Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bin ich infiziert?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.06.2012, 13:28   #1
FabFaeb
 
Bin ich infiziert? - Standard

Bin ich infiziert?



Hallo Zusammen,

ich lese immer mal wieder hier im Forum, hatte bisher aber noch keine Grund selbst etwas zu posten. Jetzt ist es soweit:
Gestern Abend meldete sich Antivir (EXP/2012-0507.BM) - nach einem Scan und dem Verschieben einer Datei in die Quarantäne sowie nach dem Löschen meines Browsercaches und aller Cookies fand es jedoch nichts mehr. Da ich auf meinem Rechner jedoch auch Onlinebanking betreibe möchte ich auf Nummer sicher gehen, dass mein Rechner sauber ist. Daher möchte ich euch bitten, euch einmal kurz meine Logs anzusehen und nachzuschauen, ob womöglich doch noch was Verdächtiges läuft.
OTL.txt:
Code:
ATTFilter
OTL logfile created on: 13.06.2012 14:05:27 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Fabian\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,37% Memory free
8,22 Gb Paging File | 5,85 Gb Available in Paging File | 71,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274,95 Gb Total Space | 38,21 Gb Free Space | 13,90% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 8,93 Gb Free Space | 18,28% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,60 Gb Free Space | 33,99% Space Free | Partition Type: NTFS
 
Computer Name: FABIANS-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.13 14:02:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Downloads\OTL.exe
PRC - [2012.06.13 14:02:33 | 000,050,477 | ---- | M] () -- C:\Users\Fabian\Downloads\Defogger.exe
PRC - [2012.05.21 23:19:17 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\real\realplayer\Update\realsched.exe
PRC - [2012.05.08 17:57:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 17:57:51 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 17:57:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.12 19:50:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.23 16:08:20 | 005,108,624 | ---- | M] (Markement) -- C:\Program Files (x86)\Festplattentools\PCSUITE INSPECTOR\inspectorsvc.exe
PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Programme\Tunngle\TnglCtrl.exe
PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.07.26 09:25:36 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 14:02:33 | 000,050,477 | ---- | M] () -- C:\Users\Fabian\Downloads\Defogger.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV:64bit: - [2011.11.10 05:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.05.01 08:51:14 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc)
SRV - [2012.06.11 10:17:00 | 000,161,112 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Programme\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe -- (BgRaSvc)
SRV - [2012.06.11 10:15:11 | 000,269,656 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard Backup\BsMain.dll -- (BsMain)
SRV - [2012.06.11 10:11:59 | 000,409,944 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2012.05.08 17:57:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 17:57:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.28 11:14:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.02 20:54:10 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.12 19:50:25 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.23 16:08:20 | 005,108,624 | ---- | M] (Markement) [Auto | Running] -- C:\Program Files (x86)\Festplattentools\PCSUITE INSPECTOR\inspectorsvc.exe -- (PCSUITEINSPECTORSVC)
SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Programme\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.05.04 04:33:54 | 009,241,088 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\SAMSUNG\Kies\WiselinkPro\WiselinkPro.exe -- (KiesAllShare)
SRV - [2010.05.01 08:50:00 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.18 14:43:24 | 000,161,048 | ---- | M] (Avanquest North America, Inc.) [Disabled | Stopped] -- C:\PROGRA~2\FIXIT0~1\MXTask.exe -- (Fix-It Essentials Task Manager)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.26 09:25:24 | 000,187,928 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2008.07.26 09:23:54 | 000,255,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer)
SRV - [2005.08.10 14:26:14 | 001,527,900 | ---- | M] (The Firebird Project) [On_Demand | Stopped] -- C:\Programme\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 17:57:52 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 17:57:52 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.17 12:14:04 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011.12.17 12:14:04 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011.12.17 12:13:50 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.11.10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.10 04:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.17 19:40:40 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.07.27 20:48:14 | 000,014,952 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.30 18:07:06 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.05.06 12:28:18 | 000,036,256 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.05.06 12:28:16 | 000,159,136 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.05.06 12:28:16 | 000,125,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010.05.06 12:28:16 | 000,016,800 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.05.01 08:51:14 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009.10.05 09:29:46 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.09.03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009.08.28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.06.24 21:52:37 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.30 23:01:36 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.04.30 22:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009.04.30 22:55:48 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.08.16 20:56:09 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2008.08.16 20:56:09 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2008.07.26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 09:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2008.07.26 09:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2007.08.20 11:05:02 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2007.08.08 18:54:12 | 000,035,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool)
DRV:64bit: - [2006.10.10 04:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV - [2010.05.01 08:50:00 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009.10.05 09:29:46 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.08.18 22:31:29 | 000,012,400 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
DRV - [2009.04.12 14:23:12 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\oc u. ähnliches\Rivatuner\RivaTuner v2.24\RivaTuner64.sys -- (RivaTuner64)
DRV - [2007.09.07 15:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 80 8D 94 E8 DB CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=&src=crm&q={searchTerms}&locale=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.21 23:20:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 16:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.21 23:20:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard Backup\files32\backup\thunderbirdbkplugin [2012.06.11 09:55:47 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.34_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\CRX_INSTALL\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Google Mail = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.12.17 12:52:58 | 000,439,180 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15106 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000026 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000027 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000028 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18C0E4BA-CED3-45F6-8D9A-27AE468C5E5B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D6DFE45-A6DD-45ED-BE9A-FF2D87CFC2E0}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O24 - Desktop WallPaper: C:\Users\Fabian\Pictures\Hamburg '11\SDC12516.JPG
O24 - Desktop BackupWallPaper: C:\Users\Fabian\Pictures\Hamburg '11\SDC12516.JPG
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{44ce4474-5eb5-11df-808d-0019db617af5}\Shell - "" = AutoRun
O33 - MountPoints2\{44ce4474-5eb5-11df-808d-0019db617af5}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{44ef1771-54ec-11e1-9c8e-0019db617af5}\Shell - "" = AutoRun
O33 - MountPoints2\{44ef1771-54ec-11e1-9c8e-0019db617af5}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchBFII.exe
O33 - MountPoints2\{da2928a5-a1ee-11de-8526-0019db617af5}\Shell - "" = AutoRun
O33 - MountPoints2\{da2928a5-a1ee-11de-8526-0019db617af5}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\Shell - "" = AutoRun
O33 - MountPoints2\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.11 10:12:18 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\BullGuard
[2012.06.11 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT
[2012.06.11 10:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Festplattentools
[2012.06.11 09:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2012.06.11 09:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
[2012.06.11 09:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard
[2012.06.11 09:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd
[2012.06.09 17:59:10 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Bewerbung Mannheim
[2012.06.08 10:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes
[2012.06.07 22:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldWave
[2012.06.07 20:27:34 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Audible
[2012.06.06 18:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2012.06.01 16:30:44 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012.06.01 16:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2012.05.21 23:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012.05.21 23:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.05.21 23:19:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.05.21 23:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.06 15:22:13 | 000,002,087 | ---- | M] () -- C:\Users\Fabian\Desktop\Google Chrome.lnk
[2012.12.06 15:01:43 | 000,001,356 | ---- | M] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat
[2012.06.13 14:03:52 | 000,000,000 | ---- | M] () -- C:\Users\Fabian\defogger_reenable
[2012.06.13 13:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.13 13:19:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-459657788-2412600428-1289256178-1000UA.job
[2012.06.13 13:18:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.13 13:14:17 | 001,594,252 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.13 13:14:17 | 000,683,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.13 13:14:17 | 000,642,388 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.13 13:14:17 | 000,150,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.13 13:14:17 | 000,123,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.13 13:08:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.13 13:08:14 | 000,004,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 13:08:14 | 000,004,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 13:08:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.12 23:28:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012.06.12 23:28:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.12 18:19:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-459657788-2412600428-1289256178-1000Core.job
[2012.06.11 11:53:10 | 000,199,168 | ---- | M] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.11 09:55:55 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\BullGuard Backup.lnk
[2012.06.08 10:50:21 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2012.05.21 23:19:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.05.20 20:29:43 | 000,058,042 | ---- | M] () -- C:\Users\Fabian\Documents\thomaskrone.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.13 14:03:52 | 000,000,000 | ---- | C] () -- C:\Users\Fabian\defogger_reenable
[2012.06.11 09:55:55 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\BullGuard Backup.lnk
[2012.06.08 10:50:21 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2012.05.20 20:21:13 | 000,058,042 | ---- | C] () -- C:\Users\Fabian\Documents\thomaskrone.odt
[2011.12.08 23:22:08 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.24 12:07:12 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.21 12:51:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.23 22:57:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.04.16 17:38:07 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.16 17:38:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.07 21:37:40 | 000,000,094 | ---- | C] () -- C:\Users\Fabian\AppData\Local\fusioncache.dat
[2011.02.07 20:27:38 | 001,573,322 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.29 21:26:53 | 000,000,439 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.11.19 16:41:22 | 000,000,565 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\AutoGK.ini
[2010.09.27 22:52:01 | 000,150,964 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.06.14 16:10:03 | 000,000,600 | ---- | C] () -- C:\Users\Fabian\AppData\Local\PUTTY.RND
 
========== LOP Check ==========
 
[2011.07.06 17:35:15 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.minecraft
[2009.05.08 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AceBIT
[2009.06.15 14:43:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Avanquest
[2012.06.11 10:23:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\BullGuard
[2008.11.26 17:11:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Canneverbe_Limited
[2008.11.11 19:56:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Cornelsen
[2010.12.09 23:23:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\CrypTool
[2011.12.29 23:30:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Dropbox
[2012.05.27 20:24:32 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoft
[2011.04.16 11:16:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.23 22:39:59 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\FileZilla
[2012.06.06 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ
[2011.11.17 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ImgBurn
[2010.06.14 23:13:31 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\IrfanView
[2010.06.17 13:39:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\JAlbum
[2009.01.14 13:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Leadertech
[2010.07.27 16:15:33 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\LolClient
[2009.07.19 20:23:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\MAGIX
[2008.09.08 21:06:59 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2008.08.15 16:20:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Meine Die Schlacht um Mittelerde -Dateien
[2008.12.25 02:14:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Mp3tag
[2009.03.30 18:14:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Notepad++
[2011.10.10 20:48:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OfficeRecovery
[2010.12.29 21:14:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenArena
[2009.06.04 13:15:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org
[2010.05.31 19:00:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PC Suite
[2012.05.10 18:55:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\RipIt4Me
[2011.11.29 00:07:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Samsung
[2009.01.05 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Software4u
[2009.07.19 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Steinberg
[2011.01.25 16:17:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TeamViewer
[2011.05.18 20:49:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Teeworlds
[2011.07.05 22:45:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Tunngle
[2012.04.14 11:57:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ubisoft
[2011.11.28 23:15:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Unified Remote
[2012.02.22 20:05:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Unity
[2010.11.29 17:31:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\W
[2012.06.08 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\wargaming.net
[2012.06.12 23:28:44 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.13 20:18:57 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{94EF8A00-19B1-42B2-BF10-FE258F391200}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 752 bytes -> C:\Users\Fabian\Documents\MSP Expo, certified.eml:OECustomProperty

< End of report >
         
Extras.Txt:
Code:
ATTFilter
OTL Extras logfile created on: 13.06.2012 14:05:27 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Fabian\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,37% Memory free
8,22 Gb Paging File | 5,85 Gb Available in Paging File | 71,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274,95 Gb Total Space | 38,21 Gb Free Space | 13,90% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 8,93 Gb Free Space | 18,28% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,60 Gb Free Space | 33,99% Space Free | Partition Type: NTFS
 
