Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Sperre umgangen, Trojaner noch da?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.07.2012, 16:15   #1
Lt.P
 
GVU-Sperre umgangen, Trojaner noch da? - Beitrag

GVU-Sperre umgangen, Trojaner noch da?



Guten Tag,


1. Am 02.07.2012 habe ich einen GVU Sperrbildschirm bekommen.
Mehrere Wochen zuvor hatte ich einen ähnlichen Sperrbildschirm mit der GEMA als vermeindtlichem Initiator.

1.1. Bei dem GEMA Screen konnte ich nach einem PC-Neustart schnell genug den Taskmanager öffnen und den zugehörigen Prozess beenden.
Blöd dabei: ich erinnere mich weder an den Namen des Prozesses, noch bin ich mir mehr sicher, ob meine Anti-Malware-Software alle "Schadstoffe" von meinem PC geputzt hat.

1.2. Nach dem aktuellen Erscheinen habe ich also den PC erneut neustarten wollen. Im Zuge dessen wurde der Prozess beendet, der meinen PC gesperrt hat und ich konnte schnell genug das weitere Herunterfahren unterbrechen.
Anschließend habe ich mich versucht kundig zu machen.

2.1. Ich habe einen vollständigen Scan durch den Windows Defender vorgenommen. Ein Prob. aufgetaucht und durch das Prog. beseitigen lassen. Kein Log vorhanden.

2.2. Ich habe einen vollständigen Scan durch Avira AntiVir Free vorgenommen.
Kein Fund. Log im -.zip Archiv

2.3. Ich habe mir das Prog. Malwarebytes AntiMalware heruntergeladen, aktualisiert (V. 1.61.0.1400) als Test-/Freeversion und einen Scan durchgeführt. Logs im -.zip Archiv

2.4. Ich habe die Kaspersky Recue Disc heruntergeladen, gebrannt, ausgeführt beim Booten. Update vorgenommen. Scan vorgenommen. Mehrere Funde. Manche bekanntermaßen keine Malware (verschont), Unbekanntes "behandeln" lassen. PC-Neustart vorgenommen.

2.5. Heute 04.07.2012 habe ich zuletzt ein Update von Windows Defender vorgenommen.

3. Heute 04.07.12, wenige Stunden später warnte mich Malwarebytes AntiMalware vor der Datei 0_0U_I.EXE. Ich habe sie durch das Programm in Quarantäne nehmen lassen.

Ist das die schädliche Datei? Der Trojaner?
Ich möchte meinen PC liebend gern wieder bereinigt wissen

4. OTL ausgeführt. Logs im Anhang

System: Win7 64Bit Home Premium SP1, erwähnte Logs im Anhang.


Im Vorraus schonmal an alle Helfer!
MfG Lt.P.

Alt 05.07.2012, 16:11   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Sperre umgangen, Trojaner noch da? - Standard

GVU-Sperre umgangen, Trojaner noch da?



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 05.07.2012, 17:19   #3
Lt.P
 
GVU-Sperre umgangen, Trojaner noch da? - Standard

GVU-Sperre umgangen, Trojaner noch da?



Malwarebytes ist neu für mich. Daher sind nur die im Zip-Archiv enthaltenen Logs vorhanden.
__________________

Alt 05.07.2012, 17:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Sperre umgangen, Trojaner noch da? - Standard

GVU-Sperre umgangen, Trojaner noch da?



Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.

Alt 06.07.2012, 00:38   #5
Lt.P
 
GVU-Sperre umgangen, Trojaner noch da? - Standard

GVU-Sperre umgangen, Trojaner noch da?



durchgeführt, log file im anhang


Alt 06.07.2012, 10:53   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Sperre umgangen, Trojaner noch da? - Standard

GVU-Sperre umgangen, Trojaner noch da?



Zitat:
G:\GTA\San Andreas\Installation\Grand Theft Auto San Andreas\PatchFX.exe
Was das wohl sein mag?!

Kannst du die Logs bitte direkt und nicht als Anhang posten?

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
--> GVU-Sperre umgangen, Trojaner noch da?

Alt 06.07.2012, 12:06   #7
Lt.P
 
GVU-Sperre umgangen, Trojaner noch da? - Standard

GVU-Sperre umgangen, Trojaner noch da?



is gut, werde mal so versuchen
(btw. der patch ist hier tatsächlich nur ein patch )

auf anfrage
Zitat:
Zitat von cosinus Beitrag anzeigen
Kannst du die Logs bitte direkt und nicht als Anhang posten?

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

1. hier also die ESET logfile:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b2da22bce665e34fa2f4f950149618ed
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-05 10:22:22
# local_time=2012-07-06 12:22:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 109415 93135055 0 0
# compatibility_mode=8192 67108863 100 0 739 739 0 0
# scanned=443158
# found=12
# cleaned=0
# scan_time=21757
C:\$Recycle.Bin\S-1-5-21-4269022555-1996468514-2938294703-1000\$ROBG2RU.exe	Win32/InstallMate.A Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe	Variante von Win32/Toolbar.Zugo Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe	Win32/Toolbar.Zugo Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Users\***\AppData\Local\Temp\mor.exe	Variante von Win32/Kryptik.AHSH Trojaner (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\24720e83-68098b98	möglicherweise Variante von Java/Exploit.CVE-2012-0507.CP Trojaner (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\5cc80de3-4fad2ad6	möglicherweise Variante von Java/Exploit.CVE-2012-0507.CP Trojaner (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3ea00c69-5fe336f0	möglicherweise Variante von Java/Exploit.CVE-2012-0507.CP Trojaner (Säubern nicht möglich)	00000000000000000000000000000000	I
G:\GTA\San Andreas\Installation\Grand Theft Auto San Andreas\PatchFX.exe	möglicherweise Variante von Win32/TrojanDownloader.Agent.KQBQWAT Trojaner (Säubern nicht möglich)	00000000000000000000000000000000	I
P:\Installationsdateien\Programme\HSS-1.37-install-anchorfree-76-conduit.exe	Variante von Win32/HotSpotShield Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
P:\Installationsdateien\Programme\Chip.de Adventskalener 2011\SoftonicDownloader_fuer_hypercam.exe	Win32/SoftonicDownloader Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
P:\Installationsdateien\Programme\Sony Ericsson\MyPhoneExplorer_Setup_1.7.1.exe	Variante von Win32/Adware.ADON Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
P:\Installationsdateien\Programme\Windows verbessern\asc-setup.exe	Variante von Win32/Toolbar.Widgi Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
         
