A0B8569943}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5AFB4E9F-EAC0-46F8-8C29-421260031F09}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5B04EA70-6CCF-4E03-BB23-C58F40B7E40E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5B46B5AF-1BA9-41D2-B24B-F4B21E015EB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C76A0D4-9835-4EBF-8702-B169BF75C412}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | 
"{5CF2BDBD-C463-4AA8-82FE-BBC6E8186A05}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D867208-1E5E-426B-A904-F2D570F7D10F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\srcds.exe | 
"{61093528-1E15-473B-835E-4FE329C07E3A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61EAFF87-483D-49C4-9502-71A9D5938981}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\srcds.exe | 
"{62A083D3-A8EA-4CFF-A76D-BAC0388FE9FB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator dedicated server\avp_cli.exe | 
"{63B7322A-BB9E-4945-91CD-04CA3657A347}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{65C70070-0CB5-4FA5-B5F4-DE95BDE56081}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{662A8BFD-449D-415B-BA03-1321B6329D51}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{67827B29-C9A2-44CF-A498-4D6D222D05F9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{678570CB-A327-4FE2-A903-9A2D4CD62E47}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{678C22CA-F822-4924-B490-C11DFA644579}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67CAA9CF-7BF2-480D-8226-2DDCF8F2F2A5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\gothic ii\system\gothic2.exe | 
"{696156B5-1982-4529-9CFB-DEEB26436DCC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{697CD3FD-7342-49AC-8407-ED42CB39E118}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6A49F3A9-2DAB-4FBE-B9CD-8EB4A054F162}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6A666F53-7537-460C-A037-DBD97F76AA6A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6AABF9BC-F3B0-4C0F-964D-2A0E1E8585AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6BA3597E-7812-46E3-915F-E02577955055}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6C4D6DFC-0D65-4970-A1F2-D097F7C81578}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe | 
"{6CFDA308-EB5D-4648-8AAD-33E608BC38A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6EAE9F79-1F6E-40E9-8714-D717A3CCFB31}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | 
"{6F76C1FA-E21B-460E-8CF4-98AA5F8B7A19}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\hview.exe | 
"{70C99101-6149-4FB5-9520-FA5F3BA8C3DA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe | 
"{71DFFE91-CF86-4767-BC1B-6C57F6593583}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{72B4DF46-AABF-4FE4-9F45-2E32351BF7D2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\gothic ii\system\gothic2.exe | 
"{72C1288F-E0BE-4AC6-843E-8CB23A79D98C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe | 
"{73E0EE2C-4010-4187-8DC6-FC729EBE363F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{775E935C-6B89-498C-AE36-DD14ECFA4DF9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7780F2F8-66D9-4655-A013-187BD673EB45}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{778D054F-B6B4-45BF-9B72-AA4C7012EF71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{77F3E27F-0B8A-4BE8-9C79-FF8021E59CBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{784E827E-5D19-4705-BCA8-A0E018EC7483}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | 
"{78C57D16-8DF2-4478-ACC4-27E544C06EBE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{79EDBF6C-DECB-498A-AE21-981AACAF9DEB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{7B303661-DDD7-4FD5-BBE6-F95268A2C473}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | 
"{7B8D457E-CBB8-4B56-AE10-C5A68711C02C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe | 
"{7BAC1DEC-798C-4031-9210-4607D2A3C325}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | 
"{7BB2E7CD-77FC-4363-8B61-ED5A9A1DB3E7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7BBB814D-CCE5-4AE4-9CFD-92B0FE33AA2F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{7CAEB7F6-D07E-4156-9365-ACBCD2AC69F0}" = protocol=6 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mp.exe | 