Computer Name: FABIANS-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
.scr[@ = scrfile] -- Reg Error: Value error. File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
.scr [@ = scrfile] -- Reg Error: Value error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- Reg Error: Value error.
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- Reg Error: Value error.
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = B2 39 E6 04 DB FE C8 01  [binary data]
"VistaSp2" = 75 47 43 BA C9 ED C9 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04100698-9114-49EA-92AD-DE29C3161DB5}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{10ADAA98-3557-4884-BFAB-CDEC9A14620E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{15C2B4D2-309A-42D7-BD48-C32DB6FD22E3}" = lport=6935 | protocol=17 | dir=in | name=league of legends launcher | 
"{1F242E23-C91E-44A7-A32B-6BC67DD94B9C}" = lport=6991 | protocol=6 | dir=in | name=league of legends launcher | 
"{20ED10D9-815D-4C75-8455-C568CA6B3092}" = lport=9000 | protocol=6 | dir=in | name=receiver | 
"{23037353-4C1B-4071-80B9-5A1280CF6B8D}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher | 
"{292FF059-A746-40F4-80AC-04B03BC10602}" = lport=6890 | protocol=17 | dir=in | name=league of legends launcher | 
"{3308C5CE-B5D0-4756-82A5-AD2E88AD3692}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher | 
"{35220968-49CE-4A2B-9674-35665691CFFB}" = lport=6926 | protocol=6 | dir=in | name=league of legends launcher | 
"{37C970A0-C782-4C69-AC73-B86F213C47F0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3857C6F6-EC2B-4677-A687-230853176615}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{398E561A-6F80-4268-BEC4-596A1DB6E0A3}" = lport=6892 | protocol=6 | dir=in | name=league of legends launcher | 
"{3CB282DA-F7B5-478F-B4D4-F9D7AD567781}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher | 
"{45021840-9D5F-41FB-95A2-000BD6A3DD72}" = lport=8303 | protocol=17 | dir=in | name=teeworlds | 
"{458656F4-9866-4920-910A-6372BF71D35B}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher | 
"{47DF3933-A8C0-4BB7-9DF9-F37D0D1E6FEA}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher | 
"{49372A40-41E4-4D3F-968A-F6CD90C531A8}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher | 
"{4D702D9A-D7AE-4128-B60F-E6AB43C20EF7}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{4E2FAA19-F213-443F-A92C-0E701091894B}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{616C1F18-C9F4-4BC3-81D7-E7D3242AF60E}" = lport=6897 | protocol=6 | dir=in | name=league of legends launcher | 
"{65EEC43E-42A1-4B72-8B62-D4077AC60829}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{6773D17E-8F4B-4B48-B01E-E5CE6C224037}" = lport=25565 | protocol=6 | dir=in | name=minecraft | 
"{6CC1DB3F-F5F2-4154-A36B-4EABF64575B5}" = lport=6897 | protocol=17 | dir=in | name=league of legends launcher | 
"{7176D888-D85E-43E0-A2B0-6B1E2C0688BF}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher | 
"{76494C8C-1FF3-4A8F-837D-1D89F49C0686}" = lport=9000 | protocol=17 | dir=in | name=receiver | 
"{7972A541-A73B-4D80-8486-F5FED23BF541}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher | 
"{7A100DB1-45B9-4BEE-87AD-8C3D65800DAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7B428045-B684-4CA3-A1BB-E770577FD7C3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{81DB40DD-91C7-48D4-866D-69626A686B37}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{82BAF8FB-20C9-44EF-865D-41D451F8DB53}" = lport=6976 | protocol=6 | dir=in | name=league of legends launcher | 
"{89A835D1-9B7C-4688-8C07-FA2A1DE77874}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8DC35AE9-53DD-4FDE-99C8-AD70C5AA8958}" = lport=6926 | protocol=17 | dir=in | name=league of legends launcher | 
"{93F9E2F1-2657-4662-939D-70A9688759DD}" = lport=25565 | protocol=17 | dir=in | name=minecraft | 
"{976475FB-AE87-4761-B982-C110E40518FB}" = lport=8303 | protocol=6 | dir=in | name=teeworlds | 
"{9AD45407-7D53-42D3-90C1-856660D595EB}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{9C8F8432-8C91-4A6C-8753-AD3F0CF6FAC6}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher | 
"{9E87B6D1-BB3C-48C6-B863-13F1C0549425}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{A7603C99-3BCF-4948-B2B7-E8706BD433C8}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher | 
"{AF58DF2D-A1AC-4D5D-84E3-DE94BE4CC2CF}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher | 
"{AF70FEA6-78D6-4C4F-B649-3BB12250974F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AF909A86-7403-4BCE-A316-2741CA46D7A9}" = lport=6991 | protocol=17 | dir=in | name=league of legends launcher | 
"{B59AEB95-FF58-46C6-ABA0-128C79A79AA2}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher | 
"{B6DCD223-B76C-4112-A9CC-1779D2351FBF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B6FFDCCD-E2A6-4861-9CEE-4FCD8AF603D5}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{BBA76768-1957-437A-9385-80E614982BF4}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher | 
"{BEB66C21-7FF0-4D77-BA72-097D52BA9E76}" = lport=6935 | protocol=6 | dir=in | name=league of legends launcher | 
"{C2B530A0-22C3-47BD-A7EC-EA27401ADD98}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher | 
"{C2B5708F-9FBF-49E1-BAFB-4B2399E33007}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{C4333209-AAF7-468D-BF82-23FC1B5E9661}" = lport=21 | protocol=17 | dir=in | name=receiver | 
"{C6063BBD-A744-42A7-9FB0-0C2F1C7D0C8A}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher | 
"{C708188A-7F92-4413-9E0D-2ADE8DCE179F}" = lport=6892 | protocol=17 | dir=in | name=league of legends launcher | 
"{D0784062-DA42-48DE-A8E2-D3C9E072F96A}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher | 
"{D1F503B6-EB15-49D6-8334-D01060E1BF92}" = lport=6890 | protocol=6 | dir=in | name=league of legends launcher | 
"{D3A097D1-E061-4DCB-BB89-5DC57731DB22}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher | 
"{D5D97A36-1206-4D67-A095-97437812B128}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher | 
"{D80571D9-ABFB-4762-8076-F70AD81B6BA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2837AD2-1BDA-4C05-8553-13864BED679A}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{E4C0A4B5-0606-46DA-BBC3-AC720DDA6C97}" = lport=6972 | protocol=6 | dir=in | name=league of legends launcher | 
"{E562F31D-E7F1-4AE3-8E0A-83235587B06E}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{E8445FD7-D348-4619-BAA9-7CA3E7CAA7B3}" = lport=6972 | protocol=17 | dir=in | name=league of legends launcher | 
"{E8C2AAAF-418B-47DE-985E-DE975BD17205}" = lport=21 | protocol=6 | dir=in | name=receiver | 
"{E9F949B6-44BD-4FA4-93A0-1A17478B1B4C}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{EB9CA200-0A5F-4788-8185-2CB9FCBBC61E}" = lport=6976 | protocol=17 | dir=in | name=league of legends launcher | 
"{ED6B5899-912E-42EC-899A-7CBFACF5D54C}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher | 
"{EFA9C583-80A2-472B-A574-3A402C05FBBB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F657A651-C15C-4BE5-AFE7-22FB249BFF51}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher | 
"{F886672B-EA4D-48F5-AAAE-37C343FFEF09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FA363C42-0177-4AC7-B93A-C822E9C5E95C}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{FC9A2C56-9BE0-49EB-AF65-88C3560522C5}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{FE771E8D-B62B-4240-A033-2C4C6B7A45F4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004E7964-0E5F-40E7-B10C-6F91644F768E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{005BBE6D-FD57-4C07-A324-92267C410DC7}" = protocol=6 | dir=in | app=c:\spiele\league of legends\ace client\league of legends\air\lolclient.exe | 
"{010396E0-D40F-4528-89AB-2362CF1C4C30}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{010D6B88-64E0-4CC1-B15C-E8E635BDA04C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{0876FF0C-3149-499A-A280-8B9C15CD1AEE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0AC48CDE-2613-4FD2-9255-A0100607DCD6}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{0BCC37EB-6525-4E6F-B832-13A47032ADD5}" = protocol=6 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe | 
"{0C2E82E4-5D6F-4520-8CC0-0DEA64FC83BE}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\.minecraft\minecraft.exe | 
"{0DB14B72-38BE-4D98-9E45-2F4E9EB53835}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0E2EBA81-AF84-4277-9B8B-E5E068FCE48D}" = protocol=6 | dir=in | app=c:\spiele\guild wars 2\gw2.exe | 
"{108DDEBE-E7E2-4256-8718-AAC1A1A152F9}" = protocol=17 | dir=in | app=c:\spiele\minecraft\minecraft 1.4\server\minecraft_server.exe | 
"{10CEFBAE-7873-4461-9B77-0A672A78AE08}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{12AB5F36-70E6-4A51-B862-8382D34F14EB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{14265932-D0E2-409F-BA6A-0D402C288C80}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{15DA1762-A254-494C-9936-F416D0E743FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{16C2AB3B-93AF-4BA4-808B-E71E99F4C8D6}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{174E18E1-E63C-42B8-BF17-4EBDAF243A4B}" = protocol=17 | dir=in | app=c:\program files (x86)\lavasoft\ad-aware\ad-aware.exe | 
"{18A19F96-861B-491F-BE9B-E897D224942A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{18B7F494-76B8-4147-B0DC-1B441DBF4837}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{19A125DD-461B-4E5F-A4A9-1042B7510214}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{19FA1592-18C2-472F-97B2-0CAF6F96630C}" = protocol=6 | dir=in | app=c:\spiele\thq\cohlauncher.exe | 
"{1A1345D8-5AA3-4FA8-A48C-786C9B91DC47}" = protocol=6 | dir=in | app=c:\spiele\gta iv\grand theft auto iv\launchgtaiv.exe | 
"{1A3D158B-7130-4932-9AFF-73D2CE98F601}" = protocol=17 | dir=in | app=c:\program files (x86)\ad-aware\ad-aware.exe | 
"{1B8CA73E-ED8C-4021-85C6-C586A5A2BD40}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{1E95147B-7A08-4468-A84E-BE1D539090D4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{1F3EC5A3-F548-4032-9033-5454B46365E4}" = protocol=17 | dir=in | app=c:\spiele\guild wars 2\gw2.exe | 
"{267010AA-330E-4826-A1B2-653C3B483AC4}" = protocol=6 | dir=in | app=c:\spiele\league of legends\air\lolclient.exe | 
"{2B25DFE2-D232-4DB2-BE47-4BC08662B83D}" = protocol=17 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe | 
"{2C9582B4-8136-4A08-9590-5749F0C912AA}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2E094C49-F516-436A-B404-4DCE653C1B95}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{33AAC75A-F3A4-42EA-9A89-682FA9AC2FDA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{3410CB29-DC25-4B4E-BD31-60B78A281FA0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{3921325B-3568-4A92-800A-E3927E8DA101}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{39403AF5-3650-4F7D-9212-EC54D4637BF8}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{3A088F61-EF39-40D4-8E30-5301A2128CE7}" = protocol=17 | dir=in | app=c:\spiele\league of legends\air\lolclient.exe | 
"{3A1A9C3B-DE19-4801-A25A-DE6D6D9E87A7}" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3y.exe | 
"{3D592DF9-8862-4991-8194-0C32CA2B0922}" = protocol=17 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat | 
"{3D957D5F-046C-4096-B803-21B248E340D2}" = protocol=17 | dir=in | app=c:\spiele\league of legends\ace client\league of legends\game\league of legends.exe | 
"{423F5E56-0447-4310-862B-EC5C7B0B1999}" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"{45CE5F4C-4819-4142-8A62-688BC9EEDD26}" = protocol=17 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | 
"{4A1D52A2-F5FA-4949-A413-A7912A1473D1}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{5004ACC5-B161-4824-A132-E2D09C0F3572}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{54EA1C48-78DA-490B-A5F9-2AB5C735796E}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\.minecraft\minecraft.exe | 
"{58002418-9A4E-4641-B73C-8DD498EF5CBD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{59D2C68E-ACB1-49DF-B5A3-0B63AA988073}" = protocol=6 | dir=out | app=system | 
"{5BBDCAEE-7359-4056-9920-3851FCBBF4BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5BC26BD7-92E2-4EAD-B1CC-CB4C59550EE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5BC3A78C-3E3D-4425-85AC-83186F121040}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5CB0444F-CAFC-4FA9-AEE9-B4991C34D322}" = protocol=17 | dir=in | app=c:\spiele\schlacht um mittelerde\game.dat | 
"{5CF7657B-41C6-4AC1-806C-A7FF26EEEB8B}" = protocol=17 | dir=in | app=c:\spiele\steam\steam.exe | 
"{5EEA0839-D093-4720-816C-10DAFB404AC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5FE3C1C6-91A7-4004-8646-194B871D0B52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63A276E1-469C-437A-AB9C-2C0B2AB9C729}" = protocol=17 | dir=in | app=c:\spiele\league of legends\game\league of legends.exe | 
"{672138B0-D98F-42E6-8968-08551B16E2CE}" = protocol=17 | dir=in | app=c:\spiele\gta iv\grand theft auto iv\launchgtaiv.exe | 
"{6832A22C-6E2F-4606-9714-AAB023FCEB1C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{6BE7C66C-E81F-4B3D-BFEA-772A089751B0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6C2576F5-ED2C-4C4A-8731-EBFD649B83CF}" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"{6CEA68E4-94B8-4CE4-A6F2-A12D2AF2C748}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{6DE6B1A0-2172-406E-913A-CFFC87D5C576}" = protocol=6 | dir=in | app=c:\users\fabian\downloads\sweetimsetup.exe | 
"{725F6923-9C0E-4430-9370-088974E81E58}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{74E1FCAA-3C96-4672-AE4F-3C1E90E2D056}" = protocol=17 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_launcher.exe | 
"{7532A1DD-5359-4862-AD36-B0B11908820E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7568A801-541A-4F79-9188-4EF84D074C9C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{7AD12077-DC1C-440E-90DA-CD1AA821AE78}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7EA37C6F-F086-41D2-8F8E-812BF6A1BD19}" = protocol=17 | dir=in | app=c:\spiele\thq\cohlauncher.exe | 
"{8499D287-7456-400C-AB2A-C97D8BB4D0C7}" = protocol=6 | dir=in | app=c:\spiele\gta iv\rockstar games social club\rgsclauncher.exe | 
"{85F48457-A447-44BE-A8C8-5E78172DBF6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8878283B-1718-4E02-8EE0-970F1A7A5EDC}" = protocol=6 | dir=in | app=c:\spiele\medal of honor airborne\unrealengine3\binaries\moha.exe | 
"{8B53A871-B2EC-4061-8723-52BBD7AE4791}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8CDFB926-C3B0-46EB-B2DD-49A56F38D1EE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{8D718B6E-4E8C-4B48-A49A-88703DDEDC2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DEE1533-0AA9-43A2-A88C-DD75160A5F37}" = protocol=17 | dir=in | app=c:\spiele\league of legends\lol.launcher.exe | 
"{8FEB4581-5C48-44C3-9CF4-B7C715AFD5BA}" = protocol=6 | dir=in | app=c:\spiele\steam\steam.exe | 
"{907C412F-5299-4572-B3A3-5DAC7AA9179D}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{9956B587-79FE-4792-91DE-8D57422C55EE}" = protocol=6 | dir=in | app=c:\spiele\schlacht um mittelerde\game.dat | 
"{9C3062C7-0353-44CF-ADBD-F3AE626AB97A}" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3x.exe | 
"{9C390541-6C9B-4A1D-B310-3C619C214824}" = protocol=6 | dir=in | app=c:\spiele\minecraft\minecraft 1.4\server\minecraft_server.exe | 
"{9DA1FB8D-6F5A-48FD-916E-8E7426009FB2}" = protocol=6 | dir=in | app=c:\spiele\league of legends\game\league of legends.exe | 
"{9DA4AFDB-9C11-4B1B-BA55-B491F783B94A}" = protocol=6 | dir=in | app=c:\spiele\league of legends\ace client\league of legends\game\league of legends.exe | 
"{A0F4312B-04CA-4B18-A2B3-B9560F004B77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1348B64-08C5-4311-89FB-37C9C8269725}" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\frozen throne.exe | 
"{A49DBAE0-91F1-4170-B08B-2DDBE34BC567}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{A4B6BBD3-BD00-490D-8813-3619322DBA92}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{AA1286C7-7AF3-485A-BA72-F5160D0607F7}" = protocol=17 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat | 
"{AA63D0B6-E9D1-46D8-BD2E-FD913CDC534B}" = protocol=6 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat | 
"{B3779BB1-B665-4945-BEFF-28216C2BFD7C}" = protocol=6 | dir=in | app=c:\spiele\gamespy\aphex.exe | 
"{B6EDECC1-2D56-4395-BBD3-02DE3BD9DC47}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BA1960B7-B800-4439-A14B-DA2E9410CA82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C05256D7-1F50-46C8-B693-A34835EF7A88}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{C1704507-1C84-4592-9646-21301BDF2EBE}" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3x.exe | 
"{C2BBD44A-79ED-433A-AC9D-30C992A0AE88}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C686EC1D-D2D1-46AC-BB20-0DD0704789CE}" = protocol=6 | dir=in | app=c:\program files (x86)\lavasoft\ad-aware\ad-aware.exe | 
"{D114D4E7-D4EE-4BC5-9418-E98362A39380}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{D16B5AFD-72AB-4F23-81A9-8479BECAA39B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D5A94B83-D720-4E21-B195-CE2CDFBD8383}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{D8F80788-B0F0-44A7-81D7-54AA2B0CAAD7}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{DB06D9D7-B983-4F96-A57E-C5B0F59D962B}" = protocol=6 | dir=in | app=c:\spiele\league of legends\lol.launcher.exe | 
"{DBDBBB85-5B8F-44B9-9DFB-7F6F27F48DE6}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{DF63DAE9-612A-45A1-8573-A9568CCCD1EA}" = protocol=17 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe | 
"{E2117690-7B26-4382-97BE-42E2FBCCEF72}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E226033F-83BE-4D44-8824-8B268E25AF05}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{E2D2D90E-1AAA-4882-86F0-FB8CAB5370AF}" = protocol=17 | dir=in | app=c:\spiele\medal of honor airborne\unrealengine3\binaries\moha.exe | 
"{E5D4889E-7251-425F-9E86-4C254424AF3A}" = protocol=6 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_launcher.exe | 
"{E64B945A-B9CB-4CD7-B974-BBA931B0F4AE}" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3y.exe | 
"{E734D64F-F7AD-4F85-AA54-FC0131DC73C3}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{E781B806-2A48-4F65-9723-2FB6C8CC85FB}" = protocol=6 | dir=in | app=c:\program files (x86)\ad-aware\ad-aware.exe | 
"{EC3365A6-9E58-4A28-920E-03A1F9F59667}" = protocol=17 | dir=in | app=c:\spiele\gta iv\rockstar games social club\rgsclauncher.exe | 
"{EC740130-0432-4842-8983-7AEE9209FF61}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{ECDAF734-6FDD-4535-B7D1-6650580BEE30}" = protocol=6 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe | 
"{ECEF3A29-C22B-47F2-A3B6-893D5B99A29A}" = protocol=17 | dir=in | app=c:\spiele\league of legends\ace client\league of legends\air\lolclient.exe | 
"{EE08211E-6648-4337-A2B8-0756BA4A0489}" = protocol=17 | dir=in | app=c:\users\fabian\downloads\sweetimsetup.exe | 
"{F090FDD4-A877-45B6-A3CE-40E29AB5D0CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F2EB7DBC-B71F-4E72-ADB9-34507F93F3D7}" = protocol=6 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat | 
"{F445A224-B194-491F-9A5D-780933473A0D}" = protocol=17 | dir=in | app=c:\spiele\gamespy\aphex.exe | 
"{F4D77455-3D32-4E76-8808-8E1641689B9C}" = protocol=6 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | 
"{F57F334E-C984-4944-9583-88E99B4AF487}" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\frozen throne.exe | 
"{F6F07F1C-5635-4D1C-B7BD-5E0EB00E7ED2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FA99B6CB-2989-4846-8489-6F5DA904BA84}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{FBFEE196-3EE8-469A-AB70-FDAAC3670DA4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FDCC61F3-BFFE-4779-8DE2-AF10D483C826}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{FE67A9FC-CB7C-4DB9-93EB-EEE26AEBAA56}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{FEE6904B-338E-44DA-9C34-98032DA47926}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"TCP Query User{05D3F2DE-5F1D-4CB9-A19D-85B9B063DB55}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe | 
"TCP Query User{0DBDC3FB-7E02-4C11-84B3-B1865F63B64B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{1148BFCA-E7C4-4C2D-80FC-D4D3E9149557}C:\spiele\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=c:\spiele\tom clancy's h.a.w.x\hawx.exe | 
"TCP Query User{11C0A4E7-FBD1-459B-8301-F27CA5A489B7}C:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"TCP Query User{18171FCD-516D-461F-A612-E1E6E5AC78A9}C:\program files\icq6,5\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6,5\icq6.5\icq.exe | 
"TCP Query User{1A81F1A5-AE91-47D4-AA31-11745AE201F5}C:\spiele\thq\reliccoh.exe" = protocol=6 | dir=in | app=c:\spiele\thq\reliccoh.exe | 
"TCP Query User{20862A1F-A243-4EC1-B12D-0F9456DE6EC6}C:\spiele\world of tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\spiele\world of tanks\worldoftanks.exe | 
"TCP Query User{23D90860-8D42-49CC-9B51-4146930CE1C8}C:\spiele\ageofempires2 englisch\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\ageofempires2 englisch\age2_x1.exe | 
"TCP Query User{271F4535-19FB-4991-8DE5-14F339ED9F6C}C:\spiele\flatout 2\flatout2.exe" = protocol=6 | dir=in | app=c:\spiele\flatout 2\flatout2.exe | 