2. die OTL logs
2.1. die OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.07.2012 15:30:19 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 10,29 Gb Available Physical Memory | 85,83% Memory free
23,98 Gb Paging File | 21,12 Gb Available in Paging File | 88,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 9,65 Gb Free Space | 9,65% Space Free | Partition Type: NTFS
Drive G: | 365,66 Gb Total Space | 14,31 Gb Free Space | 3,91% Space Free | Partition Type: NTFS
Drive P: | 232,88 Gb Total Space | 40,53 Gb Free Space | 17,40% Space Free | Partition Type: NTFS
Drive T: | 1862,98 Gb Total Space | 1317,99 Gb Free Space | 70,75% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - P:\Avira\Antivir\Installation\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - P:\Avira\Antivir\Installation\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - P:\Avira\Antivir\Installation\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - P:\Malwarebytes' Anti-Malware\Installation\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - P:\Freemake\Installation\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
PRC - C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - P:\Advanced SystemCare 4\Installation\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - P:\devolo DLan\Installation\dlan\devolonetsvc.exe (devolo AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (WDRulesService) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV:64bit: - (WDFMEService) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe (Western Digital )
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe (WDC)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (iprip) -- C:\Windows\SysNative\iprip.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- P:\Avira\Antivir\Installation\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- P:\Avira\Antivir\Installation\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- P:\Malwarebytes' Anti-Malware\Installation\mbamservice.exe (Malwarebytes Corporation)
SRV - (WysePocketCloud) -- C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe ()
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (FreemakeVideoCapture) -- P:\Freemake\Installation\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
SRV - (SXDS10) -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe (soft Xpansion)
SRV - (tvnserver) -- C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AdvancedSystemCareService) -- P:\Advanced SystemCare 4\Installation\ASCService.exe (IObit)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (DevoloNetworkService) -- P:\devolo DLan\Installation\dlan\devolonetsvc.exe (devolo AG)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (NBService) -- P:\Nero\Suite\Installation\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (BlueSoleil Hid Service) -- P:\BT Stic\Installation\BTNtService.exe ()
SRV - (Start BT in service) -- P:\BT Stic\Installation\StartSkysolSvc.exe ()
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LADF_BakerROnly) -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys (Logitech)
DRV:64bit: - (LADF_BakerCOnly) -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys (Logitech)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (CXPLRCAP) -- C:\Windows\SysNative\drivers\CxPlrCap.sys (Conexant Systems, Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (MAXIR) -- C:\Windows\SysNative\drivers\maxcir.sys (Maxytech, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (MagicTune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
DRV:64bit: - (BlueletSCOAudio) -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV:64bit: - (BlueletAudio) -- C:\Windows\SysNative\drivers\blueletaudio.sys (IVT Corporation.)
DRV:64bit: - (BT) -- C:\Windows\SysNative\drivers\BtNetDrv.sys (IVT Corporation.)
DRV:64bit: - (BTHidMgr) -- C:\Windows\SysNative\drivers\BTHidMgr.sys (IVT Corporation.)
DRV:64bit: - (BTHidEnum) -- C:\Windows\SysNative\drivers\VBTEnum.sys (IVT Corporation.)
DRV:64bit: - (VcommMgr) -- C:\Windows\SysNative\drivers\VcommMgr.sys (IVT Corporation.)
DRV:64bit: - (VComm) -- C:\Windows\SysNative\drivers\VComm.sys (IVT Corporation.)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Btcsrusb) -- C:\Windows\SysWOW64\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\Windows\SysWOW64\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (Cardex) -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys (Windows (R) Server 2003 DDK provider)
DRV - (BT) -- C:\Windows\SysWOW64\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\Windows\SysWOW64\drivers\BtHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\Windows\SysWOW64\drivers\VBTEnum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\SysWOW64\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\SysWOW64\drivers\VComm.sys (IVT Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 7F 28 D1 DF 67 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE365
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.14
FF - prefs.js..extensions.enabledItems: refractor@developer.mozilla.org:1.0b3
FF - prefs.js..extensions.enabledItems: service@touchpdf.com:1.15
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
FF - prefs.js..network.proxy.http: "77.220.20.194"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.openintab: false
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: P:\Freemake\Installation\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2012.06.01 07:57:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.14 00:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: P:\Mozilla\Firefox\Installation\components [2012.06.20 21:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: P:\Mozilla\Firefox\Installation\plugins [2012.05.20 15:42:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: P:\Mozilla\Firefox\Installation\components [2012.06.20 21:18:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: P:\Mozilla\Firefox\Installation\plugins [2012.05.20 15:42:13 | 000,000,000 | ---D | M]
 