"{7D3259CB-5365-4246-9779-F48EB330D637}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7DB30B17-FDC6-4EC2-BA1B-24CFDB2BF23B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7DEF5651-1357-45C3-AAEE-922913117322}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7EAF9F69-2723-443D-A71A-A1D5D88D5C79}" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"{7EF45BEC-266F-400C-BBE3-D8A62A7185B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7FA6BA62-E3AA-4926-BC4B-F7960DC207DF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{7FB37226-F3D1-4DB7-86A0-D8F378BFFC22}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{7FDFDEFD-F97F-4C47-B6CA-5952C5E33D19}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8074E807-D788-4EE2-B253-311F601F9D77}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{81205A78-A0C8-4960-B87B-BDC4B2013E30}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{819C6A74-F89C-4562-83B4-7BB9C1E33F3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{820FB505-8E49-485B-9AB9-B8197FAE2BA9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{826FD435-067C-4A6F-99B8-5BFE0A3B0598}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{829C542E-374E-4F1D-99A0-FCA930C6A601}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83B2CEAE-3EB1-4B3F-9589-B261953007D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{841D0E44-346C-48A2-ADD8-0705CFCE0E62}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{845B3B00-B0B5-4843-B421-44965DFB1AB1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8463A3C3-D71D-480F-A9E3-C5B0A20F169F}" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe | 
"{84DDDCD8-6831-4C78-8BD9-53D9182F04CC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8680AA13-3C1F-4C7C-92A0-D286F6F67549}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{86A3DFA8-9F2A-401F-9E8A-F17C8BDAD5C6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe | 
"{88B84AF7-912F-4407-965A-A4A8C503AAC3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8AB04A72-2AEB-494F-B344-C932036BBDCE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8B5B2DD1-8BC7-4A09-9764-6536E783910B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\krushnak123\counter-strike source\hl2.exe | 
"{8BACF037-C377-44E3-BE9A-4187C6A508F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BC8CD36-F5C7-42CD-A555-C8614688972E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8C67E579-C935-42ED-AA1F-46BE6A6DAD1A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{8CB29C98-65FF-4012-9B2C-AE9EDE62C09D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E01E8A3-F50E-4225-8561-1B1563416F5A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\krushnak123\synergy\hl2.exe | 
"{8E4991A0-F3A9-4560-85B0-9607134CCCD6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe | 
"{8F1C3FA1-0CDB-4E75-84AC-ED21FDB0A4D4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{9080CC96-9497-47DF-A675-F95E023A077F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\bin\sdklauncher.exe | 
"{91C52702-09CF-471A-82E4-0D4A25958920}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\srcds.exe | 
"{91F5D390-0DF4-48B4-BE4E-2E19E819240F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | 
"{935B6394-1A7A-432A-B2D3-91EA95EA565C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{94B496D4-3CDE-44B9-BAD0-4D5ABF438A7B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{951A3CC5-AA83-456D-BB7B-916BCF9BF585}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{954C3DDB-A794-49BC-8912-0195885C181C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{954DF2D4-4CE5-472C-BD40-271A78EE99BA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{95934B0E-94EE-44AE-AC0F-2C1229A157FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{95BA36DD-3D78-46DA-B518-7856D995E19B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96BB5CF4-D6D4-4642-B112-921CB37AB51D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | 
"{96C0705D-BF08-4C65-A59A-DC4C4BCE0136}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9879A369-41DA-4F3A-94A4-354C66AB1F7D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{98ED64B4-CECB-4FB7-B0D3-D1B33E7C7B84}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\krushnak123\counter-strike source\hl2.exe | 
"{99861912-C57D-41FE-B7AE-9FC37CC1399E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cloudberry test\run_game.exe | 
"{9A1B7D26-294A-4702-BF2A-1C97EB50C6A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A560AFF-9029-4B6A-A43A-B3B456B32D8D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator dedicated server\avp_cli.exe | 
"{9A77FDD6-EF2E-4D94-8BEA-EA3FA9CF1C1B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B8C5FB0-0349-4905-BBC9-5DA1BF160C90}" = protocol=17 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mplite.exe | 
"{9C09EFE8-93A4-4FEB-90B0-C4E719D2B294}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9C20FEC4-281D-4753-BAA9-3C3B64C3D46D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\srcds.exe | 
"{9CA65D13-02EA-47A7-8889-EBFE4E3DA696}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D9831C7-AE20-4781-8380-9ABEF4D98654}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9DF87EB3-0126-4EE9-9AA9-CD048DB0EC07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E637623-7BF7-416E-9CAB-734EA2918299}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\krushnak123\counter-strike source\hl2.exe | 
"{9F29756B-6D3D-4896-988E-E115321B0DD7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F988D44-D6DE-4099-9CDF-7F86DAB620A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A0E08057-9F92-44A2-9D7B-598BC79508D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A13FD6FE-68D1-4340-AD8C-6DF8DA94A75E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | 