"TCP Query User{28DA6B9F-CA68-4CF5-949E-20A35ACB1DBF}C:\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\spiele\gta iv\grand theft auto iv\gtaiv.exe | 
"TCP Query User{2B6DE577-E742-4B3C-9BD3-FE747DA7DA92}C:\spiele\flatout 2\flatout2.exe" = protocol=6 | dir=in | app=c:\spiele\flatout 2\flatout2.exe | 
"TCP Query User{2D8DF738-BF46-492B-BF4E-8A7D0CDFF34E}C:\spiele\thq\reliccoh.exe" = protocol=6 | dir=in | app=c:\spiele\thq\reliccoh.exe | 
"TCP Query User{36B77B25-EC32-4659-B87E-B5204AFF0556}C:\program files\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox\firefox.exe | 
"TCP Query User{36D7147A-F94A-4BA3-8F73-816177D46EFE}C:\spiele\warcraft\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft\war3.exe | 
"TCP Query User{37236AFD-3456-4734-B461-8A4889A51EF5}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{372B573A-747C-41C8-B776-B9A9CDF4191C}C:\spiele\flatout\flatout.exe" = protocol=6 | dir=in | app=c:\spiele\flatout\flatout.exe | 
"TCP Query User{3EB228CB-4D34-47FF-AD6E-1B5C8D5D9F12}C:\spiele\hdro\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\hdro\der herr der ringe online\lotroclient.exe | 
"TCP Query User{40952BE1-9798-4415-AB57-03A542EF5DEB}C:\spiele\aoeiii\age3.exe" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3.exe | 
"TCP Query User{431B175F-58DF-4CEA-8B7D-9D576E89E12B}C:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe | 
"TCP Query User{49180112-0E03-4E67-ADDE-E8331D5231E7}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{49A2BF60-6016-49C1-9CE9-C5831C2AA99A}C:\spiele\world of warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\spiele\world of warplanes\worldofwarplanes.exe | 
"TCP Query User{4B255099-CAEB-4296-884D-2E64757B69BD}C:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe" = protocol=6 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe | 
"TCP Query User{4BE6ED03-BCFC-4C02-849C-9095179EFC95}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"TCP Query User{4F2DA0A2-C2D5-4535-B0B9-6EB3899CAFAC}C:\spiele\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\spiele\age of conan\conanpatcher.exe | 
"TCP Query User{4FAE8C97-0146-4B70-81AA-C9A651E86BE2}C:\spiele\empire earth - zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\spiele\empire earth - zde\ee-aoc.exe | 
"TCP Query User{512F1569-9A39-4F96-B788-6C100D9188C0}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"TCP Query User{532D113D-8C8E-42C1-B14E-6B3879169683}C:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"TCP Query User{54A71D9C-626F-4FB7-8467-E23640240709}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{58737ED1-CBBE-4809-B7CD-D1CC1DA52DB2}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | 
"TCP Query User{5FCE15EC-CFAD-4C28-A184-8DEF3A48FB2F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{62213768-B03E-4FBB-A903-44FEF2FFF06C}C:\spiele\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\spiele\battlefield vietnam\bfvietnam.exe | 
"TCP Query User{6329D3FE-AFF6-45F3-88C0-A6419DEC8273}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe | 
"TCP Query User{65C973A8-6D3C-4464-B03F-6EB7CDDF103A}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=6 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe | 
"TCP Query User{6A276740-B662-4EA5-AF5F-E6BE9EBE8C1D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{6B6D83E9-1762-43D1-8334-B5007279E0A3}C:\spiele\der herr der ringe - die eroberung\conquest.exe" = protocol=6 | dir=in | app=c:\spiele\der herr der ringe - die eroberung\conquest.exe | 
"TCP Query User{6E425667-11D2-4C0D-9A73-1BB6B9F9A7DC}C:\program files\icq6,5\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6,5\icq6.5\icq.exe | 
"TCP Query User{725C5F7C-2570-4B03-87D1-0A6C37780EAB}C:\spiele\warcraft iii - the frozen throne crack\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne crack\war3.exe | 
"TCP Query User{76C7B38D-3512-4546-B5CC-9A1E0AD1F75B}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{78726115-B37B-43E7-9DAC-5F6CFC25AA2A}C:\spiele\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe | 
"TCP Query User{7B5ED082-8ECC-4184-BA84-7F32007D27EC}C:\program files (x86)\kathrein\dvrmanager\mfserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\mfserver.exe | 
"TCP Query User{7DC516DB-9806-4747-8935-968F62FB71A8}C:\spiele\aoeiii\age3y.exe" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3y.exe | 
"TCP Query User{80AF8CEC-7384-4B25-A4CA-1A51DEDFF7FC}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe | 
"TCP Query User{87AFF39B-1905-473B-8ECB-8BB666199083}C:\spiele\steam\steamapps\fabfaeb\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\fabfaeb\team fortress 2\hl2.exe | 
"TCP Query User{995D4841-A142-45A5-AF16-80176FD5B7A0}C:\users\fabian\desktop\lan\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\lan\call of duty 4\iw3mp.exe | 
"TCP Query User{9F84EC17-5330-4924-96FA-8E350745FF0E}C:\spiele\aoeiii\age3.exe" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3.exe | 
"TCP Query User{A4141EE7-2986-463B-9EAD-D95F82C9ED44}C:\program files (x86)\kathrein\dvrmanager\ufs922.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\ufs922.exe | 
"TCP Query User{AA63419B-E311-428D-83CB-B8CE22D7CC11}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=6 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe | 
"TCP Query User{AE315E35-461D-420C-BE4B-4B683B09C6CD}C:\spiele\der herr der ringe - die eroberung\conquest.exe" = protocol=6 | dir=in | app=c:\spiele\der herr der ringe - die eroberung\conquest.exe | 
"TCP Query User{AE73F02A-AC55-4AA0-9779-EEA88F51E89D}C:\users\fabian\appdata\local\temp\665da82604684076b967a875389e7746\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\fabian\appdata\local\temp\665da82604684076b967a875389e7746\relicdownloader.exe | 
"TCP Query User{B012DBF3-2007-4806-9CF7-A7E1F61F5EDE}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{B0332979-C8DE-45B0-8847-F285B38E6CE3}C:\spiele\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\spiele\fifa 09\fifa09.exe | 
"TCP Query User{B60665F1-401C-459F-AB55-515E65DFCC07}C:\spiele\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe | 
"TCP Query User{B906A000-AB2C-4851-AD9A-08989FEA41A3}C:\spiele\age of empires ii de\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii de\age2_x1.exe | 
"TCP Query User{C2DCF871-F6E6-496A-AA1B-8C429E065D37}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{C36F5AB7-7EA3-40E1-8750-B37CE90EF17E}C:\spiele\warcraft\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft\war3.exe | 
"TCP Query User{C6CE7081-9183-40F4-9145-CCC711827F6F}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"TCP Query User{D8E3B152-5C60-4AC0-8B04-CE6660C33E56}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe | 
"TCP Query User{E59E0DD2-A631-4F44-94D7-D0CED82B094C}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe | 
"TCP Query User{E5A47F50-6CFF-49C3-A78F-123318A8A9C9}C:\spiele\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | 
"TCP Query User{E63F8070-D263-490E-BB8B-1B27772408EA}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe | 
"TCP Query User{E99AE711-ED6D-4048-8384-2FB88A8BA6EC}C:\spiele\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{EFCEF204-AB00-4D75-B9EA-A2892D698447}C:\spiele\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=c:\spiele\call of duty 4\iw3mp.exe | 
"TCP Query User{F13838C2-96EA-4B86-B373-34142FD46373}C:\spiele\world of tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\spiele\world of tanks\wotlauncher.exe | 
"TCP Query User{FF7AC07D-3FEC-4D39-B2A7-A83490A35120}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{038A7618-501C-4FFE-87F3-81C124424708}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe | 
"UDP Query User{072D9219-F34C-4684-A137-26D1737A825F}C:\program files\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox\firefox.exe | 
"UDP Query User{083586AA-E3F8-4834-B5CE-D008F4F87F9A}C:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe | 
"UDP Query User{0A946031-9B0C-4A56-A47C-F36F369E0359}C:\spiele\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | 
"UDP Query User{17C06CCA-0601-42BF-B849-54BCEE06CD73}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=17 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe | 
"UDP Query User{1F4C36A5-B429-44FE-80F3-C5A7AB7D36CD}C:\users\fabian\appdata\local\temp\665da82604684076b967a875389e7746\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\fabian\appdata\local\temp\665da82604684076b967a875389e7746\relicdownloader.exe | 
"UDP Query User{294552DE-F50E-4F3A-85A3-F96EFED55D1D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{29D0A615-F336-4ED0-B38F-340B2F459637}C:\spiele\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=c:\spiele\call of duty 4\iw3mp.exe | 
"UDP Query User{2A0D87FD-6272-42F2-8D40-931B2617F149}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe | 
"UDP Query User{359A341E-8737-4F99-93D6-B1389071A459}C:\spiele\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\spiele\fifa 09\fifa09.exe | 
"UDP Query User{381BEA96-AFB3-43D9-9580-90774B284F5B}C:\program files (x86)\kathrein\dvrmanager\mfserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\mfserver.exe | 
"UDP Query User{387E2434-E030-4106-BEE5-334F18EE6765}C:\spiele\hdro\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\hdro\der herr der ringe online\lotroclient.exe | 
"UDP Query User{3A50A205-137B-48ED-A124-670DC61CE6AE}C:\program files (x86)\kathrein\dvrmanager\ufs922.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\ufs922.exe | 
"UDP Query User{405C4069-8AB5-4992-B1C8-6D00F6FA5CF9}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{4695F972-569C-4F6E-82B7-FEC6404AC371}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{4F696627-DF62-482C-84CB-221E53FECA97}C:\spiele\aoeiii\age3y.exe" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3y.exe | 
"UDP Query User{501C22E0-0827-4925-9045-D80EBE331B52}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"UDP Query User{535D9115-CE6A-410D-856C-E1B75269DC07}C:\spiele\flatout 2\flatout2.exe" = protocol=17 | dir=in | app=c:\spiele\flatout 2\flatout2.exe | 
"UDP Query User{553C6625-015A-4ECA-B3DA-F08ECA2D7552}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{5994D242-A7BE-45CF-9D13-653A865FA62A}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | 
"UDP Query User{5E7089A0-EE8D-4257-A682-1212AA89A97C}C:\spiele\aoeiii\age3.exe" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3.exe | 
"UDP Query User{5E7BB8E1-CE99-4672-9AEC-E628AF2E26E8}C:\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\spiele\gta iv\grand theft auto iv\gtaiv.exe | 
"UDP Query User{68FD82A4-FE6D-4A8C-BD04-9F0932237E4D}C:\spiele\age of empires ii de\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii de\age2_x1.exe | 
"UDP Query User{6B747647-13BD-4B84-B351-10143FC85A36}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe | 
"UDP Query User{6BD3A584-4E3C-499B-84F5-5510EF296205}C:\spiele\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\spiele\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{6D415A2F-7538-4A54-95F1-F2EC73AE5CB7}C:\spiele\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe | 
"UDP Query User{6E5C1C70-0C82-4D2B-93F1-107C99F0AE0D}C:\spiele\world of tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\spiele\world of tanks\worldoftanks.exe | 
"UDP Query User{757AD208-4534-4EE9-AEAF-78A93A2A838B}C:\spiele\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe | 
"UDP Query User{78A01A45-E10D-4132-B6CC-C68609575D45}C:\spiele\warcraft iii - the frozen throne crack\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne crack\war3.exe | 
"UDP Query User{7B710251-D681-4079-B192-33DE0D220D23}C:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe" = protocol=17 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe | 
"UDP Query User{7CD37E2D-F477-4148-AEBA-BD034F3D252C}C:\program files\icq6,5\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6,5\icq6.5\icq.exe | 
"UDP Query User{7CFDDFA1-7979-4BEB-B599-718665E6DA68}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{82639A9C-3DBB-4182-9AE9-D46097859EA7}C:\spiele\der herr der ringe - die eroberung\conquest.exe" = protocol=17 | dir=in | app=c:\spiele\der herr der ringe - die eroberung\conquest.exe | 
"UDP Query User{8552F42B-4BEB-4299-80E6-12A33DCC84D2}C:\spiele\steam\steamapps\fabfaeb\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\fabfaeb\team fortress 2\hl2.exe | 
"UDP Query User{869C5412-AC1E-42B9-B4C3-CBF8F338753A}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"UDP Query User{970DBDBA-9E24-4FD5-B621-E81267CC18B4}C:\spiele\flatout 2\flatout2.exe" = protocol=17 | dir=in | app=c:\spiele\flatout 2\flatout2.exe | 
"UDP Query User{97ADBECD-305C-4605-8BA4-2FBA1DAA4ABB}C:\spiele\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=c:\spiele\tom clancy's h.a.w.x\hawx.exe | 
"UDP Query User{9B19707B-F8F4-4E02-8A76-77CF28179797}C:\spiele\ageofempires2 englisch\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\ageofempires2 englisch\age2_x1.exe | 
"UDP Query User{A1F6F56A-AE66-4EFA-8E12-37F81D5BD9FA}C:\users\fabian\desktop\lan\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\lan\call of duty 4\iw3mp.exe | 
"UDP Query User{A8A2B691-A2CE-43D1-8945-FF1302537123}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{B0AFA62A-9E79-44F0-ADA9-5C699EDF3810}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{B8522E5F-48C5-4225-ABD5-C9BECC6A05EA}C:\spiele\world of warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\spiele\world of warplanes\worldofwarplanes.exe | 
"UDP Query User{BCBFA34B-696C-4BCA-AFB8-61EF6ECE71E2}C:\spiele\thq\reliccoh.exe" = protocol=17 | dir=in | app=c:\spiele\thq\reliccoh.exe | 
"UDP Query User{BF1965A3-203C-49BD-B478-FF87EB3CBB83}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe | 
"UDP Query User{BF3682F6-4FE2-4966-A05A-5F351745E65F}C:\spiele\empire earth - zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\spiele\empire earth - zde\ee-aoc.exe | 
"UDP Query User{C4F1A108-3821-45B9-9897-FA487945E04F}C:\spiele\der herr der ringe - die eroberung\conquest.exe" = protocol=17 | dir=in | app=c:\spiele\der herr der ringe - die eroberung\conquest.exe | 
"UDP Query User{C6DC7B0B-F496-4EA0-A317-A1B0FF60B42D}C:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"UDP Query User{C79553A7-59F4-4070-ADA4-F21EDE3B0CA0}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=17 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe | 
"UDP Query User{C9005B0A-BC02-475D-902B-E25FD3A7B8E0}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{C99EC000-AEC3-4355-8E03-FDEF11E1DDD0}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{CAB4A68D-2ADE-4748-8569-FF621F3B643D}C:\spiele\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\spiele\age of conan\conanpatcher.exe | 
"UDP Query User{D3E5BBBB-28F0-41E9-BF97-8A3B78F2DD13}C:\spiele\aoeiii\age3.exe" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3.exe | 
"UDP Query User{D733319F-E356-4795-8D05-B12A66C42701}C:\spiele\thq\reliccoh.exe" = protocol=17 | dir=in | app=c:\spiele\thq\reliccoh.exe | 
"UDP Query User{D84CE450-38A6-4859-96E1-EB29BDB78FEB}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe | 
"UDP Query User{D9E1F4F1-5CD8-476C-A5E6-F6F2B4352934}C:\program files\icq6,5\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6,5\icq6.5\icq.exe | 
"UDP Query User{DC6C9D59-E2BA-4EFE-882F-B9BD7F1CE7E5}C:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"UDP Query User{DE879294-C75F-41E6-803D-39503EE01E74}C:\spiele\warcraft\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft\war3.exe | 
"UDP Query User{DFBFD42D-0752-40AB-BB24-78FB78EBC089}C:\spiele\warcraft\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft\war3.exe | 
"UDP Query User{E8D3E7F7-D890-40EB-B924-8D36A6D0E47D}C:\spiele\world of tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\spiele\world of tanks\wotlauncher.exe | 
"UDP Query User{E8E03C03-140B-4527-B1F4-D3B9C844B121}C:\spiele\flatout\flatout.exe" = protocol=17 | dir=in | app=c:\spiele\flatout\flatout.exe | 
"UDP Query User{EA200AF7-639D-4F46-85C5-E4980DF3323A}C:\spiele\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{EB8872A3-63CA-45F6-845E-4D9402C92E6C}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{ED08691D-51BA-4340-BD02-F9E9875A8C4D}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe | 
"UDP Query User{FCE7BA74-8274-47B1-955F-DA1FF07BBD7B}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{19639A51-FCC5-40BA-9F07-D8292A07249B}" = VirtualCom driver
"{197985EE-73F2-B182-6AEB-21926621ED5D}" = ATI AVIVO64 Codecs
"{23170F69-40C1-2702-0457-000001000000}" = 7-Zip 4.57 (x64 edition)
"{249E9ED4-1C67-4DA5-9E39-F0F09AFD93B7}" = Logitech QuickCam
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"BullGuard" = BullGuard Backup
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"ffdshow64_is1" = ffdshow x64 v1.1.3721 [2011-01-07]
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"XviD MPEG-4 Video Codec_is1" = XviD v1.3.0 CVS
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03420F19-6E4C-4114-805E-8B465019FBB3}" = Jalbum
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1" = World of Warplanes
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{4676D76B-1BA9-4E4D-9615-72FEA5F6B007}" = Unified Remote
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Essentials 9
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Device
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8973631B-D3CE-4F74-8A72-F734D928B940}" = DVRManager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = EE-ZDE
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster für Battlefield Vietnam
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9046809-36B2-4A99-AD7F-C0C16AD773EC}" = TImeSpan Creator
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F6130A03-30EE-D4AD-63C8-E90F422C76C5}" = HydraVision
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = Catalyst Control Center
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.04.04.8012
"ACE LoL Client" = League of Legends - ACE Client
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Afterburner" = MSI Afterburner 2.2.1
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE 
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Blitzkrieg" = Blitzkrieg Mod
"BurnAware Free_is1" = BurnAware Free 2.3.8
"Calc 3D Pro_is1" = Calc 3D Pro Deutsch 2.1.10
"Canopus DV Codec" = Canopus DV Codec
"Company of Heroes" = Company of Heroes
"CrypTool" = CrypTool 1.4.30
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.6.2a
"DivX Setup" = DivX-Setup
"doubleTwist" = doubleTwist
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.3.5
"Firebird SQL Server D" = Firebird SQL Server (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 5.0.2.1125
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.11.508
"Free Midi Converter_is1" = Free Midi Converter version 1.0.0.0
"Free Video Dub_is1" = Free Video Dub version 2.0.8.508
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.1
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2
"GoldWave v5.06" = GoldWave v5.06
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hamachi" = Hamachi 1.0.1.5
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"League of Legends_is1" = League of Legends
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX Fotos auf CD & DVD 5.0 D" = MAGIX Fotos auf CD & DVD 5.0 (D)
"MAGIX Music Manager D" = MAGIX Music Manager (D)
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"Mastering Edition" = Steinberg Mastering Edition v1.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mp3tag" = Mp3tag v2.46a
"Notepad++" = Notepad++
"PCSUITE_INSPECTOR_PRO_is1" = PCSUITE INSPECTOR
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"RivaTuner" = RivaTuner v2.24
"Steam App 113400" = APB Reloaded
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steinberg Voice Designer v1.03" = Steinberg Voice Designer v1.03
"Steinberg VoiceMachine v1.0" = Steinberg VoiceMachine v1.0
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"TeamViewer 6" = TeamViewer 6
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"Video mp3 Extractor_is1" = Video mp3 Extractor
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"VobSub" = VobSub v2.23 (Remove Only)
"Warcraft III" = Warcraft III
"Warp VST V1.0" = Warp VST V1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.06.2012 04:29:57 | Computer Name = Fabians-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 11.06.2012 04:29:57 | Computer Name = Fabians-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.12.2012 09:09:45 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.12.2012 09:09:49 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.12.2012 09:09:51 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.12.2012 09:09:54 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.12.2012 09:10:04 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.12.2012 09:10:07 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.12.2012 09:10:10 | Computer Name = Fabians-PC | Source = Application Hang | ID = 1002
Description = Programm speedfan.exe, Version 4.37.0.236 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 14b0  Anfangszeit: 01cdd3b2f60b7579  Zeitpunkt der
 Beendigung: 8
 