[2010.02.21 12:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.02.21 12:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012.07.01 16:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\poxwodtx.default\extensions
[2012.06.20 21:18:36 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\poxwodtx.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.08.26 14:43:49 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\poxwodtx.default\extensions\DeviceDetection@logitech.com
[2009.12.14 12:34:16 | 000,001,755 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\poxwodtx.default\searchplugins\leo-deu-fra.xml
[2009.12.14 12:36:56 | 000,001,747 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\poxwodtx.default\searchplugins\leo-deu-spa.xml
[2011.01.18 18:20:18 | 000,002,030 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\poxwodtx.default\searchplugins\myvideo-suche-.xml
[2011.10.14 14:30:49 | 000,000,985 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\poxwodtx.default\searchplugins\ponseu--deutsch--ungarisch.xml
[2011.10.14 14:30:54 | 000,000,925 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\poxwodtx.default\searchplugins\ponseu--deutsche-rechtschreibung.xml
[2009.12.14 12:35:54 | 000,000,936 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\poxwodtx.default\searchplugins\ponseu--englisch-deutsch.xml
[2009.12.14 12:35:58 | 000,000,948 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\poxwodtx.default\searchplugins\ponseu--franzsisch-deutsch.xml
[2009.12.14 12:36:02 | 000,000,936 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\poxwodtx.default\searchplugins\ponseu--spanisch-deutsch.xml
[2009.06.08 14:08:00 | 000,004,153 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\poxwodtx.default\searchplugins\youtube.xml
[2012.03.14 00:46:17 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.03.04 22:38:26 | 000,081,156 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POXWODTX.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
[2012.07.01 16:37:04 | 000,271,403 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POXWODTX.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
[2012.02.16 04:27:31 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POXWODTX.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.02.07 21:37:21 | 000,166,638 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POXWODTX.DEFAULT\EXTENSIONS\IPDATA@EXTENSION.XPI
[2011.05.08 15:35:58 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POXWODTX.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012.01.30 15:09:33 | 000,057,900 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POXWODTX.DEFAULT\EXTENSIONS\SERVICE@TOUCHPDF.COM.XPI
[2012.06.20 21:18:36 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POXWODTX.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Perfect PDF 6) - {2CEFDF99-7ED5-4884-9384-66BAFC1949BB} - P:\Perfect PDF 6 Converter\Installation\iexp64.dll (soft Xpansion)
O3 - HKLM\..\Toolbar: (Perfect PDF 6) - {2CEFDF99-7ED5-4884-9384-66BAFC1949BB} - P:\Perfect PDF 6 Converter\Installation\iexp32.dll (soft Xpansion)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] P:\Avira\Antivir\Installation\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] P:\Malwarebytes' Anti-Malware\Installation\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [renovator] C:\Users\***\AppData\Roaming\TeamViewer\{CB044D1B-3E42-4EDC-8CF0-B3199353A2AF}\renovator.exe File not found
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll ()
O4 - HKCU..\RunOnce: [JavaInstallRetry] C:\Users\***\AppData\LocalLow\Sun\Java\JRERunOnce.exe (Oracle Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EB57315-65B2-4DCE-8C98-8485B6605961}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F34BDE2-33E8-4340-93E2-27F3B5C87B04}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B805C109-88D2-488C-A769-0E1321939BED}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (StickSecuritySafeMode.exe) -  File not found
O20 - HKLM Winlogon: Shell - (StickSecuritySafeMode.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{8ccf20f6-1261-11df-898f-0026189408dd}\Shell - "" = AutoRun
O33 - MountPoints2\{8ccf20f6-1261-11df-898f-0026189408dd}\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.04 15:13:53 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Logs
[2012.07.04 14:09:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.04 10:40:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A1444CA4-22A0-45BB-BD5A-E2ABDCBA6AC4}
[2012.07.04 10:40:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{81625662-AE67-4E51-8D7C-6A586F9184D2}
[2012.07.03 20:47:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Help
[2012.07.03 17:03:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BB38DF56-126D-4619-A8A0-89591A1CD21B}
[2012.07.03 17:03:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A6618568-9F3F-4F92-98DE-C8CE52F8DA5E}
[2012.07.03 16:51:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.07.03 16:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.03 16:48:40 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.03 16:48:40 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.03 16:48:40 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.03 12:45:06 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.02 23:52:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.07.02 23:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.02 23:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.02 23:51:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 19:53:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5DC7573C-C75C-4707-9361-AEADC015FD75}
[2012.07.02 19:53:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{54FF3A87-C94A-4171-BFD1-57B1C622B0DC}
[2012.07.02 07:52:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0E803444-88A9-4D70-BCDE-0B319EE3FD37}
[2012.07.02 07:52:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{98E66C04-02AF-463C-A997-159C27A619D7}
[2012.07.01 19:52:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{444A72EB-0337-44A2-A46B-22F4BD1CC9DB}
[2012.07.01 19:52:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2B67F0F5-C79E-48BB-99A3-C335863C39C3}
[2012.07.01 07:52:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2824EBB3-729E-4D89-ADDC-7FFD7B271849}
[2012.07.01 07:51:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BF9B958E-4954-4994-B005-9BBD24015F5E}
[2012.06.30 19:51:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{97BE9EF5-FD6F-4712-8D16-C5583A9AC69F}
[2012.06.30 19:51:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F11B241B-9738-465D-BE63-C088FE2F8868}
[2012.06.30 07:51:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{50CA0DFD-971B-4F6B-9A9F-69E731ECFB9D}
[2012.06.30 07:51:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D57D142E-1902-45E0-A8EF-F8BDB5831C84}
[2012.06.29 19:50:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F1B62D19-6FB4-4AD0-B867-A3895E0B8BC8}
[2012.06.29 19:50:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{62B87360-2167-4ACB-8164-550A68F40183}
[2012.06.29 00:34:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{261BB346-3E77-4C04-AAD5-76B66C2D10FE}
[2012.06.29 00:34:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2CDF4AD4-6E87-4CDD-BA65-DD2B57D909D1}
[2012.06.28 08:12:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C1989540-47B8-44A1-BE36-8229C1C736B8}
[2012.06.28 08:12:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C7378212-ED3C-4000-BE0D-8F6F50259A8E}
[2012.06.27 21:51:19 | 000,000,000 | ---D | C] -- C:\Western Digital
[2012.06.27 20:12:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5D1DD700-89DF-4DD2-86AB-FDB5569D7965}
[2012.06.27 20:12:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9146B18C-80DD-4349-8D87-9D45981D8669}
[2012.06.27 08:11:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F41E93CC-87B4-4948-AA97-CEEEB1C11A2B}
[2012.06.27 08:11:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CCA2E694-25E5-465F-BA13-52BE1B7A19B8}
[2012.06.26 21:18:45 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Ubisoft
[2012.06.26 20:11:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9A0BF642-EB7A-47C4-8AF0-D18BB184BE12}
[2012.06.26 20:11:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{809F35A1-A616-4FD1-B98C-2237ABFA5D0B}
[2012.06.26 07:57:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B1776B5C-1F14-4E7D-B8EC-087FFB7C090F}
[2012.06.26 07:57:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A79D755A-404D-4A09-9636-F43447BFC2AE}
[2012.06.25 18:59:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E00E27BA-2431-4806-9F3E-74CF1E936EFF}
[2012.06.25 18:59:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{898404A4-5312-460D-B88F-D8CFAE15EB5A}
[2012.06.25 06:59:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{081890F4-A345-493D-92DD-6A7206D54AF9}
[2012.06.25 06:59:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4BC7808F-8038-4FB0-81D9-8FDAEF3EF1E5}
[2012.06.24 18:59:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B69408D9-2F34-4C57-9410-A0C18B71CEEB}
[2012.06.24 18:58:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ECEA2771-C64B-42E7-BC05-5B702E6105F1}
[2012.06.23 19:58:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{614A1514-605C-42E7-9BBB-99EFAE5B7012}
[2012.06.23 19:58:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2081553C-B751-4D8E-AB67-A29DAC47AE4B}
[2012.06.23 07:58:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0564903C-6F56-47BA-8669-550CA147D74F}
[2012.06.23 07:58:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{566F2762-4C86-4CF1-9CA3-3A308D95AC05}
[2012.06.22 19:57:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{40E5D619-B2BE-45C6-A9A8-1E2034C1B79B}
[2012.06.22 19:57:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{00F9F23F-3A99-450F-A4F5-5C9614EB3B63}
[2012.06.21 20:13:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8F1DE333-3290-4DC2-876E-8BBC3EC1C419}
[2012.06.21 20:13:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B6BBE7A7-60F4-4ACA-83C0-CCAB9E0D3CAF}
[2012.06.21 08:13:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4FAB1960-134D-4730-B19A-C590BCC38A6B}
[2012.06.21 08:13:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7B97EED9-C9C9-4315-AC1F-FAA7FC0614E4}
[2012.06.20 21:49:26 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.06.20 21:49:26 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.06.20 21:49:23 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.20 21:49:06 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.20 21:49:05 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.20 21:23:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.20 21:23:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.20 21:23:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.20 21:23:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.20 21:23:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.20 21:23:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.20 21:23:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.20 21:23:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.20 21:23:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.20 21:23:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.20 21:23:42 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.20 21:23:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.20 21:23:41 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.20 21:23:04 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.20 21:23:02 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.20 21:23:01 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.20 21:22:39 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.20 21:22:39 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.20 21:22:39 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.20 21:18:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.06.20 20:13:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9F8CC848-B510-4F26-8EC1-3CF1A6074F35}
[2012.06.20 20:12:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{770D10AB-89D5-4D5A-A57A-DC89E39840C0}