"{A1856ADE-D768-4C15-9B04-0C7B08C9A703}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A226FAAC-C3F0-4D7F-A2CC-279373F42D6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A4AC5A05-5323-46A3-BC03-6D77A5D5A854}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe | 
"{A54195CD-3741-4835-AD53-EAE7F590E99C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A8E6332C-7A8A-4100-9768-9362AB61FE29}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{AA376B37-5606-4735-AE37-6000159771B4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{AB390DF9-1EAF-47B5-A18F-50783F05E8AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AC4931B8-2E60-4673-9620-8362D2741DD0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACA32BD6-AA7A-42C0-83D8-E1E99936526D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{ACB10C2B-BBD4-44EF-82DF-C35650152E3A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ADBEA4D2-C655-47FA-B68A-98672EDDE2F8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{AE035E1C-8766-4070-941D-C028FD809CDB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE1848C6-328A-49DD-9C5D-17A227B3547A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE6A310F-9D61-4141-97D5-E663486B0D6F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{AECEF511-D055-454F-B837-63E47B587D60}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{AF457B3A-FE85-427E-9B4E-660801E90C3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AFC667BC-6CDD-4B16-99B9-BC4B937FCB5A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | 
"{AFD4B6EC-7084-4BE5-A890-1DA08050B0BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B04C8748-DC70-42E7-B160-8391F2D77E4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B0536C0B-EADD-494A-A5BE-2365C77B5059}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe | 
"{B07B4E59-A7D7-4ADF-965D-F990E424487A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B0F9B227-EA25-4B7D-A37B-899184990DA0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | 
"{B2006E5C-6B20-48EE-8A5C-59C15145DBF3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe | 
"{B2576098-FAD7-4C3D-987F-03E349FC5C2D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B2938EC6-891A-451A-9607-FAC9B40F78D6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{B2E1BE56-8907-4F34-AC8C-6AE7489AA038}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B34841C1-D8E7-4283-BA90-749F1A8AA643}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{B36F1B12-BFB0-4DC0-AEC5-68C0888678D6}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{B574A815-5C9F-46E5-ADD9-6CBF1FC17995}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B862B4A9-F51B-4B91-9955-6571AB53E2CC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | 
"{B97EB916-2127-4B9E-BEAB-03DA6901EA85}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\bin\sdklauncher.exe | 
"{BA2B209F-E90F-4582-AAD2-A7C21A9421CF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BB0079A1-E425-4BB0-8179-249EE16E34CC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | 
"{BB714550-9782-471B-BAA4-0C9D51D549DB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | 
"{BBB5840C-2FE4-4659-992B-184F28A7CF64}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BC542CF9-3C03-4401-A12B-7DF97F8FAB93}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | 
"{BD396616-6C5F-49C9-9920-9EB9E3B19444}" = protocol=6 | dir=out | app=system | 
"{BD871983-1027-4280-9F2F-2A874E286D7A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BE4A64D6-7340-4DB6-BDC4-EA9D91F9FD6D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe | 
"{C034B9A7-6B16-4E3D-A6A4-74660D208289}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | 
"{C04AD4B7-03D5-4EAA-88BF-F2E0CAB24411}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C0A92A0D-D94A-411A-B51E-6FEF5EC89AE7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C0F11606-9CCF-4FAB-9575-FC0B9DC19854}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_cli.exe | 
"{C1183E84-5D94-4F1F-AC62-B7713443F81B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C134DE8C-6107-46AC-A837-ADCF48292565}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{C31AB49D-AD69-4C85-AED1-E5BD4B848076}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C5135B17-15C2-49EC-9CC3-0892A9394B0B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{C5AA46B3-1A5D-4845-9F43-18630B5B7A79}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{C719F299-04B3-4917-A05C-D99A1CBC862E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C7A3724E-EC2D-4916-9969-489FC3E25078}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{C7D68507-CA95-434A-A365-8AF85CF96392}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C8932AFE-3825-4BA7-BBCE-BE39EB0C2DA9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C8B67FE1-ADAF-47D2-8808-A84A8F0F9A6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C8F0FFA5-8C4F-4B54-97CF-3BB61E0E3145}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{C9CC386F-18B3-4752-8B6D-F9455B5510AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CA4030BA-8041-433B-9ED1-BDD8D4419D45}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CB8A66DD-1EA9-4F14-8B3B-688EE435C430}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{CD486999-3879-4476-9D20-245D35A0D75D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | 