Error - 06.12.2012 09:10:11 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 06.12.2012 13:29:29 | Computer Name = Fabians-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = 
 
Error - 06.12.2012 13:30:25 | Computer Name = Fabians-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um -15292918 
Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal
 -54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone
 korrekt sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.15:123)
 funktionsfähig ist.
 
Error - 06.12.2012 13:30:34 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.12.2012 13:30:36 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.12.2012 13:34:21 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 06.12.2012 13:34:21 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.12.2012 13:38:32 | Computer Name = Fabians-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um -15292918 
Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal
 -54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone
 korrekt sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.13:123)
 funktionsfähig ist.
 
Error - 13.06.2012 07:07:57 | Computer Name = Fabians-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = 
 
Error - 13.06.2012 07:08:39 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.06.2012 07:08:43 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
Ich habe ein 64bit System und kann daher keinen gmer/etc log anhängen.



Ich hoffe ihr werdet nicht fündig und bedanke mich schon jetzt einmal!

lG
Fabian

Alt 14.06.2012, 07:50   #2
kira
/// Helfer-Team
 
Bin ich infiziert? - Standard

Bin ich infiziert?



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware von hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
nur prüfen!

MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

4.
Mache bitte ein Rechtsklick auf den AntiVir-Schirm in der Taskleiste → AntiVir startenÜbersicht Ereignisse
jeden Fund markieren → Rechtsklick auf Funde → Ereignis(se) exportieren
und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten.

► Wenn komplette Scanergebnis von Antivir vorliegt bzw gespeichert hast, bitte auch posten!

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 14.06.2012, 08:02   #3
FabFaeb
 
Bin ich infiziert? - Standard

Bin ich infiziert?



Hallo Kira!
Danke schon jetzt für deine Hilfe, aber ich habe noch eine Frage:
Malwarebytes konnte ich gestern (nach mehrfachem Versuch) nicht updaten - daher nutze ich nun SuperAntiSpyware - ist dir ein Log davon auch recht?
AntiVir habe ich gestern gegen Avast! getauscht - selbe Frage: Geht der Log hiervon auch?
Reiche dann alles so schnell als möglich nach.

lG
Fabian
__________________

Alt 14.06.2012, 08:44   #4
kira
/// Helfer-Team
 
Bin ich infiziert? - Standard

Bin ich infiziert?



Zitat:
Malwarebytes konnte ich gestern (nach mehrfachem Versuch) nicht updaten - daher nutze ich nun SuperAntiSpyware - ist dir ein Log davon auch recht?
Ja...
Zitat:
AntiVir habe ich gestern gegen Avast! getauscht - selbe Frage: Geht der Log hiervon auch?
wo Funde gibt...was genau gefunden und vor allem wo?
wenn Avast keine Funde gemeldet, dann ist nix...
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 14.06.2012, 14:37   #5
FabFaeb
 
Bin ich infiziert? - Standard

Bin ich infiziert?



Okay, dann hier mal der Bericht:

Der SUPERAntiSpyware Scan Log:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/14/2012 at 02:37 PM

Application Version : 5.1.1002

Core Rules Database Version : 8733
Trace Rules Database Version: 6545

Scan type       : Complete Scan
Total Scan Time : 01:16:32

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 873
Memory threats detected   : 0
Registry items scanned    : 70312
Registry threats detected : 0
File items scanned        : 101715
File threats detected     : 5

Trojan.Agent/Gen-Downloader
	C:\PROGRAM FILES (X86)\CRYPTOOL\UNINSTALL.EXE
	C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CRYPTOOL\DEINSTALLIEREN.LNK

Adware.Tracking Cookie
	accounts.google.com [ C:\USERS\FABIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\FABIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	wstat.wibiya.com [ C:\USERS\FABIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
         
Avast meldete heute Nacht bei einer Startzeitüberprüfung "PUP: Win32:PUP-gen [PUP]" in einer "solidcore32.dll" in einem Spiel.