[2012.06.20 08:12:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{43FFCBF9-BEEB-4C8E-8662-9BB62B1B9A23}
[2012.06.20 08:12:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F521E1ED-BC91-4344-8955-FE254F3B5DF0}
[2012.06.19 20:12:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{93D16562-C737-43F3-B6AB-87EF3CCC4B43}
[2012.06.19 20:12:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A22507AF-FD89-402B-89AA-4F2C056C2D3D}
[2012.06.19 08:11:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{143E3E0E-50AF-41BE-8B05-5DD7172DB24C}
[2012.06.19 08:11:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BC63E27A-BBF1-46CD-BBFB-23B1974A285C}
[2012.06.18 20:11:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A3B6849-DB5E-424E-A8C2-47DBC6FB7B25}
[2012.06.18 08:11:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{85EB7D5E-05AE-4218-9A10-55A8C9B6A207}
[2012.06.17 20:11:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B6803C3F-A541-4220-9F82-D2244E6AE9C0}
[2012.06.17 08:10:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6CF8F4D5-7834-41BB-9800-24F84ED30B1F}
[2012.06.16 20:10:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7D4BBA3B-6EB3-4A49-8389-4420CD665296}
[2012.06.16 08:10:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CC6E6733-2B87-4260-9C74-364C1096D489}
[2012.06.15 20:02:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ED0ED657-2564-4B78-95AB-52BF21000F87}
[2012.06.15 07:18:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\WB Games
[2012.06.14 23:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2012.06.14 21:52:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ECFA906E-3CA2-4B4E-8915-F09A7194D710}
[2012.06.14 21:51:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{03013DFE-84C9-4017-809A-7FFC1CD8D187}
[2012.06.14 07:52:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F687E2F2-A111-46BE-B79B-D9F427A80700}
[2012.06.14 07:52:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EA7BE7AE-AC55-4903-B1F7-E44141C4D863}
[2012.06.13 19:52:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0611D2FA-8A3C-4145-99B3-0B913C0C9CEA}
[2012.06.13 19:52:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D6EA42ED-870F-49AD-BA30-28F8086AB0D5}
[2012.06.13 07:51:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9E10A5F3-2F21-4F98-9A29-1D26CD7F65AA}
[2012.06.13 07:51:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5E833E66-3AB0-47EE-B7F4-CF0765E03FC3}
[2012.06.12 19:51:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{435C65CA-F700-4A3C-9CE1-5D0BC36BD341}
[2012.06.12 19:51:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4F8F4BC1-35C0-4A55-B10C-2F7E1593189B}
[2012.06.11 21:37:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D59610B1-B630-4E92-918A-E130F487CC05}
[2012.06.11 21:37:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{54F0715A-88EC-408C-AAFB-B1747EEC485C}
[2012.06.11 10:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow WinSecret 2012
[2012.06.11 10:07:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TweakNow WinSecret 2012
[2012.06.11 10:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow RegCleaner 2012
[2012.06.11 10:06:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TweakNow RegCleaner 2012
[2012.06.11 09:37:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DADC554E-96B3-4F08-A650-B8261367736E}
[2012.06.11 09:37:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{44415C5E-D9DD-4C28-AFDC-063055B1302D}
[2012.06.10 12:34:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AD0DAE2E-3479-4580-8DB9-C38F6A050000}
[2012.06.10 12:34:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5B2B9959-FA23-464B-AD1D-60D68D6E3FD9}
[2012.06.09 20:12:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{15D3C72B-C35E-4463-B38D-4744C5BC40B0}
[2012.06.09 20:12:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DFF074FA-4B8D-49BB-A1ED-13CF11B4994F}
[2012.06.08 22:55:38 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.08 22:55:38 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.08 22:55:38 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.08 22:55:29 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.08 22:55:29 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.08 22:55:29 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.08 22:55:12 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.08 22:55:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.08 22:44:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{447102E1-126C-4047-B021-5FD6DCD5D358}
[2012.06.08 22:44:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7A0D7006-DA9E-4E95-8E26-9D665E72F34F}
[2012.06.08 01:07:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6FF7B9DE-7ED9-4CA3-9BC2-3AB016B6C520}
[2012.06.08 01:07:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{93215D00-36E9-4959-8EB1-0DAECD48029A}
[2012.06.07 13:07:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E481F5E9-C769-494E-8B7D-710A9510B104}
[2012.06.07 13:07:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{199D0550-D86B-48F2-8B40-2084D21DD809}
[2012.06.06 20:01:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{36C275D7-B849-48A2-8A66-C31649FFC46B}
[2012.06.06 20:01:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5A3D761E-7861-4727-96A3-85A0E86EDFDD}
[2012.06.06 07:42:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{56948B90-E9AB-402B-92CE-2143AE6BD719}
[2012.06.06 07:42:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4F47353E-A417-4DB3-8D2F-99B14329D174}
[2012.06.05 19:42:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DC368DAA-4F32-42FB-A04F-86CE98D0CFB6}
[2012.06.05 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{19FAA69C-F471-4183-85EA-FE3C57231198}
[2012.06.04 20:28:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D8E16A15-559A-40EE-9CD6-700BABE9CBC9}
[2012.06.04 20:28:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{85FE3877-3381-472B-BE8A-D848E4B7FC48}
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.04 15:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.04 15:25:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.04 14:09:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.04 10:40:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.03 21:25:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.03 21:22:19 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.03 21:22:19 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.03 21:18:41 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.07.03 16:43:19 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.03 16:43:19 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.03 16:34:57 | 1065,918,462 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.02 23:06:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.02 23:04:37 | 000,001,877 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.26 21:07:53 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.24 19:34:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.24 19:34:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.20 21:51:00 | 023,011,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.20 21:35:37 | 001,800,812 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.20 21:35:37 | 000,764,044 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.20 21:35:37 | 000,707,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.20 21:35:37 | 000,171,162 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.20 21:35:37 | 000,139,436 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.02 23:52:52 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.07.02 23:04:37 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.07.02 23:04:37 | 000,001,877 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.12 07:29:31 | 000,691,271 | ---- | C] () -- C:\Users\***\Documents\img180.jpg
[2012.06.01 07:14:01 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.04.06 21:51:17 | 000,001,114 | ---- | C] () -- C:\Users\***\AppData\Roaming\SMRResults250.dat
[2012.02.10 00:06:13 | 000,001,433 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2011.10.08 20:21:30 | 000,069,707 | ---- | C] () -- C:\Windows\SysWow64\DISP_OPT1.dll
[2011.10.08 20:21:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\GTWST.dll
[2011.10.08 20:21:25 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.10.08 20:21:23 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.08.21 00:15:56 | 000,005,943 | ---- | C] () -- C:\Users\***\.TransferManager.db
[2011.06.21 18:39:38 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2011.06.21 18:03:28 | 000,030,764 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2011.02.26 20:31:38 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011.02.26 20:31:38 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.02.21 20:41:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.02.21 19:54:02 | 000,695,578 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2011.02.21 19:54:02 | 000,001,065 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011.01.27 23:23:33 | 001,664,284 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.11.22 01:26:00 | 000,001,077 | ---- | C] () -- C:\Users\***\Dokumente - Verknüpfung.lnk
[2010.10.16 19:32:04 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.16 19:32:03 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.16 09:13:20 | 002,601,752 | R--- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010.09.12 22:44:33 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.07.21 01:46:24 | 000,044,032 | ---- | C] () -- C:\Users\***\fbchathistory.dat
[2010.06.14 14:19:49 | 000,007,680 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.06 02:30:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2012.02.10 00:02:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011.02.21 20:17:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audio Record Edit Toolbox
[2011.02.21 20:18:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audio Recorder for Free 2010
[2011.08.30 22:02:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations
[2011.04.26 15:03:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bump Technologies, Inc
[2011.12.13 13:33:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CBL-Electronics
[2012.04.04 01:58:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.09.16 16:35:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.13 19:28:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cool Record Edit Pro
[2011.07.30 19:41:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.02.06 02:32:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2012.04.12 20:43:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.07.22 15:08:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.09.20 15:31:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.07.28 12:05:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit
[2011.02.01 18:07:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.12.24 22:17:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.12.01 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nik Software
[2011.10.27 14:17:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2010.04.19 23:29:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pokerth
[2010.12.28 01:20:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PPTRemote
[2011.04.13 14:19:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Prism
[2010.12.06 13:27:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011.10.25 16:19:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Screaming Bee
[2012.07.03 00:13:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.10.25 19:23:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.06.11 10:06:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TweakNow RegCleaner 2012
[2012.06.11 10:07:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TweakNow WinSecret 2012
[2012.06.26 20:49:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2011.01.13 20:20:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WebApps
[2011.04.18 01:06:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.03.04 21:55:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinZip
[2012.04.01 20:12:54 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