"{CD72FD19-0E9D-4079-8044-F36B30EDEC96}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CDA61BFA-0298-4F68-A8FB-1D42623389B9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\hview.exe | 
"{CE1F48C5-AFFD-41A3-83D9-319F7B2D3819}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CE671F8B-F903-470C-A74D-39FF8034DE9D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{CF5FCE2B-A422-495D-91DF-1613D0F1A110}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{D078E285-3052-41A6-91B4-D059CBDDE48D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D0F07080-8FDC-4237-AFD5-A7AC0CA44FEE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D123E683-F6D5-486E-A4EF-6956BCC765C6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D158C10B-FA2B-46D4-8A3D-ADD36FF17511}" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"{D20C6E8F-59E9-4175-B7B3-4CE4E34DF7D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D3231086-95EF-4D94-98B5-121C206715FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D39DBADD-BB64-4168-9C2D-16A0E3C3E857}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{D3AD8F17-C4DF-4CC3-A2B5-C7E8B6C3B856}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\hview.exe | 
"{D48AA0DF-43BA-496E-98AC-A203EBAC8482}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D53AE6A4-D18A-4880-88B1-8F159A142772}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{D5584153-8613-45DD-A160-E88990483AB2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{D6DA3F43-8E4B-482E-872E-61D6DB2EF031}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | 
"{D74D67FA-8B64-41CE-BD5C-4BACD1F0D8C6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D76D9E02-BA72-4093-B3B9-7A9999C8F015}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D79B204C-3165-4985-B1FD-903008AB4185}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D82695BB-4FD2-4BE5-913A-ACEF53C1B759}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB03DE81-2211-44D3-A0F1-AE89E98F2AD1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB90AE85-9C1B-4807-A981-0DDC6FC88951}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DBC66D19-ABED-4ACB-AD82-3CA075BD0072}" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"{DC23A439-314B-4388-8E78-4CA7AE746F32}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{DCA3A953-7C4B-45DF-B6C7-F7A426AC9579}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCDACBED-8223-430C-9B8A-89BF87F3B0B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DCEF33AD-4A98-42B3-8328-269CEF135004}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DECDBF7F-2279-4578-9246-BA3C0C95802A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | 
"{DED046AD-3316-42D1-B2F4-8A661C92AAE1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E162954E-8A80-42B3-BBBC-D2E7FCF71F95}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe | 
"{E163F738-333D-41C8-9256-5049E90485F2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{E2A9EA98-8A8E-4C10-ABF9-F10480966C64}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3661393-76B8-47EE-8582-8D6C34D90D0D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | 
"{E396FA2A-B0C8-41B5-B2CD-16A5ADD174C6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{E408021D-76E3-4BAC-A5A5-C04605B4DA22}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E4C5C9D1-124D-49D7-9385-2F1F37BF5D83}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E5640F5D-0CD6-472B-B3F8-462D204D9688}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\hview.exe | 
"{E652FA33-AC8A-42C1-8BF6-C89B7920772A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{E780869B-90EF-40AE-8426-8BE2F4EB0D31}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{E893FB4C-582D-4E58-86A9-F8E622D13502}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E89D801A-BA5A-45CD-B054-69AA1D596AE7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{E91D03EF-359E-4EBF-AAAF-018C75E4D08E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9B68EFD-96F2-42E1-9481-08E00941EDEC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{ECBC1C9B-0DE6-460D-8D90-0D53C3ABEE13}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ECC8C43F-8C81-495D-86A2-856B1EED7012}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED08EC86-2549-43B9-A14F-CC6606D7BDA0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | 
"{F0BE7E6B-97AD-46C5-8B73-F1C90A2EC7F6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{F167FC80-033E-44F8-B97A-12EB95CE2413}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\krushnak123\synergy\hl2.exe | 