install Log von CCleaner:
Code:
ATTFilter
3DMark06	Futuremark	17.01.2009	1.279MB	1.1.0
7-Zip 4.57 (x64 edition)	Igor Pavlov	14.08.2008	3,71MB	4.57.00.0
Adobe AIR	Adobe Systems Inc.	06.11.2010	28,4MB	2.5.0.16600
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	27.04.2012		11.2.202.233
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	22.10.2011	31,5MB	11.0.1.152
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	11.04.2012	121,0MB	10.1.3
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	28.12.2010		11.5.9.615
Age of Empires III	Microsoft Game Studios	30.01.2009	2.961MB	1.00.0000
Age of Empires III - The Asian Dynasties	Microsoft Game Studios	19.06.2009	3.768MB	1.00.0000
Age of Empires III - The WarChiefs	Microsoft Game Studios	30.01.2009	2.961MB	1.00.0000
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	15.12.2011	26,2MB	3.0.855.0
ANNO 2070	Ubisoft	13.04.2012	5.619MB	1.0.0.0
APB Reloaded		09.12.2011	5.341MB	
Apple Application Support	Apple Inc.	30.10.2009	32,2MB	1.0.1
Apple Mobile Device Support	Apple Inc.	30.10.2009	40,8MB	2.6.0.32
Apple Software Update	Apple Inc.	24.12.2008	2,16MB	2.1.1.116
Audacity 1.2.6		18.07.2009	8,43MB	
Audiograbber 1.83 SE	Audiograbber Deutschland			1.83 SE 
Aufstieg des Hexenkönigs™		14.08.2008	2.930MB	
Auto Gordian Knot 2.55	len0x	18.11.2010	36,3MB	2.55
Avanquest update	Avanquest Software	14.06.2009	2,48MB	1.12
avast! Free Antivirus	AVAST Software	12.06.2012	237MB	7.0.1426.0
AviSynth 2.5		18.11.2010	24,3MB	
Battlefield Vietnam(TM)		17.08.2009	1.677MB	
Blitzkrieg Mod	HQ-CoH.com	27.06.2010		2.0.0.3
Bonjour	Apple Inc.	31.10.2009	0,60MB	1.0.106
BullGuard Backup	BullGuard Ltd.	10.06.2012	33,9MB	10
BurnAware Free 2.3.8	Burnaware Technologies	01.08.2009	12,7MB	
Calc 3D Pro Deutsch 2.1.10		16.12.2011	10,6MB	2.1.10
Call of Duty(R) 4 - Modern Warfare(TM)	Activision	28.08.2008	6.610MB	1.7
Canopus DV Codec		10.01.2011	4,00KB	
CCleaner	Piriform	22.05.2012	9,68MB	3.19
Company of Heroes	THQ Inc.	28.09.2011	7.932MB	2.602.0
CrypTool 1.4.30		08.12.2010	95,5MB	1.4.30
CrystalDiskInfo 4.6.2a	Crystal Dew World	05.06.2012	3,38MB	4.6.2a
Der Herr der Ringe Online v03.04.04.8012	Turbine, Inc.	21.01.2012	9.568MB	03.04.04.8012
Die Schlacht um Mittelerde™ II		14.08.2008	8.173MB	
DivX-Setup	DivX, LLC	16.12.2011	3,43MB	2.6.1.3
doubleTwist	doubleTwist Corporation	03.05.2012	56,3MB	3.2.1.14961
Driver Sweeper Version 3.2.0	Phyxion.net	15.12.2011	13,1MB	3.2.0
Dropbox	Dropbox, Inc.	22.09.2011	26,3MB	1.1.45
DVD Decrypter (Remove Only)		20.12.2008	0,91MB	
DVD Shrink 3.2	DVD Shrink	22.03.2009	0,97MB	
DVRManager		14.11.2010	3,91MB	
EE-ZDE		28.12.2010	5,29MB	
Empire Earth		28.12.2010	398MB	
Fallout 3	Bethesda Softworks	27.06.2009	5.863MB	1.00.0000
ffdshow [rev 2527] [2008-12-19]		07.12.2011	15,6MB	1.0
ffdshow x64 v1.1.3721 [2011-01-07]		10.01.2011	11,5MB	1.1.3721.0
FIFA 09	Electronic Arts	28.12.2009	5.635MB	1.0.1.1
FileZilla Client 3.3.5		20.11.2010	12,0MB	3.3.5
Firebird SQL Server (D)		16.11.2008	5,49MB	1.5.2.4732
Fix-It Essentials 9	Avanquest North America, Inc.	15.06.2009	65,6MB	9.0.3.9
Free Audio CD Burner version 1.4.7	DVDVideoSoft Limited.	15.04.2011	2,58MB	
Free Audio Converter version 5.0.2.1125	DVDVideoSoft Ltd.	25.11.2011	7,70MB	
Free AVI Video Converter version 5.0.11.508	DVDVideoSoft Ltd.	26.05.2012	14,5MB	5.0.11.508
Free Midi Converter version 1.0.0.0	Piston Software	16.07.2009	1,09MB	1.0.0.0
Free Video Dub version 2.0.8.508	DVDVideoSoft Ltd.	26.05.2012	12,8MB	2.0.8.508
Free Video to Flash Converter version 4.1	DVD Video Soft Limited.	15.09.2008	12,0MB	
Free YouTube Download 2.3	DVDVideoSoft Limited.	18.12.2009	2,87MB	
Free YouTube to MP3 Converter version 3.11.22.508	DVDVideoSoft Ltd.	09.05.2012	3,00MB	3.11.22.508
Freemake Video Converter Version 3.0.2	Ellora Assets Corporation	23.03.2012	46,4MB	3.0.2
GoldWave v5.06		06.06.2012	4,63MB	
Google Chrome	Google Inc.	06.12.2011	175,6MB	19.0.1084.56
Google Earth Plug-in	Google	16.11.2011	40,9MB	6.1.0.5001
Grand Theft Auto IV	Rockstar Games	09.08.2009	15.342MB	1.00.0000
Guitar Pro 5.2	Arobas Music	29.09.2008	306MB	
Half-Life 2	Valve	11.11.2011	701MB	
Half-Life 2: Episode One	Valve	11.11.2011	524MB	
Half-Life 2: Episode Two	Valve	11.11.2011	424MB	
Hamachi 1.0.1.5		29.06.2010		
HD Tune 2.55	EFD Software	10.06.2012		
HijackThis 2.0.2	TrendMicro	07.10.2008	0,39MB	2.0.2
ICQ7.2	ICQ	04.07.2010	47,4MB	7.2
ImgBurn	LIGHTNING UK!	25.11.2011	2,13MB	2.5.6.0
IrfanView (remove only)	Irfan Skiljan	13.06.2010	11,5MB	4.27
iTunes	Apple Inc.	30.10.2009	133,7MB	9.0.2.25
Jalbum	Jalbum AB	17.06.2010	19,4MB	8.9.1
Java(TM) 6 Update 18	Sun Microsystems, Inc.	16.04.2010	97,1MB	6.0.180
Java(TM) 6 Update 31	Oracle	22.02.2012	95,1MB	6.0.310
Java(TM) 6 Update 7	Sun Microsystems, Inc.	14.08.2008	136,2MB	1.6.0.70
League of Legends		24.09.2010	2.519MB	
League of Legends - ACE Client	ACE Client Team & Riot Games	02.04.2011	2.133MB	
Logitech Gaming Software 8.12	Logitech Inc.	16.12.2011	28,7MB	8.12.030
Logitech QuickCam	Logitech Inc.	13.01.2009	27,7MB	11.80.1065
MAGIX Foto Manager 2006 (D)	MAGIX AG	14.09.2009	40,9MB	3.0.1.78
MAGIX Fotos auf CD & DVD 5.0 (D)	MAGIX AG	14.09.2009	722MB	5.0.2.0
MAGIX Music Manager (D)	MAGIX AG	16.11.2008	24,2MB	1.1.1.692
MAGIX Online Druck Service	Silverwire Software GmbH	14.09.2009	6,38MB	
Microsoft .NET Framework 1.1		08.02.2011		
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	24.03.2009	42,1MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	10.03.2009	32,4MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	19.07.2010	189,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	19.07.2010	46,5MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	06.02.2011	46,4MB	4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	06.02.2011	12,0MB	4.0.30319
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	06.05.2011	31,3MB	3.5.88.0
Microsoft Games for Windows Marketplace	Microsoft Corporation	07.05.2011	6,04MB	3.5.50.0
Microsoft Picture It! Foto Premium 9	Microsoft Corporation	01.01.2009	99,9MB	9.0.0.0000
Microsoft Silverlight	Microsoft Corporation	18.05.2012	301MB	5.1.10411.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	27.06.2009	1,74MB	3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	27.06.2009	0,61MB	1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	28.06.2009	1,45MB	1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	28.07.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	11.12.2011	2,62MB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	08.04.2012	0,69MB	8.0.61000
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	18.04.2010	0,21MB	9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	29.07.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	22.04.2011	0,77MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	21.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	16.04.2010	2,52MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	09.12.2010	0,76MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	14.06.2011	0,76MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218	Microsoft Corporation	17.04.2010	0,22MB	9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	20.03.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	13.06.2012	0,22MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	14.06.2011	0,58MB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	11.09.2011	13,7MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	12.12.2011	15,0MB	10.0.40219
Mp3tag v2.46a	Florian Heidenreich	30.07.2010	5,03MB	v2.46a
MSI Afterburner 2.2.1	MSI Co., LTD	31.05.2012	46,7MB	2.2.1
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	14.08.2008	1,27MB	4.20.9848.0
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	14.08.2008	1,27MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	12.11.2008	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,34MB	4.20.9876.0
Nero Online Upgrade		14.08.2008		
Nero StartSmart OEM		14.08.2008		
Notepad++		29.03.2009	6,09MB	5.3.1
NVIDIA Drivers	NVIDIA Corporation	20.07.2011	3.090MB	1.3
NVIDIA ForceWare Network Access Manager		05.10.2010		
NVIDIA PhysX	NVIDIA Corporation	11.12.2011	75,8MB	9.10.0129
OpenOffice.org 3.2	OpenOffice.org	17.04.2010	373MB	3.2.9483
Overlord	Codemasters	18.08.2009	3.654MB	1.00.0606
Pando Media Booster	Pando Networks Inc.	20.01.2012	7,05MB	2.6.0.1
PC Connectivity Solution	Nokia	30.05.2010	17,6MB	8.47.7.0
PCSUITE INSPECTOR	Markement GmbH	10.06.2012	24,4MB	
Portal	Valve	11.11.2011	287MB	
PunkBuster für Battlefield Vietnam		17.08.2009	1.677MB	
PunkBuster Services	Even Balance, Inc.	11.12.2011		0.991
QuickTime	Apple Inc.	31.10.2009	76,5MB	7.64.17.73
RealPlayer	RealNetworks	20.05.2012	91,5MB	15.0.4
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	17.01.2012	11,6MB	6.0.1.6526
RivaTuner v2.24	Alexey Nicolaychuk	11.04.2009	28,0MB	v2.24
Rockstar Games Social Club	Rockstar Games	09.08.2009	1,89MB	1.00.0000
Samsung Master	Samsung	24.12.2009	161,0MB	1.1.14
SAMSUNG Mobile Composite Device Software		31.05.2010	0,14MB	
Samsung Mobile Modem Device Software		31.05.2010	0,14MB	
SAMSUNG Mobile Modem Driver Set		31.05.2010		
SAMSUNG Mobile Modem V2 Software		31.05.2010		
Samsung Mobile phone USB driver Software		31.05.2010	0,14MB	
SAMSUNG Mobile USB Device	SAMSUNG	31.05.2010	0,13MB	1.00.0000
SAMSUNG Mobile USB Download Driver Software		31.05.2010	2,59MB	
SAMSUNG Mobile USB Modem 1.0 Software		31.05.2010	0,14MB	
Samsung Mobile USB Modem Device Software		31.05.2010	0,14MB	
SAMSUNG Mobile USB Modem Software		31.05.2010	0,14MB	
SAMSUNG SYMBIAN USB Download Driver	SAMSUNG Electronics CO,.LTD	31.05.2010	2,59MB	1.1.808.7165
SAMSUNG USB Driver for Mobile Phones	SAMSUNG Electronics Co., Ltd.	30.05.2010	29,6MB	1.3.350.0
SAMSUNG USB Mobile Device Software		31.05.2010	0,14MB	
SamsungConnectivityCableDriver	Samsung	31.05.2010	0,72MB	6.83.6.2.1
Skype Toolbars	Skype Technologies S.A.	25.04.2010	5,25MB	1.0.4051
Skype™ 4.2	Skype Technologies S.A.	26.04.2010	31,8MB	4.2.158
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	24.11.2011	29,7MB	9.0.0
Star Wars Battlefront II	LucasArts	03.09.2008	4.405MB	1.0
Steam	Valve	12.11.2011	24,4MB	1.0.0.0
Steinberg Mastering Edition v1.0		18.07.2009	7,84MB	
Steinberg Voice Designer v1.03		18.07.2009		
Steinberg VoiceMachine v1.0		18.07.2009		
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49	eRightSoft	23.09.2011	56,0MB	v2011.build.49
SUPER © Version 2008.bld.33 (Sep 2, 2008)	eRightSoft	24.12.2008	2.521MB	Version 2008.bld.33 (Sep 2, 2008)
SUPERAntiSpyware	SUPERAntiSpyware.com	12.06.2012	121,5MB	5.1.1002
Team Fortress 2	Valve	11.11.2011	847MB	
TeamSpeak 3 Client	TeamSpeak Systems GmbH	08.12.2010	37,8MB	
TeamViewer 6	TeamViewer GmbH	16.12.2010	37,1MB	6.0.9947
TI Connect 1.6	Texas Instruments Incorporated	07.02.2011	28,0MB	1.6
TI NoteFolio Creator	Texas Instruments Incorporated	07.02.2011	4,01MB	1.1.0.276
TImeSpan Creator	Texas Instruments Incorporated	06.02.2011	4,10MB	1.1.0.269
Tom Clancy's Rainbow Six Vegas	Ubisoft	23.06.2009	6.366MB	1.06.000
Tunngle beta	Tunngle.net GmbH	22.05.2011	8,32MB	
Ubisoft Game Launcher	UBISOFT	13.04.2012	36,1MB	1.0.0.0
Unified Remote	Unified Remote	02.04.2012	1,95MB	2.3.0.0
Uninstall 1.0.0.1		15.04.2011	16,4MB	
Unity Web Player	Unity Technologies ApS	21.02.2012	0,20MB	
Video mp3 Extractor	GeoVid	22.11.2008	2,38MB	
Virtual DJ - Atomix Productions		09.09.2009	19,1MB	
VirtualCloneDrive	Elaborate Bytes	06.04.2012	2,37MB	
VirtualCom driver	ait	30.05.2010	0,92MB	1.0.0
VLC media player 1.1.5	VideoLAN	14.11.2010	49,1MB	1.1.5
VobSub v2.23 (Remove Only)		18.11.2010	0,38MB	
Warcraft III	Blizzard Entertainment	02.07.2009	1.274MB	
Warp VST V1.0		18.07.2009		
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)	Texas Instruments Inc.	06.02.2011		06/11/2009 1.0.0.0
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)	Texas Instruments Inc.	06.02.2011		09/02/2009 1.0.0.1
Windows Live Essentials	Microsoft Corporation	27.06.2009	139,4MB	14.0.8064.0206
Windows Live ID Sign-in Assistant	Microsoft Corporation	16.11.2010	8,12MB	6.500.3165.0
Windows Live Sync	Microsoft Corporation	27.06.2009	2,80MB	14.0.8064.206
Windows Live-Uploadtool	Microsoft Corporation	28.06.2009	0,22MB	14.0.8014.1029
Windows Media Player Firefox Plugin	Microsoft Corp	14.08.2008	0,29MB	1.0.0.8
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia	30.05.2010	13,7MB	08/22/2008 7.0.0.0
World of Warplanes	Wargaming.net	07.06.2012	8.637MB	
Xfire (remove only)		14.08.2008	14,0MB	
XviD MPEG4 Video Codec (remove only)		18.11.2010	44,00KB	
XviD v1.3.0 CVS	Celtic Druid	10.01.2011	0,66MB
         
aswMBR Log:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-14 15:10:43
-----------------------------
15:10:43.324    OS Version: Windows x64 6.0.6002 Service Pack 2
15:10:43.324    Number of processors: 2 586 0xF0B
15:10:43.324    ComputerName: FABIANS-PC  UserName: Fabian
15:10:44.644    Initialize success
15:10:44.691    AVAST engine defs: 12061400
15:10:56.025    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
15:10:56.031    Disk 0 Vendor: ST340062 3.AA Size: 381554MB BusType: 3
15:10:56.053    Disk 0 MBR read successfully
15:10:56.055    Disk 0 MBR scan
15:10:56.057    Disk 0 Windows VISTA default MBR code
15:10:56.071    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       281552 MB offset 2048
15:10:56.095    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        50000 MB offset 576620544
15:10:56.115    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        50000 MB offset 679020544
15:10:56.180    Disk 0 scanning C:\Windows\system32\drivers
15:11:05.561    Service scanning
15:11:12.110    Service GMSIPCI G:\INSTALL\GMSIPCI.SYS **LOCKED** 21
15:11:25.988    Modules scanning
15:11:25.992    Disk 0 trace - called modules:
15:11:26.345    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys 
15:11:26.348    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004daa790]
15:11:26.350    3 CLASSPNP.SYS[fffffa600124dc33] -> nt!IofCallDriver -> [0xfffffa8004b9de40]
15:11:26.354    5 acpi.sys[fffffa60008f7fde] -> nt!IofCallDriver -> \Device\00000065[0xfffffa8004bee060]
15:11:27.664    AVAST engine scan C:\Windows
15:11:43.467    AVAST engine scan C:\Windows\system32
15:14:41.219    AVAST engine scan C:\Windows\system32\drivers
15:14:53.555    AVAST engine scan C:\Users\Fabian
15:36:24.098    AVAST engine scan C:\ProgramData
15:39:54.090    Scan finished successfully
15:40:54.153    Disk 0 MBR has been saved successfully to "C:\Users\Fabian\Desktop\MBR.dat"
15:40:54.156    The log file has been saved successfully to "C:\Users\Fabian\Desktop\aswMBR.txt"
         
Wichtig wäre mir noch, ob meine externe (backup) Festplatte sauber ist - dann würde mir auch ein Neu-Aufsetzen des Systems nichts ausmachen. Wie gehe ich da am besten auf Nummer sicher?
Nochmals danke für deine Hilfe!

lG
Fabian


Geändert von FabFaeb (14.06.2012 um 14:48 Uhr)

Alt 14.06.2012, 14:42   #6
kira
/// Helfer-Team
 
Bin ich infiziert? - Standard

Bin ich infiziert?



Zitat:
Zitat von FabFaeb Beitrag anzeigen
Wichtig wäre mir noch, ob meine externe (backup) Festplatte sauber ist...
werden wir es noch prüfen
__________________
--> Bin ich infiziert?

Alt 14.06.2012, 14:47   #7
FabFaeb
 
Bin ich infiziert? - Standard

Bin ich infiziert?



Habe den aswMBR-Log in den vorigen Beitrag editiert.

Alt 14.06.2012, 15:04   #8
kira
/// Helfer-Team
 
Bin ich infiziert? - Standard

Bin ich infiziert?



1.
Zitat:
Spybot
- würde ich nicht mehr empfehlen, er bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"...
► Falls Du doch es behalten möchtest:
Stelle bitte den TeaTimer ab:
Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident.
Deaktiviere hier den "Resident TeaTimer aktiv".
(Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben!

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=&src=crm&q={searchTerms}&locale=
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{44ce4474-5eb5-11df-808d-0019db617af5}\Shell - "" = AutoRun
O33 - MountPoints2\{44ce4474-5eb5-11df-808d-0019db617af5}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{44ef1771-54ec-11e1-9c8e-0019db617af5}\Shell - "" = AutoRun
O33 - MountPoints2\{44ef1771-54ec-11e1-9c8e-0019db617af5}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchBFII.exe
O33 - MountPoints2\{da2928a5-a1ee-11de-8526-0019db617af5}\Shell - "" = AutoRun
O33 - MountPoints2\{da2928a5-a1ee-11de-8526-0019db617af5}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\Shell - "" = AutoRun
O33 - MountPoints2\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
[2012.06.13 13:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.13 13:19:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-459657788-2412600428-1289256178-1000UA.job
[2012.06.13 13:08:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.12 18:19:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-459657788-2412600428-1289256178-1000Core.job
@Alternate Data Stream - 752 bytes -> C:\Users\Fabian\Documents\MSP Expo, certified.eml:OECustomProperty

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6DE6B1A0-2172-406E-913A-CFFC87D5C576}" =-

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

3.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " für 64 Bit: Java(TM) 7 Update 4 - von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

4.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

5.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

6.
ALTE VERSION!!!:
Code:
ATTFilter
Logfile of HijackThis 2.0.2 
         
Die neue Version gibt es hier:
also lösche/deinstalliere HijackThis "2.0.2." und lade Dir erneut von hier TrendMicro™ HijackThis™/Version 2.0.4 herunter, poste das neue Logfile
- Keine offenen Fenster, solang bis HijackThis läuft!!

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

8.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

9.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 14.06.2012, 18:58   #9
FabFaeb
 
Bin ich infiziert? - Standard

Bin ich infiziert?



So, habe all deine Schritte befolgt.
1.) Spybot habe ich ja gestern durch SUPERAntiSpyware ersetzt.