2.2. die Extra.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.07.2012 15:30:19 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 10,29 Gb Available Physical Memory | 85,83% Memory free
23,98 Gb Paging File | 21,12 Gb Available in Paging File | 88,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 9,65 Gb Free Space | 9,65% Space Free | Partition Type: NTFS
Drive G: | 365,66 Gb Total Space | 14,31 Gb Free Space | 3,91% Space Free | Partition Type: NTFS
Drive P: | 232,88 Gb Total Space | 40,53 Gb Free Space | 17,40% Space Free | Partition Type: NTFS
Drive T: | 1862,98 Gb Total Space | 1317,99 Gb Free Space | 70,75% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- P:\Mozilla\Firefox\Installation\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05005B6B-AD77-4D64-9F5D-8543C5F58E9F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{12CB93C6-B66B-4C7C-B2C4-478FD40427B6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1706563C-B787-4ECF-8782-D3B6DD233D6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2358428C-BD88-40A3-ACD8-70FF0557E96E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{29D0AF90-0CF6-44E0-92B5-576AA4AA1FE1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{42BA2CFE-443E-4DAC-8EA1-9E20BEF2B595}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50711569-504B-435C-8E85-572582A66977}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{58513064-E7C9-4312-813E-D376ED646A1D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{587977B5-8CE2-4A52-8472-A4A8B4AA3DB2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{62F88B0F-4007-41CE-99DE-D4A60CAEB23A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{679510A3-C1DF-47EB-8EF7-37C60F2C9C2F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6BDD434E-4A5B-4242-93B2-F116A35DEAE4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6F14C26C-C3BF-4F47-B4A0-3CB2B42F82E2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{83D6F302-AFE1-4EC8-A646-678B243E90E7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{87E1FECF-3392-465F-BBC2-15532ACCB49A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8CBB457E-C546-499C-9194-97C3B9FC4335}" = lport=19376 | protocol=6 | dir=in | app=p:\devolo dlan\installation\dlan\devolonetsvc.exe | 
"{9175C5AB-DCC0-4381-B310-07FD92D71510}" = lport=137 | protocol=17 | dir=in | app=system | 
"{93F85792-AC24-4C29-9DDA-ADBAC8C80A2E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{94F66CA0-5D1F-46D7-AF07-24D765B56865}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9A231FA6-5B0A-4460-AFBB-FE14887F3049}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9AD98AFB-33B6-47FE-8408-3162EBF3251F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A19B44B1-E34B-4A52-8687-43744570E120}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BC5203C6-EC3E-45A8-B326-9987DBD9C3F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{BD8B68C5-C805-4387-9B01-9B15E3EEDC64}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BFEA5BE9-1DA8-4158-BC77-DCDBC3929561}" = lport=9512 | protocol=6 | dir=in | name=unified romote relevanter port tcp | 
"{C69E859E-A5EF-44AE-A1F0-EE2640117CDA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C78666AF-673B-4063-A0E4-684C9EA61F32}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{CED47BEA-671E-4593-BC5F-1A10FBC70B75}" = lport=9512 | protocol=17 | dir=in | name=unified remote relevanter port udp | 
"{E277273D-CBD6-4855-8468-4B1412CF107E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E296525E-7FA5-4B37-B82D-5D1FC451C00F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F25C462C-FF21-4CFE-9374-0F07BAB57F5B}" = lport=19375 | protocol=17 | dir=in | app=p:\devolo dlan\installation\dlan\devolonetsvc.exe | 
"{FE6648FB-8694-4757-8524-5E67F0671A69}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006E20CA-C420-4529-9A0B-BB5AAEA8983E}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{009699EF-0597-42BD-84D0-624EDCF5F8AD}" = protocol=17 | dir=in | app=g:\need for speed the run\installation\need for speed the run limited edition\need for speed the run.exe | 
"{00B3FD11-0072-422D-8FC6-6B97FDB7F225}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{01D6C59F-4033-4DAA-84FB-BD4B3FD6021E}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{05520D17-25F3-4E02-9643-86A53767935D}" = protocol=17 | dir=in | app=g:\batman arkham city\installation\binaries\win32\batmanac.exe | 
"{081872B5-E1FE-46C6-8332-7EB7FFFC9A1A}" = protocol=17 | dir=in | app=p:\team viewer\installation\version6\teamviewer_service.exe | 
"{0858B3EA-9E6A-4A12-8B0E-65CA8C6B0791}" = protocol=6 | dir=in | app=g:\anno 2070\installation\autopatcher.exe | 
"{09DEEC9E-08B8-4B9E-8593-27703848A678}" = protocol=6 | dir=in | app=g:\gta\iv\installation\rockstar games social club\rgsclauncher.exe | 
"{0A5DD3A8-4D0A-49DF-8A95-7BBD4CDBBADB}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{0C399D20-72D4-4E0C-BF7B-31BC4A86D5EA}" = protocol=17 | dir=in | app=g:\gost recon 2\installation\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{0DBA30F2-0A50-4510-B91B-8EEAB4BBAAC6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0E523EB1-9A28-4DBE-9ADC-82FA4BD0A60E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{0FD35817-F154-46FA-9604-2B43699E482E}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{103FB0C0-E86A-4842-9C3C-937B4C91F6EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{12941E98-B2ED-4BCB-9F39-0F56D0F63850}" = protocol=17 | dir=in | app=g:\ghost recon future soldier\installation\gu.exe | 
"{129FE76D-B231-4AF1-B033-0B43172FC0CE}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\homefront\binaries\homefront.exe | 
"{1311F094-AE0A-40FB-856A-02EEFF8AE34C}" = protocol=17 | dir=in | app=g:\hitman\blood money\installation\hitmanbloodmoney.exe | 
"{1430F1BC-74B6-4851-B265-6ADE33BD622A}" = protocol=6 | dir=in | app=g:\blur\installation\blur.exe | 
"{159C99A2-D281-4F6D-BBC8-0DF2A7684A33}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{1A2B9DF7-9F31-4D52-979A-795ED5DD0954}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{1B50E3DF-CF8E-484D-927E-A16A9FBB4BD1}" = protocol=6 | dir=in | app=g:\ghost recon future soldier\installation\future soldier.exe | 
"{1DBE795A-24D1-4533-9FCB-E1264928EE3F}" = protocol=6 | dir=in | app=g:\ghost recon future soldier\installation\gu.exe | 
"{1E24789D-C319-4F6E-9558-FAD8612A94D4}" = protocol=6 | dir=in | app=g:\batman arkham city\installation\binaries\win32\batmanac.exe | 
"{20AADF9A-9819-4AFC-BE0D-07894D95DA55}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{21734209-FD15-46A1-BD28-21165F641BF1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{21856122-515D-4F3F-A372-70C60FD250C4}" = protocol=17 | dir=in | app=g:\need for speed\hot persuit n\installation\launcher.exe | 
"{21896B79-67D5-4B33-9BE0-4F2212E23BBB}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{219996F5-08E3-4CB8-BD4F-CA5AE047DCB4}" = protocol=6 | dir=in | app=g:\james bond\blood stone\installation\bond.exe | 
"{22B98904-A5ED-429F-BC83-0083BE7EA3A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{23D35DA9-1974-42E3-8803-A9A8F23EC629}" = protocol=6 | dir=in | app=p:\bt stic\installation\bluesoleil.exe | 
"{2613FEC0-120F-4239-B80F-41EB8E9905E3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{264C946B-1384-4B23-BBE2-A273E5A40A7A}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{27175010-5949-49DE-943E-C01DF391E261}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{27751444-1433-4928-9EC1-7D24C7F6729F}" = protocol=17 | dir=in | app=g:\blur\installation\blur.exe | 