"{F1E76671-1BED-40EC-B6D1-6C5F4D24B235}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F21C2341-5D37-45A0-83B1-8665C124D533}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F36C8316-EA2C-412E-A9A9-7447F1CA4F44}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{F420DC9C-236B-454C-9311-628164E538A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F52632C7-AA3C-4271-B1A0-D7DB18CCC5E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F54F6DF7-967C-480F-B558-AE49E37EFFEE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cloudberry test\run_game.exe | 
"{F5652082-24AF-497C-9EC8-B5665EF6256A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\srcds.exe | 
"{F612C9CB-F06C-4957-B915-02764058795A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F61FE438-80CD-4F53-9E93-5E36D76CD25C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F661EA46-F995-4B04-8747-067BF68159B9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{F7D05081-CF0B-45F7-9017-A1AAF7B0F341}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F8908293-1D32-4ADA-85A3-95370D65757B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FAC1C891-2463-4ABA-94A4-3A4631EC896E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FAF32A31-878B-46A1-988F-DB978A6C3C87}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FD898FC9-D8E2-428F-8CF5-228210C510BB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{FD96885F-6DA4-4140-8940-16803C123C9A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | 
"{FE1E961B-22F0-4831-A4B4-2835F5394622}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{FE4C4106-E7A1-4C89-87DC-3DD31C1C152C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | 
"{FF62CAF2-72E7-41D4-8777-C0F7982C798B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FF8821BB-0DCA-4EF3-B765-132FFA84E488}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FFCC274E-CF08-40EE-96A2-CAC20A96B5CC}" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe | 
"TCP Query User{0900CFAA-E5D2-4DEB-94E8-089ED4CAF5DF}C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe | 
"TCP Query User{10F8A127-F843-4E72-8015-E696026F8F6A}C:\program files\steam\steamapps\common\cloudberry test\krater.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cloudberry test\krater.exe | 
"TCP Query User{26D89B95-A4EB-4644-B4D2-A1DCDD923FB4}C:\program files\3do\heroes 3 complete\heroes3.icd" = protocol=6 | dir=in | app=c:\program files\3do\heroes 3 complete\heroes3.icd | 
"TCP Query User{2DC69A21-81BE-42FF-AB37-C85A9DA46C96}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"TCP Query User{3546F842-DEC0-4451-B9D3-0F9E1C84A301}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{3D4E7F54-B8D2-41F9-8E69-03269993BE15}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{42971931-FD7C-45DC-983D-AD793DAD0A6B}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{442363FF-ECBA-4B7C-A5E8-2A4B56D870BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{4FCFA684-7A81-4DD7-97C1-9F3CE1FDA73F}C:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | 
"TCP Query User{645C462E-02AB-4605-9497-9E370E8440EE}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"TCP Query User{6722E8CE-688A-4F46-9DC6-650F9C16785B}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"TCP Query User{67B0866B-EB50-40C9-8CE8-E4336103A370}C:\program files\steam\steamapps\krushnak123\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\krushnak123\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{7BCB4A2B-46B1-4B00-81D9-D268CA68A6D9}C:\program files\3do\heroes 3 complete\heroes3.icd" = protocol=6 | dir=in | app=c:\program files\3do\heroes 3 complete\heroes3.icd | 
"TCP Query User{7D300B32-6C90-4D27-B0C2-33C9C164880C}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{91410A94-CB57-4EF2-94DC-4EA7630DE2A1}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{AE9B0C4C-20E6-48FE-A0E4-C7E2A9B0B0DB}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{AEA0350B-633A-4D33-83ED-EDD47482E2FE}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"TCP Query User{CE9331E5-75D9-43D5-AF5B-D25B7B1C3946}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{FE38FF58-EC44-4D9D-AA5E-6D62EC7B2EE1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0343CCC0-8D03-43DE-A976-F443FDB3DD8B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0BBA0CCA-0C2E-4C8A-91CE-929F73FA7FE6}C:\program files\steam\steamapps\krushnak123\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\krushnak123\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{1379E20B-1434-42CC-8DC8-50779A25AC55}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"UDP Query User{43B90841-113B-403B-900C-1FA687629D0E}C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe | 
"UDP Query User{48DC29D7-D424-41D2-9A5F-DB72E3C7C587}C:\program files\3do\heroes 3 complete\heroes3.icd" = protocol=17 | dir=in | app=c:\program files\3do\heroes 3 complete\heroes3.icd | 
"UDP Query User{54BFFEFA-ADA0-4A4C-B6C8-B9C0E7ED7788}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{6A6511F7-9CA1-43EF-8FF4-1A45A383BA85}C:\program files\3do\heroes 3 complete\heroes3.icd" = protocol=17 | dir=in | app=c:\program files\3do\heroes 3 complete\heroes3.icd | 