2.) Der OTL Fixed Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\*.update\ deleted successfully.
Invalid CLSID key: *.update
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\*.update\ not found.
Invalid CLSID key: *.update
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ce4474-5eb5-11df-808d-0019db617af5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ce4474-5eb5-11df-808d-0019db617af5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ce4474-5eb5-11df-808d-0019db617af5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ce4474-5eb5-11df-808d-0019db617af5}\ not found.
File "H:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef1771-54ec-11e1-9c8e-0019db617af5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef1771-54ec-11e1-9c8e-0019db617af5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef1771-54ec-11e1-9c8e-0019db617af5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef1771-54ec-11e1-9c8e-0019db617af5}\ not found.
File H:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\ not found.
File G:\LaunchBFII.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da2928a5-a1ee-11de-8526-0019db617af5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da2928a5-a1ee-11de-8526-0019db617af5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da2928a5-a1ee-11de-8526-0019db617af5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da2928a5-a1ee-11de-8526-0019db617af5}\ not found.
File N:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\ not found.
File "I:\WD SmartWare.exe" autoplay=true not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-459657788-2412600428-1289256178-1000UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-459657788-2412600428-1289256178-1000Core.job moved successfully.
ADS C:\Users\Fabian\Documents\MSP Expo, certified.eml:OECustomProperty deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6DE6B1A0-2172-406E-913A-CFFC87D5C576} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DE6B1A0-2172-406E-913A-CFFC87D5C576}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
C:\Users\Fabian\Desktop\cmd.bat deleted successfully.
C:\Users\Fabian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Fabian
->Temp folder emptied: 2425943204 bytes
->Temporary Internet Files folder emptied: 3695023 bytes
->Java cache emptied: 3251583 bytes
->Google Chrome cache emptied: 174146913 bytes
->Flash cache emptied: 60117 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59367355 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 32319201 bytes
 
Total Files Cleaned = 2.574,00 mb
 
 
OTL by OldTimer - Version 3.2.48.0 log created on 06142012_161456

Files\Folders moved on Reboot...
File\Folder C:\Users\Fabian\AppData\Local\Temp\etilqs_NlbdLmziYGIp9uF not found!
File\Folder C:\Users\Fabian\AppData\Local\Temp\etilqs_oQ9bGJVIfTTaE2g not found!
File\Folder C:\Users\Fabian\AppData\Local\Temp\etilqs_OrUjr9v5ooleJHW not found!
File\Folder C:\Users\Fabian\AppData\Local\Temp\etilqs_ZBbYPVGLViwSW6O not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
3.) Java ist aktualisiert.

4.) Alles klar.

5.) System ist bereinigt.

6.) Neue HijackThis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:21:05, on 14.06.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19272)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\conime.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O15 - Trusted Zone: hxxp://download.windowsupdate.com
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\Program Files\Common\Database\bin\fbserver.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PCSUITE INSPECTOR Service (PCSUITEINSPECTORSVC) - Markement - C:\Program Files (x86)\Festplattentools\PCSUITE INSPECTOR\inspectorsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12843 bytes
         
7.) Ist ein Autorun auch schon dann, wenn ich nur gefragt werde was ich mit dem eingelegten Medium tun möchte?

8.)
Eset findet 2 infizierte Dateien "a variant of Win32/Kryptik.FNT trojan":
Code:
ATTFilter
C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS5158974E2D28401893357694C2974746_9_0_3_9.MSI	a variant of Win32/Kryptik.FNT trojan	deleted - quarantined
C:\Program Files (x86)\Fix It 09\W32Int13.dll	a variant of Win32/Kryptik.FNT trojan	cleaned by deleting - quarantined
         
9.)
Siehe nächster Post.

Geändert von FabFaeb (14.06.2012 um 19:54 Uhr)

Alt 14.06.2012, 19:51   #10
FabFaeb
 
Bin ich infiziert? - Standard

Bin ich infiziert?



OTL.txt:
Code:
ATTFilter
OTL logfile created on: 14.06.2012 20:24:18 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Fabian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 38,15% Memory free
8,20 Gb Paging File | 5,33 Gb Available in Paging File | 65,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274,95 Gb Total Space | 35,38 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 10,04 Gb Free Space | 20,56% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,05 Gb Free Space | 32,86% Space Free | Partition Type: NTFS
Drive R: | 1397,26 Gb Total Space | 1163,74 Gb Free Space | 83,29% Space Free | Partition Type: NTFS
 
Computer Name: FABIANS-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.14 16:13:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
PRC - [2012.05.21 23:19:17 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\real\realplayer\Update\realsched.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.03.04 12:59:58 | 000,232,032 | ---- | M] (Unified Intents AB) -- C:\Program Files (x86)\Unified Remote\RemoteServer.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.12 19:50:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.23 16:08:20 | 005,108,624 | ---- | M] (Markement) -- C:\Program Files (x86)\Festplattentools\PCSUITE INSPECTOR\inspectorsvc.exe
PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Programme\Tunngle\TnglCtrl.exe
PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008.07.26 09:25:36 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 09:13:37 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012.06.14 09:13:26 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012.06.07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
MOD - [2012.06.07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012.06.07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012.06.07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012.06.07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012.06.07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012.06.07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012.05.12 13:35:06 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll
MOD - [2012.05.12 13:33:17 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
MOD - [2012.05.12 09:23:06 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012.05.12 09:23:01 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012.05.12 09:23:01 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.12 09:22:56 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012.05.12 09:22:51 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.12 09:22:45 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.10 05:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.05.01 08:51:14 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc)
SRV - [2012.06.11 10:17:00 | 000,161,112 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Programme\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe -- (BgRaSvc)
SRV - [2012.06.11 10:15:11 | 000,269,656 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard Backup\BsMain.dll -- (BsMain)
SRV - [2012.06.11 10:11:59 | 000,409,944 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2012.04.28 11:14:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.02 20:54:10 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.12 19:50:25 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.23 16:08:20 | 005,108,624 | ---- | M] (Markement) [Auto | Running] -- C:\Program Files (x86)\Festplattentools\PCSUITE INSPECTOR\inspectorsvc.exe -- (PCSUITEINSPECTORSVC)
SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Programme\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.05.04 04:33:54 | 009,241,088 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\SAMSUNG\Kies\WiselinkPro\WiselinkPro.exe -- (KiesAllShare)
SRV - [2010.05.01 08:50:00 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.18 14:43:24 | 000,161,048 | ---- | M] (Avanquest North America, Inc.) [Disabled | Stopped] -- C:\PROGRA~2\FIXIT0~1\MXTask.exe -- (Fix-It Essentials Task Manager)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.26 09:25:24 | 000,187,928 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2008.07.26 09:23:54 | 000,255,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer)
SRV - [2005.08.10 14:26:14 | 001,527,900 | ---- | M] (The Firebird Project) [On_Demand | Stopped] -- C:\Programme\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 01:02:05 | 000,043,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.17 12:14:04 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011.12.17 12:14:04 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011.12.17 12:13:50 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011.11.10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.10 04:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.17 19:40:40 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.07.27 20:48:14 | 000,014,952 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.30 18:07:06 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.05.06 12:28:18 | 000,036,256 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.05.06 12:28:16 | 000,159,136 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.05.06 12:28:16 | 000,125,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010.05.06 12:28:16 | 000,016,800 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.05.01 08:51:14 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009.10.05 09:29:46 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.09.03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009.08.28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.06.24 21:52:37 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.30 23:01:36 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.04.30 22:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009.04.30 22:55:48 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.08.16 20:56:09 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2008.08.16 20:56:09 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2008.07.26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 09:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2008.07.26 09:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2007.08.20 11:05:02 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2007.08.08 18:54:12 | 000,035,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool)
DRV:64bit: - [2006.10.10 04:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.05.01 08:50:00 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009.10.05 09:29:46 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.08.18 22:31:29 | 000,012,400 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
DRV - [2009.04.12 14:23:12 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\oc u. ähnliches\Rivatuner\RivaTuner v2.24\RivaTuner64.sys -- (RivaTuner64)
DRV - [2007.09.07 15:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 80 8D 94 E8 DB CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.21 23:20:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 16:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.21 23:20:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard Backup\files32\backup\thunderbirdbkplugin [2012.06.11 09:55:47 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.34_0\
CHR - Extension: avast! WebRep = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\CRX_INSTALL\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Google Mail = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.06.13 15:34:12 | 000,000,875 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000026 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000027 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000028 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Vertrauenswürdige Sites)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18C0E4BA-CED3-45F6-8D9A-27AE468C5E5B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D6DFE45-A6DD-45ED-BE9A-FF2D87CFC2E0}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O24 - Desktop WallPaper: C:\Users\Fabian\Pictures\Hamburg '11\SDC12516.JPG
O24 - Desktop BackupWallPaper: C:\Users\Fabian\Pictures\Hamburg '11\SDC12516.JPG
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.14 17:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.14 17:19:57 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.06.14 17:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hijack This
[2012.06.14 16:58:23 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.06.14 16:58:23 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.06.14 16:58:23 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.14 16:58:17 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.14 16:58:17 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.14 16:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.14 16:14:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.14 16:13:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2012.06.14 15:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.14 13:21:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fabian\Desktop\aswMBR.exe
[2012.06.13 18:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.06.13 18:18:03 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.06.13 18:18:03 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.06.13 18:18:00 | 000,043,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012.06.13 18:17:59 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.06.13 18:17:58 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.06.13 18:17:56 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.06.13 18:17:55 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.06.13 18:16:35 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.06.13 18:16:34 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.06.13 18:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.06.13 18:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.06.13 17:34:12 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.13 17:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.13 17:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.13 17:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.13 13:22:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 13:22:51 | 000,742,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.06.13 13:22:50 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.13 13:22:50 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.13 13:22:50 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.06.13 13:22:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.06.13 13:22:50 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.06.13 13:22:50 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.06.13 13:22:50 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 13:22:50 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 13:22:50 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 13:22:50 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.06.13 13:22:50 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.06.13 13:22:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 13:22:50 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.06.13 13:22:49 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.06.13 13:22:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.06.13 13:22:49 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.06.13 13:22:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 13:22:49 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.13 13:22:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.13 13:22:49 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.06.13 13:22:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.06.13 13:22:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.06.13 13:22:49 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.06.13 13:22:49 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.06.13 13:22:49 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.06.13 13:22:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.06.13 13:22:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.06.13 13:22:38 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 13:22:38 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.11 10:12:18 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\BullGuard
[2012.06.11 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT
[2012.06.11 10:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Festplattentools
[2012.06.11 09:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2012.06.11 09:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
[2012.06.11 09:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard
[2012.06.11 09:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd
[2012.06.09 17:59:10 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Bewerbung Mannheim
[2012.06.08 10:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes
[2012.06.07 22:28:19 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\msvci70.dll
[2012.06.07 22:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldWave
[2012.06.07 20:27:34 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Audible
[2012.06.07 20:26:43 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2012.06.06 18:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2012.06.01 16:30:44 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012.06.01 16:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2012.05.21 23:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012.05.21 23:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.05.21 23:19:50 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012.05.21 23:19:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012.05.21 23:19:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012.05.21 23:19:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.05.21 23:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.06 15:22:13 | 000,002,087 | ---- | M] () -- C:\Users\Fabian\Desktop\Google Chrome.lnk
[2012.06.14 20:18:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.14 19:15:38 | 000,004,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 19:15:38 | 000,004,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 17:25:09 | 001,594,252 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 17:25:09 | 000,683,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 17:25:09 | 000,642,388 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 17:25:09 | 000,150,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 17:25:09 | 000,123,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.14 17:19:57 | 000,001,986 | ---- | M] () -- C:\Users\Fabian\Desktop\HiJackThis.lnk
[2012.06.14 17:12:08 | 000,385,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.14 17:12:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 17:04:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.14 17:04:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012.06.14 16:57:53 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.14 16:57:53 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.14 16:57:53 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.14 16:57:50 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.06.14 16:57:48 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.06.14 16:18:14 | 000,003,488 | ---- | M] () -- C:\Users\Fabian\Documents\MSP Expo, certified.eml
[2012.06.14 16:13:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2012.06.14 14:59:10 | 000,001,356 | ---- | M] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat
[2012.06.14 13:22:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fabian\Desktop\aswMBR.exe
[2012.06.13 18:18:04 | 000,001,803 | ---- | M] () -- C:\Users\Fabian\Desktop\avast! Free Antivirus.lnk
[2012.06.13 18:17:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.06.13 17:33:52 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.13 15:34:12 | 000,000,875 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.11 11:53:10 | 000,199,168 | ---- | M] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.11 09:55:55 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\BullGuard Backup.lnk
[2012.06.08 10:50:21 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2012.05.21 23:19:50 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012.05.21 23:19:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012.05.21 23:19:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012.05.21 23:19:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.05.20 20:29:43 | 000,058,042 | ---- | M] () -- C:\Users\Fabian\Documents\thomaskrone.odt
 
========== Files Created - No Company Name ==========
 
[2012.06.14 17:19:57 | 000,001,986 | ---- | C] () -- C:\Users\Fabian\Desktop\HiJackThis.lnk
[2012.06.13 18:36:32 | 000,001,803 | ---- | C] () -- C:\Users\Fabian\Desktop\avast! Free Antivirus.lnk
[2012.06.13 18:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.06.13 17:33:52 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.11 09:55:55 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\BullGuard Backup.lnk
[2012.06.08 10:50:21 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2012.05.20 20:21:13 | 000,058,042 | ---- | C] () -- C:\Users\Fabian\Documents\thomaskrone.odt
[2011.12.08 23:22:08 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.24 12:07:12 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.21 12:51:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.23 22:57:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.04.16 17:38:07 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.16 17:38:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.07 21:37:40 | 000,000,094 | ---- | C] () -- C:\Users\Fabian\AppData\Local\fusioncache.dat
[2011.02.07 20:27:38 | 001,573,322 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.29 21:26:53 | 000,000,439 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.11.19 16:41:22 | 000,000,565 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\AutoGK.ini
[2010.09.27 22:52:01 | 000,150,964 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
 
========== LOP Check ==========
 
[2011.07.06 17:35:15 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.minecraft
[2009.05.08 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AceBIT
[2009.06.15 14:43:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Avanquest
[2012.06.11 10:23:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\BullGuard
[2008.11.26 17:11:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Canneverbe_Limited
[2008.11.11 19:56:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Cornelsen
[2010.12.09 23:23:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\CrypTool
[2011.12.29 23:30:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Dropbox
[2012.05.27 20:24:32 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoft
[2011.04.16 11:16:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.14 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\FileZilla
[2012.06.06 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ
[2011.11.17 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ImgBurn
[2010.06.14 23:13:31 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\IrfanView
[2010.06.17 13:39:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\JAlbum
[2009.01.14 13:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Leadertech
[2010.07.27 16:15:33 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\LolClient
[2009.07.19 20:23:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\MAGIX
[2008.09.08 21:06:59 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2008.08.15 16:20:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Meine Die Schlacht um Mittelerde -Dateien
[2008.12.25 02:14:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Mp3tag
[2009.03.30 18:14:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Notepad++
[2011.10.10 20:48:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OfficeRecovery
[2010.12.29 21:14:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenArena
[2009.06.04 13:15:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org
[2010.05.31 19:00:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PC Suite
[2012.05.10 18:55:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\RipIt4Me
[2011.11.29 00:07:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Samsung
[2009.01.05 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Software4u
[2009.07.19 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Steinberg
[2011.01.25 16:17:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TeamViewer
[2011.05.18 20:49:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Teeworlds
[2011.07.05 22:45:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Tunngle
[2012.04.14 11:57:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ubisoft
[2011.11.28 23:15:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Unified Remote
[2012.02.22 20:05:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Unity
[2010.11.29 17:31:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\W
[2012.06.08 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\wargaming.net
[2012.06.14 17:04:01 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.13 20:18:57 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{94EF8A00-19B1-42B2-BF10-FE258F391200}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 752 bytes -> C:\Users\Fabian\Documents\MSP Expo, certified.eml:OECustomProperty

< End of report >
         
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 14.06.2012 20:24:18 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Fabian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 38,15% Memory free
8,20 Gb Paging File | 5,33 Gb Available in Paging File | 65,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274,95 Gb Total Space | 35,38 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 10,04 Gb Free Space | 20,56% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,05 Gb Free Space | 32,86% Space Free | Partition Type: NTFS
Drive R: | 1397,26 Gb Total Space | 1163,74 Gb Free Space | 83,29% Space Free | Partition Type: NTFS
 