"{27C2B970-8626-41FC-BCF1-D1FEDC2B1494}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{292209D0-FA8C-411C-A49E-4391B064DC8D}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | 
"{2ACFD1BE-4B4F-4537-9981-414F7CE8BC25}" = protocol=17 | dir=in | app=g:\gta\iv\installation\rockstar games social club\rgsclauncher.exe | 
"{2ADDDA6E-8964-4582-987C-573397535E6C}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{2AFDA61B-7B4B-44B7-809A-C3E800D45947}" = protocol=6 | dir=in | app=p:\team viewer\installation\version6\teamviewer.exe | 
"{2B7003B3-AB50-4360-AF42-0D145FD0D195}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2F4F8E1C-A8EE-4ED6-81E5-9D481A3B826E}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\sniper ghost warrior\sniper_x86.exe | 
"{2F52C47E-E231-4CFD-8846-4E442B2AAFFC}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{3349B5DF-292D-42B2-9216-47595954185A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{345EAF36-E8A5-4D54-96A2-2ECBFE620F3E}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{3687B4D7-C07E-4A49-8B33-4390E3BAA987}" = protocol=6 | dir=in | app=g:\gost recon 2\installation\ghost recon advanced warfighter 2\graw2.exe | 
"{36DD951C-6C19-43C7-ADD9-33793971A488}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{3744020B-02BF-40EE-96B2-3DBECB8DB9F2}" = protocol=6 | dir=in | app=g:\gta\iv\installation\eflc\launcheflc.exe | 
"{3AF6C68C-7048-4B8D-8193-3B29A8B6994F}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\homefront\binaries\homefront.exe | 
"{3C529B3D-FC34-4A32-A84C-09E296945BE1}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{3CEAB007-408F-4E0F-A09E-D27C6A346BC5}" = protocol=6 | dir=in | app=g:\gta\iv\installation\gta iv\grand theft auto iv\launchgtaiv.exe | 
"{3E6BBDF2-D280-4398-B0FA-E1DC6AFFA2FF}" = protocol=17 | dir=in | app=p:\bt stic\installation\bluesoleil.exe | 
"{40D62E76-D481-4A8D-92DE-92E1688EA1FD}" = protocol=17 | dir=in | app=g:\max payne\3 installation\playmaxpayne3.exe | 
"{4242C9D6-235B-4763-B2B3-07A1D2A98B54}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{433D12CC-589D-408F-B9D4-7B4D799B49E4}" = protocol=6 | dir=in | app=g:\mass effect\mass effect 3\installation\mass effect 3\binaries\win32\masseffect3.exe | 
"{44ABF217-3A7C-45E5-AE3A-A69CCAC5BD17}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{4752EF8F-2462-4187-8596-D229EB4D2CFD}" = protocol=17 | dir=in | app=g:\racedriver grid\installation\grid.exe | 
"{47D85BE4-C7C5-4E5A-A614-7CA14B7E68C3}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | 
"{4CCC0AC7-027C-471B-8692-71B85E14A58D}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\sniper ghost warrior\sniper_x86.exe | 
"{4D1CF2A9-755B-4E20-9807-4CE26448D7D3}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{4E7C64F9-4EB5-45DE-8DAE-372516509A2B}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{4EBA731F-1578-4718-8636-9A36496B7288}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{52E572EB-9762-4068-A6F3-773187477487}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{52EB81A7-79B8-4FD0-8FEA-30419EED17C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5329BEF7-396E-41B2-8B93-0F9B027D34EF}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{56C6EB30-D0DF-463D-AAA6-1865BF098802}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5847D3F2-2065-40BF-9923-C25F44FF3BC4}" = protocol=6 | dir=in | app=g:\need for speed\hot persuit n\installation\launcher.exe | 
"{58E20D33-BFFE-4A21-B9DF-AB9FE288E201}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{608EB744-B4DC-48D2-9622-26923E40D63E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{61890C36-E1D0-4469-BEEA-586C9200A4FF}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{64276621-706F-4AEA-9E28-5E144FF24A39}" = protocol=6 | dir=in | app=g:\need for speed the run\installation\need for speed the run limited edition\need for speed the run.exe | 
"{673CC236-4497-408D-9A1D-D77A2E4B2FDB}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{67832EDB-B369-4447-A683-943AEF34B3CF}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\metro 2033\metro2033.exe | 
"{67F636DC-D5AF-420C-9279-3252B3037136}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{6B5B3B9B-820E-417B-8C22-91C3B8B25CF7}" = protocol=17 | dir=in | app=g:\anno 2070\installation\autopatcher.exe | 
"{6BD22EB1-3CB7-4F8D-BFC8-0E727C0C13FF}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\magic 2012 demo\magic_2012.exe | 
"{6BFC17FD-E98E-4111-9D00-89E4DB8B35ED}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6C50AF45-72B6-4985-A7D5-531FE5316E3F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6FAF19B6-09C8-49F1-8941-E35CC1CE9EBE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6FB7E2D3-4BD9-46A5-9EAE-09FEB4C92A95}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{6FEC7190-E1C0-4473-9F2C-131A809858C0}" = protocol=6 | dir=in | app=g:\hitman\blood money\installation\hitmanbloodmoney.exe | 
"{70777974-1801-4086-8770-B4D75130EF89}" = protocol=6 | dir=in | app=g:\max payne\3 installation\playmaxpayne3.exe | 
"{722F70F2-BED2-4FDE-A8B8-10A29164869A}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty black ops\blackops.exe | 
"{73EF5128-0A62-42AB-B2B0-1D9D57209845}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\wysebrowser.exe | 
"{770AC58A-BA32-4841-B060-27021D76AEDD}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty black ops\blackops.exe | 
"{828A08D1-94C2-47B5-B1DF-D55EB76116BA}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{83E15D1F-B43C-497F-B0B3-39ED501BA8C4}" = protocol=6 | dir=in | app=g:\splinter cell\splinter cell conviction\src\system\conviction_game.exe | 
"{8564E53A-DF07-45BA-AD7F-8A5DF864E810}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{865B5DF2-6157-4421-B79C-25B02240B9FE}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{872D5988-4946-499A-B833-5409307E7833}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{87C6C20A-D9C3-4610-B5B5-958B71274249}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{8C26464A-44B7-4E1E-A9A8-1B8196A69BD9}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{8D389997-923F-490A-B681-7A6A52E1F5FB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{8DDB9D19-C635-4385-B626-A9CA37D2A44B}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{8E379D24-47BD-48F0-A427-0316515CC6E1}" = protocol=6 | dir=in | app=p:\team viewer\installation\version6\teamviewer_service.exe | 
"{8FB4A6BB-C7F2-4B2F-8E78-096FA7F3CA49}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{91E66213-83CD-4F4C-9F85-9F5614ACC43B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{94504294-3488-4887-953F-D217FA7AAA9E}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\sniper ghost warrior\sniper_x86.exe | 
"{9470E00C-F8E7-4932-9A68-B2E94592A2F0}" = protocol=17 | dir=in | app=p:\bt stic\installation\bluesoleil.exe | 
"{97620CAC-D7FE-430E-90EB-9978D9DEA84F}" = protocol=17 | dir=in | app=g:\anno 2070\installation\initengine.exe | 
"{9CB4E460-18F3-45F4-BF13-D15DF05EE554}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{A0E49735-C0D2-405A-98F6-2D20A6EE6E92}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A3560280-AE3C-4B3F-88C8-7CC3632363CA}" = protocol=17 | dir=in | app=g:\ghost recon future soldier\installation\future soldier.exe | 