"UDP Query User{815C0E01-05C3-41B4-BA35-6CB10B875A31}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{9E01E75A-744B-4EA5-B4D0-E6D0CEB707C9}C:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | 
"UDP Query User{A39195AE-E546-4D6B-BCDF-81215843746E}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"UDP Query User{A470A680-78B9-4E23-9E74-272615ED62CA}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{A8FCB8B0-2FFD-4391-A1C4-4B84346F24F5}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"UDP Query User{A9B8B1AC-5FB9-4640-A788-2181348AD66D}C:\program files\steam\steamapps\common\cloudberry test\krater.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cloudberry test\krater.exe | 
"UDP Query User{ACA6E23E-7811-42D1-917B-DC0B0AF85D21}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{B487597B-4BC0-421B-9C4A-223A2D9D5CB8}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{BD809987-5F56-49E7-8FD7-88E9DAAA1A1E}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{BE6905FD-B075-40F8-A592-7D8D0EFD7B9E}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{C6963DB2-70A5-42A7-9235-84174C45D7CF}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{E68BFA88-D9CB-4E28-9C4B-C1D10DA499A1}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{235211CA-D0E3-4EC8-95D4-C024CE37537C}" = WISO Mein Geld 2012 Professional
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{23BDF7D8-C353-4BA8-8567-814F91332CEA}" = Wireless Switch
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4343080E-448E-4E2C-B27F-B91000018201}" = Dead Rising 2
"{4343080E-448E-4E2C-B27F-B91000028201}" = Dead Rising 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{57E7D762-44B2-430D-92A7-E538C3B99CE9}" = DualviewServer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7243A264-7401-445E-99E6-2CC334960047}" = Smart Watchdog
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73D7F26F-A650-49F3-9928-AD204673797C}" = Green Charger
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA56BFBE-E1D1-435D-A805-52A7F788D057}_is1" = CLICK & LEARN DiDi 360° 3.1
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF2A95D9-C159-4779-A564-12E58D3CD8D7}" = Program DJ
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}" = Wow Video&Audio utility
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"109AAA0C37D6219EA776C7E771DE5C246A0A0846" = Windows Driver Package - ENE (enecir) HIDClass  (01/23/2008 2.4.0.0)
"34472D3C0CA521527E150A1EB74ED994CE452ECE" = Windows Driver Package - Intel (NETw5v32) net  (04/27/2008 12.0.0.73)
"3D Titanic Bildschirmschoner_is1" = 3D Titanic Bildschirmschoner 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"G I - Die Welt der Verurteilten (mit neuen Texturen)" = G I - Die Welt der Verurteilten (mit neuen Texturen)
"Gothic Multiplayer" = Gothic Multiplayer
"Heroes of Might and Magic III Complete" = Heroes of Might and Magic III Complete
"Indeo® Software" = Indeo® Software
"InstallShield_{23BDF7D8-C353-4BA8-8567-814F91332CEA}" = Wireless Switch
"InstallShield_{7243A264-7401-445E-99E6-2CC334960047}" = Smart Watchdog
"InstallShield_{73D7F26F-A650-49F3-9928-AD204673797C}" = Green Charger
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{EF2A95D9-C159-4779-A564-12E58D3CD8D7}" = Program DJ
"InstallShield_{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}" = Wow Video&Audio utility
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"Seven Kingdoms II" = Seven Kingdoms II
"Steam App 10500" = Empire: Total War
"Steam App 105600" = Terraria
"Steam App 10680" = Aliens vs Predator
"Steam App 204720" = Krater Public Tests
"Steam App 205" = Source Dedicated Server
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base 2007
"Steam App 240" = Counter-Strike: Source
"Steam App 24240" = PAYDAY: The Heist
"Steam App 33220" = Tom Clancy's Splinter Cell: Conviction
"Steam App 34120" = Aliens vs Predator Dedicated Server - Beta
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 39510" = Gothic II: Gold Edition
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42910" = Magicka
"Steam App 4560" = Company of Heroes
"Steam App 4850" = Cossacks: Back to War
"Steam App 500" = Left 4 Dead
"Steam App 510" = Left 4 Dead Dedicated Server
"Steam App 513" = Left 4 Dead Authoring Tools
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 560" = Left 4 Dead 2 Dedicated Server
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8980" = Borderlands
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThielHater's Texturepatch_is1" = ThielHater's Texturepatch v1.0.1
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WISO Mein Geld 2012 Professional" = WISO Mein Geld 2012 Professional
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClubCooee" = Club Cooee
"FileZilla Client" = FileZilla Client 3.5.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.03.2012 07:21:47 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7207
 