Computer Name: FABIANS-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = B2 39 E6 04 DB FE C8 01  [binary data]
"VistaSp2" = 75 47 43 BA C9 ED C9 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04100698-9114-49EA-92AD-DE29C3161DB5}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{10ADAA98-3557-4884-BFAB-CDEC9A14620E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{15C2B4D2-309A-42D7-BD48-C32DB6FD22E3}" = lport=6935 | protocol=17 | dir=in | name=league of legends launcher | 
"{1F242E23-C91E-44A7-A32B-6BC67DD94B9C}" = lport=6991 | protocol=6 | dir=in | name=league of legends launcher | 
"{20ED10D9-815D-4C75-8455-C568CA6B3092}" = lport=9000 | protocol=6 | dir=in | name=receiver | 
"{23037353-4C1B-4071-80B9-5A1280CF6B8D}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher | 
"{292FF059-A746-40F4-80AC-04B03BC10602}" = lport=6890 | protocol=17 | dir=in | name=league of legends launcher | 
"{3308C5CE-B5D0-4756-82A5-AD2E88AD3692}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher | 
"{35220968-49CE-4A2B-9674-35665691CFFB}" = lport=6926 | protocol=6 | dir=in | name=league of legends launcher | 
"{37C970A0-C782-4C69-AC73-B86F213C47F0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3857C6F6-EC2B-4677-A687-230853176615}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{398E561A-6F80-4268-BEC4-596A1DB6E0A3}" = lport=6892 | protocol=6 | dir=in | name=league of legends launcher | 
"{3CB282DA-F7B5-478F-B4D4-F9D7AD567781}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher | 
"{45021840-9D5F-41FB-95A2-000BD6A3DD72}" = lport=8303 | protocol=17 | dir=in | name=teeworlds | 
"{458656F4-9866-4920-910A-6372BF71D35B}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher | 
"{47DF3933-A8C0-4BB7-9DF9-F37D0D1E6FEA}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher | 
"{49372A40-41E4-4D3F-968A-F6CD90C531A8}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher | 
"{4D702D9A-D7AE-4128-B60F-E6AB43C20EF7}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{4E2FAA19-F213-443F-A92C-0E701091894B}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{616C1F18-C9F4-4BC3-81D7-E7D3242AF60E}" = lport=6897 | protocol=6 | dir=in | name=league of legends launcher | 
"{65EEC43E-42A1-4B72-8B62-D4077AC60829}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{6773D17E-8F4B-4B48-B01E-E5CE6C224037}" = lport=25565 | protocol=6 | dir=in | name=minecraft | 
"{6CC1DB3F-F5F2-4154-A36B-4EABF64575B5}" = lport=6897 | protocol=17 | dir=in | name=league of legends launcher | 
"{7176D888-D85E-43E0-A2B0-6B1E2C0688BF}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher | 
"{76494C8C-1FF3-4A8F-837D-1D89F49C0686}" = lport=9000 | protocol=17 | dir=in | name=receiver | 
"{7972A541-A73B-4D80-8486-F5FED23BF541}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher | 
"{7A100DB1-45B9-4BEE-87AD-8C3D65800DAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7B428045-B684-4CA3-A1BB-E770577FD7C3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{81DB40DD-91C7-48D4-866D-69626A686B37}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{82BAF8FB-20C9-44EF-865D-41D451F8DB53}" = lport=6976 | protocol=6 | dir=in | name=league of legends launcher | 
"{89A835D1-9B7C-4688-8C07-FA2A1DE77874}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8DC35AE9-53DD-4FDE-99C8-AD70C5AA8958}" = lport=6926 | protocol=17 | dir=in | name=league of legends launcher | 
"{93F9E2F1-2657-4662-939D-70A9688759DD}" = lport=25565 | protocol=17 | dir=in | name=minecraft | 
"{976475FB-AE87-4761-B982-C110E40518FB}" = lport=8303 | protocol=6 | dir=in | name=teeworlds | 
"{9AD45407-7D53-42D3-90C1-856660D595EB}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{9C8F8432-8C91-4A6C-8753-AD3F0CF6FAC6}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher | 
"{9E87B6D1-BB3C-48C6-B863-13F1C0549425}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{A7603C99-3BCF-4948-B2B7-E8706BD433C8}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher | 
"{AF58DF2D-A1AC-4D5D-84E3-DE94BE4CC2CF}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher | 
"{AF70FEA6-78D6-4C4F-B649-3BB12250974F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AF909A86-7403-4BCE-A316-2741CA46D7A9}" = lport=6991 | protocol=17 | dir=in | name=league of legends launcher | 
"{B59AEB95-FF58-46C6-ABA0-128C79A79AA2}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher | 
"{B6DCD223-B76C-4112-A9CC-1779D2351FBF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B6FFDCCD-E2A6-4861-9CEE-4FCD8AF603D5}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{BBA76768-1957-437A-9385-80E614982BF4}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher | 
"{BEB66C21-7FF0-4D77-BA72-097D52BA9E76}" = lport=6935 | protocol=6 | dir=in | name=league of legends launcher | 
"{C2B530A0-22C3-47BD-A7EC-EA27401ADD98}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher | 
"{C2B5708F-9FBF-49E1-BAFB-4B2399E33007}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{C4333209-AAF7-468D-BF82-23FC1B5E9661}" = lport=21 | protocol=17 | dir=in | name=receiver | 
"{C6063BBD-A744-42A7-9FB0-0C2F1C7D0C8A}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher | 
"{C708188A-7F92-4413-9E0D-2ADE8DCE179F}" = lport=6892 | protocol=17 | dir=in | name=league of legends launcher | 
"{D0784062-DA42-48DE-A8E2-D3C9E072F96A}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher | 
"{D1F503B6-EB15-49D6-8334-D01060E1BF92}" = lport=6890 | protocol=6 | dir=in | name=league of legends launcher | 
"{D3A097D1-E061-4DCB-BB89-5DC57731DB22}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher | 
"{D5D97A36-1206-4D67-A095-97437812B128}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher | 
"{D80571D9-ABFB-4762-8076-F70AD81B6BA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2837AD2-1BDA-4C05-8553-13864BED679A}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{E4C0A4B5-0606-46DA-BBC3-AC720DDA6C97}" = lport=6972 | protocol=6 | dir=in | name=league of legends launcher | 
"{E562F31D-E7F1-4AE3-8E0A-83235587B06E}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{E8445FD7-D348-4619-BAA9-7CA3E7CAA7B3}" = lport=6972 | protocol=17 | dir=in | name=league of legends launcher | 
"{E8C2AAAF-418B-47DE-985E-DE975BD17205}" = lport=21 | protocol=6 | dir=in | name=receiver | 
"{E9F949B6-44BD-4FA4-93A0-1A17478B1B4C}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{EB9CA200-0A5F-4788-8185-2CB9FCBBC61E}" = lport=6976 | protocol=17 | dir=in | name=league of legends launcher | 
"{ED6B5899-912E-42EC-899A-7CBFACF5D54C}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher | 
"{EFA9C583-80A2-472B-A574-3A402C05FBBB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F657A651-C15C-4BE5-AFE7-22FB249BFF51}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher | 
"{F886672B-EA4D-48F5-AAAE-37C343FFEF09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FA363C42-0177-4AC7-B93A-C822E9C5E95C}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{FC9A2C56-9BE0-49EB-AF65-88C3560522C5}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{FE771E8D-B62B-4240-A033-2C4C6B7A45F4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004E7964-0E5F-40E7-B10C-6F91644F768E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{010396E0-D40F-4528-89AB-2362CF1C4C30}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{010D6B88-64E0-4CC1-B15C-E8E635BDA04C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{0876FF0C-3149-499A-A280-8B9C15CD1AEE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0BCC37EB-6525-4E6F-B832-13A47032ADD5}" = protocol=6 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe | 
"{0C2E82E4-5D6F-4520-8CC0-0DEA64FC83BE}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\.minecraft\minecraft.exe | 
"{0DB14B72-38BE-4D98-9E45-2F4E9EB53835}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{108DDEBE-E7E2-4256-8718-AAC1A1A152F9}" = protocol=17 | dir=in | app=c:\spiele\minecraft\minecraft 1.4\server\minecraft_server.exe | 
"{10CEFBAE-7873-4461-9B77-0A672A78AE08}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{12AB5F36-70E6-4A51-B862-8382D34F14EB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{14265932-D0E2-409F-BA6A-0D402C288C80}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{15DA1762-A254-494C-9936-F416D0E743FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{16C2AB3B-93AF-4BA4-808B-E71E99F4C8D6}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{18A19F96-861B-491F-BE9B-E897D224942A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{18B7F494-76B8-4147-B0DC-1B441DBF4837}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{19A125DD-461B-4E5F-A4A9-1042B7510214}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{1B8CA73E-ED8C-4021-85C6-C586A5A2BD40}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{1E95147B-7A08-4468-A84E-BE1D539090D4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{2B25DFE2-D232-4DB2-BE47-4BC08662B83D}" = protocol=17 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe | 
"{2C9582B4-8136-4A08-9590-5749F0C912AA}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2E094C49-F516-436A-B404-4DCE653C1B95}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{33AAC75A-F3A4-42EA-9A89-682FA9AC2FDA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{3410CB29-DC25-4B4E-BD31-60B78A281FA0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{3921325B-3568-4A92-800A-E3927E8DA101}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{39403AF5-3650-4F7D-9212-EC54D4637BF8}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{3A1A9C3B-DE19-4801-A25A-DE6D6D9E87A7}" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3y.exe | 
"{3D592DF9-8862-4991-8194-0C32CA2B0922}" = protocol=17 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat | 
"{45CE5F4C-4819-4142-8A62-688BC9EEDD26}" = protocol=17 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | 
"{4A1D52A2-F5FA-4949-A413-A7912A1473D1}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{5004ACC5-B161-4824-A132-E2D09C0F3572}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{54EA1C48-78DA-490B-A5F9-2AB5C735796E}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\.minecraft\minecraft.exe | 
"{58002418-9A4E-4641-B73C-8DD498EF5CBD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{59D2C68E-ACB1-49DF-B5A3-0B63AA988073}" = protocol=6 | dir=out | app=system | 
"{5BBDCAEE-7359-4056-9920-3851FCBBF4BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5BC26BD7-92E2-4EAD-B1CC-CB4C59550EE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5BC3A78C-3E3D-4425-85AC-83186F121040}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5CB0444F-CAFC-4FA9-AEE9-B4991C34D322}" = protocol=17 | dir=in | app=c:\spiele\schlacht um mittelerde\game.dat | 
"{5CF7657B-41C6-4AC1-806C-A7FF26EEEB8B}" = protocol=17 | dir=in | app=c:\spiele\steam\steam.exe | 
"{5EEA0839-D093-4720-816C-10DAFB404AC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5FE3C1C6-91A7-4004-8646-194B871D0B52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6832A22C-6E2F-4606-9714-AAB023FCEB1C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{6BE7C66C-E81F-4B3D-BFEA-772A089751B0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{725F6923-9C0E-4430-9370-088974E81E58}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{74E1FCAA-3C96-4672-AE4F-3C1E90E2D056}" = protocol=17 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_launcher.exe | 
"{7532A1DD-5359-4862-AD36-B0B11908820E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7AD12077-DC1C-440E-90DA-CD1AA821AE78}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{85F48457-A447-44BE-A8C8-5E78172DBF6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8B53A871-B2EC-4061-8723-52BBD7AE4791}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8CDFB926-C3B0-46EB-B2DD-49A56F38D1EE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{8D718B6E-4E8C-4B48-A49A-88703DDEDC2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DEE1533-0AA9-43A2-A88C-DD75160A5F37}" = protocol=17 | dir=in | app=c:\spiele\league of legends\lol.launcher.exe | 
"{8FEB4581-5C48-44C3-9CF4-B7C715AFD5BA}" = protocol=6 | dir=in | app=c:\spiele\steam\steam.exe | 
"{907C412F-5299-4572-B3A3-5DAC7AA9179D}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{9956B587-79FE-4792-91DE-8D57422C55EE}" = protocol=6 | dir=in | app=c:\spiele\schlacht um mittelerde\game.dat | 
"{9C3062C7-0353-44CF-ADBD-F3AE626AB97A}" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3x.exe | 
"{9C390541-6C9B-4A1D-B310-3C619C214824}" = protocol=6 | dir=in | app=c:\spiele\minecraft\minecraft 1.4\server\minecraft_server.exe | 
"{A0F4312B-04CA-4B18-A2B3-B9560F004B77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1348B64-08C5-4311-89FB-37C9C8269725}" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\frozen throne.exe | 
"{A4B6BBD3-BD00-490D-8813-3619322DBA92}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{AA1286C7-7AF3-485A-BA72-F5160D0607F7}" = protocol=17 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat | 
"{AA63D0B6-E9D1-46D8-BD2E-FD913CDC534B}" = protocol=6 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat | 
"{B6EDECC1-2D56-4395-BBD3-02DE3BD9DC47}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BA1960B7-B800-4439-A14B-DA2E9410CA82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C05256D7-1F50-46C8-B693-A34835EF7A88}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{C1704507-1C84-4592-9646-21301BDF2EBE}" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3x.exe | 
"{C2BBD44A-79ED-433A-AC9D-30C992A0AE88}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D16B5AFD-72AB-4F23-81A9-8479BECAA39B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D5A94B83-D720-4E21-B195-CE2CDFBD8383}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{D8F80788-B0F0-44A7-81D7-54AA2B0CAAD7}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{DB06D9D7-B983-4F96-A57E-C5B0F59D962B}" = protocol=6 | dir=in | app=c:\spiele\league of legends\lol.launcher.exe | 
"{DBDBBB85-5B8F-44B9-9DFB-7F6F27F48DE6}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{DF63DAE9-612A-45A1-8573-A9568CCCD1EA}" = protocol=17 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe | 
"{E2117690-7B26-4382-97BE-42E2FBCCEF72}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E226033F-83BE-4D44-8824-8B268E25AF05}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{E5D4889E-7251-425F-9E86-4C254424AF3A}" = protocol=6 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_launcher.exe | 
"{E64B945A-B9CB-4CD7-B974-BBA931B0F4AE}" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3y.exe | 
"{EC740130-0432-4842-8983-7AEE9209FF61}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{ECDAF734-6FDD-4535-B7D1-6650580BEE30}" = protocol=6 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe | 
"{F090FDD4-A877-45B6-A3CE-40E29AB5D0CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F2EB7DBC-B71F-4E72-ADB9-34507F93F3D7}" = protocol=6 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat | 
"{F4D77455-3D32-4E76-8808-8E1641689B9C}" = protocol=6 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | 
"{F57F334E-C984-4944-9583-88E99B4AF487}" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\frozen throne.exe | 
"{F6F07F1C-5635-4D1C-B7BD-5E0EB00E7ED2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FA99B6CB-2989-4846-8489-6F5DA904BA84}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{FBFEE196-3EE8-469A-AB70-FDAAC3670DA4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FDCC61F3-BFFE-4779-8DE2-AF10D483C826}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{FE67A9FC-CB7C-4DB9-93EB-EEE26AEBAA56}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{FEE6904B-338E-44DA-9C34-98032DA47926}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"TCP Query User{05D3F2DE-5F1D-4CB9-A19D-85B9B063DB55}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe | 
"TCP Query User{0DBDC3FB-7E02-4C11-84B3-B1865F63B64B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{1148BFCA-E7C4-4C2D-80FC-D4D3E9149557}C:\spiele\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=c:\spiele\tom clancy's h.a.w.x\hawx.exe | 
"TCP Query User{271F4535-19FB-4991-8DE5-14F339ED9F6C}C:\spiele\flatout 2\flatout2.exe" = protocol=6 | dir=in | app=c:\spiele\flatout 2\flatout2.exe | 
"TCP Query User{2B6DE577-E742-4B3C-9BD3-FE747DA7DA92}C:\spiele\flatout 2\flatout2.exe" = protocol=6 | dir=in | app=c:\spiele\flatout 2\flatout2.exe | 
"TCP Query User{37236AFD-3456-4734-B461-8A4889A51EF5}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{3EB228CB-4D34-47FF-AD6E-1B5C8D5D9F12}C:\spiele\hdro\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\hdro\der herr der ringe online\lotroclient.exe | 
"TCP Query User{40952BE1-9798-4415-AB57-03A542EF5DEB}C:\spiele\aoeiii\age3.exe" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3.exe | 
"TCP Query User{431B175F-58DF-4CEA-8B7D-9D576E89E12B}C:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe | 
"TCP Query User{49180112-0E03-4E67-ADDE-E8331D5231E7}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{49A2BF60-6016-49C1-9CE9-C5831C2AA99A}C:\spiele\world of warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\spiele\world of warplanes\worldofwarplanes.exe | 
"TCP Query User{4B255099-CAEB-4296-884D-2E64757B69BD}C:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe" = protocol=6 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe | 
"TCP Query User{4BE6ED03-BCFC-4C02-849C-9095179EFC95}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"TCP Query User{4FAE8C97-0146-4B70-81AA-C9A651E86BE2}C:\spiele\empire earth - zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\spiele\empire earth - zde\ee-aoc.exe | 
"TCP Query User{512F1569-9A39-4F96-B788-6C100D9188C0}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"TCP Query User{54A71D9C-626F-4FB7-8467-E23640240709}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{5FCE15EC-CFAD-4C28-A184-8DEF3A48FB2F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{6329D3FE-AFF6-45F3-88C0-A6419DEC8273}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe | 
"TCP Query User{65C973A8-6D3C-4464-B03F-6EB7CDDF103A}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=6 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe | 
"TCP Query User{6A276740-B662-4EA5-AF5F-E6BE9EBE8C1D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{76C7B38D-3512-4546-B5CC-9A1E0AD1F75B}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{78726115-B37B-43E7-9DAC-5F6CFC25AA2A}C:\spiele\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe | 
"TCP Query User{7B5ED082-8ECC-4184-BA84-7F32007D27EC}C:\program files (x86)\kathrein\dvrmanager\mfserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\mfserver.exe | 
"TCP Query User{7DC516DB-9806-4747-8935-968F62FB71A8}C:\spiele\aoeiii\age3y.exe" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3y.exe | 
"TCP Query User{80AF8CEC-7384-4B25-A4CA-1A51DEDFF7FC}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe | 
"TCP Query User{9F84EC17-5330-4924-96FA-8E350745FF0E}C:\spiele\aoeiii\age3.exe" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3.exe | 
"TCP Query User{A4141EE7-2986-463B-9EAD-D95F82C9ED44}C:\program files (x86)\kathrein\dvrmanager\ufs922.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\ufs922.exe | 
"TCP Query User{AA63419B-E311-428D-83CB-B8CE22D7CC11}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=6 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe | 
"TCP Query User{B0332979-C8DE-45B0-8847-F285B38E6CE3}C:\spiele\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\spiele\fifa 09\fifa09.exe | 
"TCP Query User{B60665F1-401C-459F-AB55-515E65DFCC07}C:\spiele\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe | 
"TCP Query User{C6CE7081-9183-40F4-9145-CCC711827F6F}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"TCP Query User{D8E3B152-5C60-4AC0-8B04-CE6660C33E56}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe | 
"TCP Query User{E59E0DD2-A631-4F44-94D7-D0CED82B094C}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe | 
"TCP Query User{E5A47F50-6CFF-49C3-A78F-123318A8A9C9}C:\spiele\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | 
"TCP Query User{E63F8070-D263-490E-BB8B-1B27772408EA}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe | 
"TCP Query User{E99AE711-ED6D-4048-8384-2FB88A8BA6EC}C:\spiele\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{FF7AC07D-3FEC-4D39-B2A7-A83490A35120}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{038A7618-501C-4FFE-87F3-81C124424708}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe | 
"UDP Query User{083586AA-E3F8-4834-B5CE-D008F4F87F9A}C:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe | 
"UDP Query User{0A946031-9B0C-4A56-A47C-F36F369E0359}C:\spiele\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | 
"UDP Query User{17C06CCA-0601-42BF-B849-54BCEE06CD73}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=17 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe | 
"UDP Query User{294552DE-F50E-4F3A-85A3-F96EFED55D1D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{2A0D87FD-6272-42F2-8D40-931B2617F149}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe | 
"UDP Query User{359A341E-8737-4F99-93D6-B1389071A459}C:\spiele\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\spiele\fifa 09\fifa09.exe | 
"UDP Query User{381BEA96-AFB3-43D9-9580-90774B284F5B}C:\program files (x86)\kathrein\dvrmanager\mfserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\mfserver.exe | 
"UDP Query User{387E2434-E030-4106-BEE5-334F18EE6765}C:\spiele\hdro\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\hdro\der herr der ringe online\lotroclient.exe | 
"UDP Query User{3A50A205-137B-48ED-A124-670DC61CE6AE}C:\program files (x86)\kathrein\dvrmanager\ufs922.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\ufs922.exe | 
"UDP Query User{405C4069-8AB5-4992-B1C8-6D00F6FA5CF9}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{4F696627-DF62-482C-84CB-221E53FECA97}C:\spiele\aoeiii\age3y.exe" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3y.exe | 
"UDP Query User{501C22E0-0827-4925-9045-D80EBE331B52}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"UDP Query User{535D9115-CE6A-410D-856C-E1B75269DC07}C:\spiele\flatout 2\flatout2.exe" = protocol=17 | dir=in | app=c:\spiele\flatout 2\flatout2.exe | 
"UDP Query User{553C6625-015A-4ECA-B3DA-F08ECA2D7552}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{5E7089A0-EE8D-4257-A682-1212AA89A97C}C:\spiele\aoeiii\age3.exe" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3.exe | 
"UDP Query User{6B747647-13BD-4B84-B351-10143FC85A36}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe | 
"UDP Query User{6D415A2F-7538-4A54-95F1-F2EC73AE5CB7}C:\spiele\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe | 
"UDP Query User{757AD208-4534-4EE9-AEAF-78A93A2A838B}C:\spiele\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe | 
"UDP Query User{7B710251-D681-4079-B192-33DE0D220D23}C:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe" = protocol=17 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe | 
"UDP Query User{7CFDDFA1-7979-4BEB-B599-718665E6DA68}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{869C5412-AC1E-42B9-B4C3-CBF8F338753A}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"UDP Query User{970DBDBA-9E24-4FD5-B621-E81267CC18B4}C:\spiele\flatout 2\flatout2.exe" = protocol=17 | dir=in | app=c:\spiele\flatout 2\flatout2.exe | 
"UDP Query User{97ADBECD-305C-4605-8BA4-2FBA1DAA4ABB}C:\spiele\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=c:\spiele\tom clancy's h.a.w.x\hawx.exe | 
"UDP Query User{B0AFA62A-9E79-44F0-ADA9-5C699EDF3810}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{B8522E5F-48C5-4225-ABD5-C9BECC6A05EA}C:\spiele\world of warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\spiele\world of warplanes\worldofwarplanes.exe | 
"UDP Query User{BF1965A3-203C-49BD-B478-FF87EB3CBB83}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe | 
"UDP Query User{BF3682F6-4FE2-4966-A05A-5F351745E65F}C:\spiele\empire earth - zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\spiele\empire earth - zde\ee-aoc.exe | 
"UDP Query User{C79553A7-59F4-4070-ADA4-F21EDE3B0CA0}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=17 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe | 
"UDP Query User{C9005B0A-BC02-475D-902B-E25FD3A7B8E0}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{C99EC000-AEC3-4355-8E03-FDEF11E1DDD0}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{D3E5BBBB-28F0-41E9-BF97-8A3B78F2DD13}C:\spiele\aoeiii\age3.exe" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3.exe | 
"UDP Query User{D84CE450-38A6-4859-96E1-EB29BDB78FEB}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe | 
"UDP Query User{EA200AF7-639D-4F46-85C5-E4980DF3323A}C:\spiele\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{EB8872A3-63CA-45F6-845E-4D9402C92E6C}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{ED08691D-51BA-4340-BD02-F9E9875A8C4D}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe | 
"UDP Query User{FCE7BA74-8274-47B1-955F-DA1FF07BBD7B}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{19639A51-FCC5-40BA-9F07-D8292A07249B}" = VirtualCom driver
"{197985EE-73F2-B182-6AEB-21926621ED5D}" = ATI AVIVO64 Codecs
"{23170F69-40C1-2702-0457-000001000000}" = 7-Zip 4.57 (x64 edition)
"{249E9ED4-1C67-4DA5-9E39-F0F09AFD93B7}" = Logitech QuickCam
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"BullGuard" = BullGuard Backup
"CCleaner" = CCleaner
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"ffdshow64_is1" = ffdshow x64 v1.1.3721 [2011-01-07]
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"XviD MPEG-4 Video Codec_is1" = XviD v1.3.0 CVS
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03420F19-6E4C-4114-805E-8B465019FBB3}" = Jalbum
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4676D76B-1BA9-4E4D-9615-72FEA5F6B007}" = Unified Remote
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Essentials 9
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Device
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8973631B-D3CE-4F74-8A72-F734D928B940}" = DVRManager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = EE-ZDE
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster für Battlefield Vietnam
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9046809-36B2-4A99-AD7F-C0C16AD773EC}" = TImeSpan Creator
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F6130A03-30EE-D4AD-63C8-E90F422C76C5}" = HydraVision
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = Catalyst Control Center
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.04.04.8012
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Afterburner" = MSI Afterburner 2.2.1
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE 
"AutoGK" = Auto Gordian Knot 2.55
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Blitzkrieg" = Blitzkrieg Mod
"BurnAware Free_is1" = BurnAware Free 2.3.8
"Calc 3D Pro_is1" = Calc 3D Pro Deutsch 2.1.10
"Canopus DV Codec" = Canopus DV Codec
"Company of Heroes" = Company of Heroes
"DivX Setup" = DivX-Setup
"doubleTwist" = doubleTwist
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.3.5
"Firebird SQL Server D" = Firebird SQL Server (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 5.0.2.1125
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.11.508
"Free Midi Converter_is1" = Free Midi Converter version 1.0.0.0
"Free Video Dub_is1" = Free Video Dub version 2.0.8.508
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.1
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2
"GoldWave v5.06" = GoldWave v5.06
"Guitar Pro 5_is1" = Guitar Pro 5.2
"ImgBurn" = ImgBurn
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"League of Legends_is1" = League of Legends
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX Fotos auf CD & DVD 5.0 D" = MAGIX Fotos auf CD & DVD 5.0 (D)
"MAGIX Music Manager D" = MAGIX Music Manager (D)
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"Mastering Edition" = Steinberg Mastering Edition v1.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mp3tag" = Mp3tag v2.46a
"Notepad++" = Notepad++
"PCSUITE_INSPECTOR_PRO_is1" = PCSUITE INSPECTOR
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"RivaTuner" = RivaTuner v2.24
"Steam App 113400" = APB Reloaded
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"TeamViewer 6" = TeamViewer 6
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"Video mp3 Extractor_is1" = Video mp3 Extractor
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"VobSub" = VobSub v2.23 (Remove Only)
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2012 12:21:10 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.06.2012 12:21:34 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.06.2012 12:21:44 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.06.2012 12:21:44 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.06.2012 12:21:44 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.06.2012 12:21:44 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.06.2012 12:21:45 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.06.2012 12:21:55 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.06.2012 12:22:02 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.06.2012 10:13:45 | Computer Name = Fabians-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung OTL.exe, Version 3.2.48.0, Zeitstempel 0x2a425e19,
 fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel 0x4da47a32,
 Ausnahmecode 0x0eedfade, Fehleroffset 0x0001c83b,  Prozess-ID 0x568, Anwendungsstartzeit
 01cd4a37e6b9713e.
 