"{A3A64EFA-DC7E-4E2C-AEAD-2BC73A94D0CE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A4862D9A-90D3-4C50-A457-EA62128133AD}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{A4C204A9-B1A3-40E0-89ED-158DD466B15C}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{A4F88592-4FF2-4CC8-8A78-60E1564DCE62}" = protocol=17 | dir=in | app=g:\splinter cell\splinter cell conviction\src\system\conviction_game.exe | 
"{A62A67C4-3E58-4363-8434-8F3DB39BC81A}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{A83520A1-714B-4949-B037-360EB851C3B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{ADD05370-7BCF-4DFE-A27A-917268365417}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudservice.exe | 
"{B024FA00-C595-4EB6-A519-254D08D67092}" = protocol=6 | dir=in | app=g:\anno 2070\installation\initengine.exe | 
"{B22E2BCF-71AE-4620-8F44-33727EBF8601}" = protocol=6 | dir=in | app=g:\gost recon 2\installation\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{B7D7E707-5797-4EEC-A60A-BA673BC1814F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{BB22E00E-F15E-4193-8289-9BE1C0C89D42}" = protocol=17 | dir=in | app=g:\gta\iv\installation\eflc\launcheflc.exe | 
"{BC120D6F-82B0-4317-B535-0CF77F1A0FCD}" = protocol=6 | dir=in | app=g:\battlefield 3\installation\battlefield 3\bf3.exe | 
"{BCC0D0DF-8D04-4791-9345-E663E294E961}" = protocol=6 | dir=out | app=system | 
"{BE580DE4-4CA1-490F-8706-591DFB5B90C6}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\metro 2033\metro2033.exe | 
"{C0128C48-6947-4160-B9AE-CE93C93CFD82}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{C3C8B2CC-C427-48A8-8188-9AA929BA347F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{C3D9C39F-EA27-43C2-99EC-4D01F80AE59E}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\magic 2012 demo\magic_2012.exe | 
"{C6759EFD-8E7B-4824-9304-E3E32E1320DB}" = protocol=17 | dir=in | app=g:\gost recon 2\installation\ghost recon advanced warfighter 2\graw2.exe | 
"{CA123161-457E-4682-BFB6-64142A42D280}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{CB5499A6-B645-4DAA-91CD-CCBD55E47159}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{CCF23E58-D115-47F8-8DA3-0B4C8888F35B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CEEA65C4-A0C7-411C-B52F-F157BD241944}" = protocol=17 | dir=in | app=p:\team viewer\installation\version6\teamviewer.exe | 
"{CEFEEBB3-FE04-4ECD-B9CE-A2AA398BAD82}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D256F5ED-479A-40FA-A9D7-20968C272F3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D42B5958-DBD8-4CBD-9128-4C08D7374E5B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D5430264-353F-4A9D-A9D5-D614E04AD6C9}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudinstallwizard.exe | 
"{D9A5FBDC-DCA2-4C8A-925A-3179E6544753}" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\sniper ghost warrior\sniper_x86.exe | 
"{DA366D1C-5927-4815-99E8-92F091CC8343}" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{DA92DBB8-533F-4D01-AF4A-0C9DFD92713F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DBF3F928-F96C-48E1-9C79-256908743007}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{DC428CA6-70D6-4117-B42F-73DBD1594945}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | 
"{DDF32267-0BE5-47B0-B131-C6E4AFDB179F}" = protocol=6 | dir=in | app=g:\racedriver grid\installation\grid.exe | 
"{DFD7606D-0055-4E45-8B68-AD59C9BB1BD6}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{E1FC2CD8-4F87-48B3-BE49-4B04834754D0}" = protocol=17 | dir=in | app=g:\anno 2070\installation\anno5.exe | 
"{E3E47B92-CB6D-4088-98BB-056CC1B8E08F}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | 
"{E546832A-A04B-4FE9-9183-A0A60519EACE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E762655A-2588-45BA-BAAE-B9CBB8A809E2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{E852F3BC-A8EB-4436-9071-3350574D39DE}" = protocol=17 | dir=in | app=g:\gta\iv\installation\gta iv\grand theft auto iv\launchgtaiv.exe | 
"{E899E8E2-2D6C-4C45-BFC9-B46526E76803}" = protocol=17 | dir=in | app=g:\james bond\blood stone\installation\bond.exe | 
"{E93C50D9-2754-4D4B-B2C7-06EF0FE75A2F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EEECAA75-5C0E-4F73-A82F-35E99DD918DF}" = protocol=6 | dir=in | app=g:\anno 2070\installation\anno5.exe | 
"{F0276ED5-0A4E-43E6-A032-F97DBDCAD480}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F1F81569-B227-4F40-89B2-E676FCCE0EC2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F342ACAB-F4CF-48B0-AD3D-D615D23972F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F47FEC5B-6331-4DB7-B044-60BF4D5E8641}" = protocol=17 | dir=in | app=g:\mass effect\mass effect 3\installation\mass effect 3\binaries\win32\masseffect3.exe | 
"{F7120B9D-99C9-4C8F-B6A3-899D1C0875F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F7A8C3CE-E384-4381-A835-3504DE30AD74}" = protocol=17 | dir=in | app=g:\battlefield 3\installation\battlefield 3\bf3.exe | 
"{F9F8A628-3862-4110-AA83-7A3D230E549A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FB317F57-F9CF-4877-B1F2-DBCAEFD44627}" = protocol=6 | dir=in | app=p:\bt stic\installation\bluesoleil.exe | 
"TCP Query User{0F1B59AF-9AB9-438B-928A-E5569FCA38E2}C:\users\***\desktop\skype portabl\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\skype portabl\skypeportable\app\skype\phone\skype.exe | 
"TCP Query User{24102579-D9B4-4D56-A725-D460FD933A04}G:\gost recon 2\installation\ghost recon advanced warfighter 2\graw2.exe" = protocol=6 | dir=in | app=g:\gost recon 2\installation\ghost recon advanced warfighter 2\graw2.exe | 
"TCP Query User{27B003A5-29C1-4089-9813-6D32DB2378FE}C:\users\***\desktop\skype portable\skypeportable\phone\skype.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\skype portable\skypeportable\phone\skype.exe | 
"TCP Query User{2F8D607A-1194-47CE-A51B-1D09E64B1EF2}P:\monitor\magic tune\installation\magictune premium\magictune.exe" = protocol=6 | dir=in | app=p:\monitor\magic tune\installation\magictune premium\magictune.exe | 
"TCP Query User{30F6CC4E-B117-4514-9956-1E9B884F0650}G:\hitman\blood money\installation\hitmanbloodmoney.exe" = protocol=6 | dir=in | app=g:\hitman\blood money\installation\hitmanbloodmoney.exe | 
"TCP Query User{38D781D5-68D5-48F5-9175-24D05F5A0151}P:\monitor\magic tune\installation\magictune premium\magictune.exe" = protocol=6 | dir=in | app=p:\monitor\magic tune\installation\magictune premium\magictune.exe | 
"TCP Query User{41D13EA5-3D99-465B-BCC7-273EA5CAD04E}C:\users\***\desktop\skype portabl\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\skype portabl\skypeportable\app\skype\phone\skype.exe | 
"TCP Query User{4552D37B-318C-4FEA-AB3F-5A41BBE26803}G:\crysis\crysis2\installation\bin32\crysis2.exe" = protocol=6 | dir=in | app=g:\crysis\crysis2\installation\bin32\crysis2.exe | 
"TCP Query User{4A1C0920-5304-4AFF-B9AE-CEDF4DFFD3A8}G:\call of duty\6 modern warfare 2\installation\iw4mp.exe" = protocol=6 | dir=in | app=g:\call of duty\6 modern warfare 2\installation\iw4mp.exe | 
"TCP Query User{4AC379C9-F709-434C-8A03-558DAB9DC088}G:\gta\iv\installation\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=g:\gta\iv\installation\gta iv\grand theft auto iv\gtaiv.exe | 
"TCP Query User{597D10AF-D084-489A-BC37-15F6881F1560}G:\splinter cell\splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=g:\splinter cell\splinter cell conviction\src\system\conviction_game.exe | 