Error - 21.03.2012 07:21:47 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7207
 
Error - 21.03.2012 07:22:18 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.03.2012 07:22:18 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 38064
 
Error - 21.03.2012 07:22:18 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 38064
 
Error - 21.03.2012 07:22:19 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.03.2012 07:22:19 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 39078
 
Error - 21.03.2012 07:22:19 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 39078
 
Error - 21.03.2012 07:24:50 | Computer Name = HappyHippo | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2012 07:41:24 | Computer Name = HappyHippo | Source = VSS | ID = 8194
Description = 
 
[ System Events ]
Error - 16.05.2012 09:20:11 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.05.2012 09:20:11 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.05.2012 09:23:13 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 16.05.2012 09:55:03 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.05.2012 09:55:03 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.05.2012 13:02:10 | Computer Name = HappyHippo | Source = DCOM | ID = 10016
Description = 
 
Error - 16.05.2012 14:50:14 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.05.2012 14:50:14 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.05.2012 14:50:14 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.05.2012 14:53:00 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >

--- --- ---

Chris4You · 17.05.2012, 11:53

Hi,

sieht eigentlich gut aus...
Sagt Dir der Eintrag:
O33 - MountPoints2\{6eb31f9e-a372-11df-83b6-001eec51099d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe DACKSON-PC.vbs
was?

Bitte das hier abfahren:
Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
IE - HKCU\..\URLSearchHook:  - No CLSID value found
O1 - Hosts: ::1             localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

chris

Valorhor · 17.05.2012, 12:37

Zitat:

Zitat von Chris4You

Sagt Dir der Eintrag:
O33 - MountPoints2\{6eb31f9e-a372-11df-83b6-001eec51099d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe DACKSON-PC.vbs
was?

Nein, nicht wirklich. Löschen ?

Hier der Log nach dem Neustart:

Zitat:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Unable to save new HOSTS file
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christian G
->Temp folder emptied: 709345 bytes
->Temporary Internet Files folder emptied: 35877092 bytes
->Java cache emptied: 14994772 bytes
->FireFox cache emptied: 435011522 bytes
->Flash cache emptied: 4926 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 557056 bytes
%systemroot%\System32 .tmp files removed: 749568 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25320823 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 489,00 mb

OTL by OldTimer - Version 3.2.43.0 log created on 05172012_131329

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Zitat:

Zitat von Chris4You

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Wo genau kann ich den finden ?

Im übrigen belastet mich das Ändern der Helligkeit nach jedem Neustart ziemlich. Dies kam erst nach dem Trojaner. Ich muss nach jedem Neustart die Helligkeit manuell hier über Nvidia ändern.

hxxp://s14.directupload.net/file/d/2893/aq8zi5yv_jpg.htm

Ein Profi sagte mir mal, dass mein NVIDIA nicht automatisch starten würde und aus der Leiste verschwunden ist.

Ich vermute, es lag am Trojaner, dass er das irgendwie ausgehebelt hat.

Wie kann ich ihn wieder aktivieren ?

Chris4You · 17.05.2012, 14:17

Hi,

installiere die Treiber mal neu, dann sollte sich das mit dem autostart automatische erledigt haben...

chris

Nach einer Infizierung des Bundestrojaners vermutlich noch rester drauf.

Plagegeister aller Art und deren Bekämpfung: Nach einer Infizierung des Bundestrojaners vermutlich noch rester drauf.