[ System Events ]
Error - 14.06.2012 08:58:38 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 14.06.2012 10:19:47 | Computer Name = Fabians-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = 
 
Error - 14.06.2012 10:21:34 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.06.2012 10:21:34 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 14.06.2012 10:48:00 | Computer Name = Fabians-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = 
 
Error - 14.06.2012 10:49:52 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.06.2012 10:49:52 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 14.06.2012 11:11:43 | Computer Name = Fabians-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = 
 
Error - 14.06.2012 11:13:30 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 14.06.2012 11:15:37 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7011
Description = 
 
 
< End of report >
         

Alt 14.06.2012, 20:38   #11
kira
/// Helfer-Team
 
Bin ich infiziert? - Standard

Bin ich infiziert?



► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 14.06.2012, 20:39   #12
FabFaeb
 
Bin ich infiziert? - Standard

Bin ich infiziert?



Naja - wirkliche "Probleme" hatte ich ja nie. Ich habe bloß Angst, meine Kontodaten könnten ausspioniert werden und hätte gern ein sauberes System bzw. Backup auf der Externen.
Wie sicher kann ich sein alle beseitigt zu haben?
Gibt es eigentlich eine Anleitung zu einem (natürlich im Rahmen des Möglichen) sicheren System?

Geändert von FabFaeb (14.06.2012 um 20:53 Uhr)

Alt 14.06.2012, 20:59   #13
kira
/// Helfer-Team
 
Bin ich infiziert? - Standard

Bin ich infiziert?



Wir haben im Rahmen der (für uns) bestehenden Möglichkeiten auf unterschiedliche Art und Weise technisch gesehen ausgenutzt, sollte insoweit alles im grünen Bereich sein.Eine 100%-ige Erfolgsgarantie gibt es nicht, es sei denn man die Festplatte komplett formatiert und Windows neu einrichtet!

Tipps kann ich Dir geben:

** Lass dein System in der nächste Zeit noch unter Beobachtung!

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
         
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes: also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!

Zitat:
Internet Explorer aktualisieren: - Version 9 ist aktuell!
Du kannst gleich Windows Internet Explorer 9 installieren, um die vorhandene Version von Internet Explorer zu ersetzen:-> Internet Explorer 9
Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!
Zitat:
Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
    - Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler[/b[
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    so wird oft Art von Adware/Spyware mitinstalliert!
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
    - Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept
  • Entwicklung schädlicher Websites/viruslist.com
  • Brennpunkt: Bilder und Töne
    Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Bin ich infiziert?
7-zip, adblock, alternate, antivir, audacity, audiograbber, avg, avira, bho, bin ich infiziert, bonjour, call of duty, converter, desktop, device driver, downloader, ebanking, error, festplatte, firefox, fix-it, flash player, format, gebraucht, google, google earth, grand theft auto, helper, home, infiziert?, install.exe, langs, launch, league of legends, logfile, mp3, plug-in, progressive, realtek, registry, rundll, safer networking, scan, searchscopes, software, super, version=1.0, vista, world at war



Ähnliche Themen: Bin ich infiziert?


  1. PC ist infiziert
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (5)
  2. PC mit S.M.A.R.T. infiziert
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (31)
  3. System infiziert. USB-Stick und Datensicherung auch infiziert?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2011 (2)
  4. PC infiziert?
    Plagegeister aller Art und deren Bekämpfung - 26.03.2010 (20)
  5. bin ich infiziert?
    Überwachung, Datenschutz und Spam - 06.01.2010 (1)
  6. Bin ich infiziert?
    Log-Analyse und Auswertung - 03.11.2009 (1)
  7. PC infiziert?
    Log-Analyse und Auswertung - 22.10.2009 (12)
  8. Infiziert?
    Log-Analyse und Auswertung - 04.08.2009 (84)
  9. Bin ich Infiziert?
    Plagegeister aller Art und deren Bekämpfung - 16.02.2009 (0)
  10. Was los?Infiziert?
    Mülltonne - 24.08.2008 (0)
  11. PC infiziert !!
    Plagegeister aller Art und deren Bekämpfung - 01.06.2008 (3)
  12. Infiziert?
    Plagegeister aller Art und deren Bekämpfung - 13.03.2008 (21)
  13. infiziert ?
    Log-Analyse und Auswertung - 21.09.2007 (1)
  14. Infiziert?
    Log-Analyse und Auswertung - 09.04.2006 (1)
  15. Infiziert? :)
    Log-Analyse und Auswertung - 23.01.2006 (9)
  16. Infiziert??
    Log-Analyse und Auswertung - 08.10.2005 (3)

Zum Thema Bin ich infiziert? - Hallo Zusammen, ich lese immer mal wieder hier im Forum, hatte bisher aber noch keine Grund selbst etwas zu posten. Jetzt ist es soweit: Gestern Abend meldete sich Antivir (EXP/2012-0507.BM) - Bin ich infiziert?...
Archiv
Du betrachtest: Bin ich infiziert? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.