"TCP Query User{5BBC3DDE-19F8-4378-AF9B-C9BCBAF97F57}G:\need for speed\hot persuit n\installation\nfs11.exe" = protocol=6 | dir=in | app=g:\need for speed\hot persuit n\installation\nfs11.exe | 
"TCP Query User{5EDF2392-5864-425F-8D45-2C25660C32D6}G:\anno 2070\installation\anno5.exe" = protocol=6 | dir=in | app=g:\anno 2070\installation\anno5.exe | 
"TCP Query User{646263A5-56C3-4747-9E34-514C74474A8D}G:\racedriver grid\installation\grid.exe" = protocol=6 | dir=in | app=g:\racedriver grid\installation\grid.exe | 
"TCP Query User{649A4F80-0D54-4A4B-A414-E685023B0B8B}G:\crysis\crysis\installation\bin32\crysis.exe" = protocol=6 | dir=in | app=g:\crysis\crysis\installation\bin32\crysis.exe | 
"TCP Query User{65DCC512-F19E-4138-97D7-2BFD05D76618}G:\crysis\crysis2\installation\bin32\crysis2.exe" = protocol=6 | dir=in | app=g:\crysis\crysis2\installation\bin32\crysis2.exe | 
"TCP Query User{68AF6BC1-7C81-4439-AB7E-962044750E12}G:\medal of honor\installation\binaries\moh.exe" = protocol=6 | dir=in | app=g:\medal of honor\installation\binaries\moh.exe | 
"TCP Query User{6954EA4E-0F5E-400A-9653-3934D363913F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{6A6D61B1-D306-4155-8C08-4CE3D35151D0}G:\mass effect\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=g:\mass effect\mass effect 2\binaries\masseffect2.exe | 
"TCP Query User{8503A742-BAB5-4A85-9392-DC17C87C210B}P:\safari\installation\safari.exe" = protocol=6 | dir=in | app=p:\safari\installation\safari.exe | 
"TCP Query User{8928074E-56D4-4E0F-9C2E-B2953457E792}G:\prince of persia the forgotten sands\prince of persia.exe" = protocol=6 | dir=in | app=g:\prince of persia the forgotten sands\prince of persia.exe | 
"TCP Query User{8BC34893-6014-4562-B585-11EB5FFE15F7}P:\quick time pro\installation\quicktimeplayer.exe" = protocol=6 | dir=in | app=p:\quick time pro\installation\quicktimeplayer.exe | 
"TCP Query User{8F4737D9-AB4A-4174-BAFE-21028B05F988}P:\vlc\installation\vlc\vlc.exe" = protocol=6 | dir=in | app=p:\vlc\installation\vlc\vlc.exe | 
"TCP Query User{9564EE52-374A-4D64-950A-903393742393}G:\ghost recon future soldier\installation\future soldier.exe" = protocol=6 | dir=in | app=g:\ghost recon future soldier\installation\future soldier.exe | 
"TCP Query User{98C3681C-EF8D-4DAE-9965-4450E11E2574}G:\call of duty\4 modern warfare 1\installation\iw3mp.exe" = protocol=6 | dir=in | app=g:\call of duty\4 modern warfare 1\installation\iw3mp.exe | 
"TCP Query User{9BAB0570-0421-4FE5-80E3-11208A9CD903}G:\call of duty\6 modern warfare 2\installation\iw4mp.exe" = protocol=6 | dir=in | app=g:\call of duty\6 modern warfare 2\installation\iw4mp.exe | 
"TCP Query User{9F12EFA3-92DC-4C51-8D2A-E34BCB080688}G:\intel appup\intelappstore\bin\ismagent.exe" = protocol=6 | dir=in | app=g:\intel appup\intelappstore\bin\ismagent.exe | 
"TCP Query User{9FBE5D00-320A-4198-8BB3-D567E03CEE6F}G:\need for speed\most wanted\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=g:\need for speed\most wanted\need for speed most wanted\speed.exe | 
"TCP Query User{A17AF54E-8987-44B2-B8C8-5E569BFED7A3}G:\gta\iv\installation\eflc\eflc.exe" = protocol=6 | dir=in | app=g:\gta\iv\installation\eflc\eflc.exe | 
"TCP Query User{A6EE756D-F813-4EC0-85FD-DF9DEF33E05B}G:\gta\iv\installation\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=g:\gta\iv\installation\gta iv\grand theft auto iv\gtaiv.exe | 
"TCP Query User{A807E89A-DE2A-4861-942B-2CA9928EAC01}G:\batman arkham asylum\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=g:\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"TCP Query User{A89DB115-E391-4E4F-8B2A-139CC06595CB}G:\crysis\crysis\installation\bin32\crysis.exe" = protocol=6 | dir=in | app=g:\crysis\crysis\installation\bin32\crysis.exe | 
"TCP Query User{A91C8F6F-2393-4D94-A50B-0A9AB9B22A6B}G:\max payne\3 installation\maxpayne3.exe" = protocol=6 | dir=in | app=g:\max payne\3 installation\maxpayne3.exe | 
"TCP Query User{AE715E28-DAFA-493E-A5A6-8707D7D86B14}G:\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=g:\far cry 2\bin\farcry2.exe | 
"TCP Query User{B665A5FA-50C4-44B5-B97B-D607CB496E5D}G:\medal of honor\installation\mp\mohmpgame.exe" = protocol=6 | dir=in | app=g:\medal of honor\installation\mp\mohmpgame.exe | 
"TCP Query User{BE1C8EF1-B3EC-4BD8-A96E-D1336CA7D3CD}P:\unified remote\installation\unifiedremoteserver.exe" = protocol=6 | dir=in | app=p:\unified remote\installation\unifiedremoteserver.exe | 
"TCP Query User{C2876424-5E25-461F-864B-682985E39414}G:\blur\installation\blur.exe" = protocol=6 | dir=in | app=g:\blur\installation\blur.exe | 
"TCP Query User{C29D8DC3-84C3-441B-ACF6-80CB27312912}G:\prince of persia the forgotten sands\prince of persia.exe" = protocol=6 | dir=in | app=g:\prince of persia the forgotten sands\prince of persia.exe | 
"TCP Query User{CFD82270-B829-4F75-A295-07217054E2D9}G:\splinter cell\4 double agent\installation\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=g:\splinter cell\4 double agent\installation\scda-offline\system\splintercell4.exe | 
"TCP Query User{D7332FB3-65FB-4539-A25B-1E0A1AAE560E}G:\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=g:\far cry 2\bin\farcry2.exe | 
"TCP Query User{E08D7999-00AF-4D8B-9559-0C1A330EB5FD}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{E2E358D1-61FC-4EA5-A300-CFA11291D670}G:\medal of honor\installation\mp\mohmpgame.exe" = protocol=6 | dir=in | app=g:\medal of honor\installation\mp\mohmpgame.exe | 
"TCP Query User{E39F8F8B-2D71-444F-9007-F65544F1ED77}G:\steam (metro, cod bo)\installation\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\worms reloaded\wormsreloaded.exe | 
"TCP Query User{E3E1DC65-FD8B-4497-B42C-5EB8A9E7DD95}C:\program files (x86)\samsung electronics\snap n' go\sng_monitor_app.win32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\samsung electronics\snap n' go\sng_monitor_app.win32.exe | 
"TCP Query User{E6C3E001-6A20-41A7-9523-04F9C7F07291}G:\gta\iv\installation\eflc\eflc.exe" = protocol=6 | dir=in | app=g:\gta\iv\installation\eflc\eflc.exe | 
"TCP Query User{E6E45139-9B49-4734-879E-329D00880395}C:\program files (x86)\samsung electronics\snap n' go\monitorlauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\samsung electronics\snap n' go\monitorlauncher.exe | 
"TCP Query User{F32999EB-E735-4FA0-95F1-7CA9AB0703B4}G:\anno 2070\installation\autopatcher.exe" = protocol=6 | dir=in | app=g:\anno 2070\installation\autopatcher.exe | 
"TCP Query User{F48771F6-1D5A-4ABD-B050-7A001C95EC41}S:\portable programme\poker texas hold'em\installation\pokerthportable\app\pokerth\pokerth.exe" = protocol=6 | dir=in | app=s:\portable programme\poker texas hold'em\installation\pokerthportable\app\pokerth\pokerth.exe | 
"TCP Query User{F79E8170-3D20-4EE7-9A44-E97CE1F02911}G:\medal of honor\installation\binaries\moh.exe" = protocol=6 | dir=in | app=g:\medal of honor\installation\binaries\moh.exe | 
"TCP Query User{FADF67F0-A155-40D6-AA00-182B32F02AE5}G:\unreal tournament\ut3\installation\binaries\ut3.exe" = protocol=6 | dir=in | app=g:\unreal tournament\ut3\installation\binaries\ut3.exe | 
"TCP Query User{FDC33EF3-5090-42CE-8416-7B54E176C2BC}G:\mass effect\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=g:\mass effect\mass effect 2\binaries\masseffect2.exe | 
"UDP Query User{05A4FCC1-45FD-484E-B7A3-DAD1C781E5E5}G:\splinter cell\splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=g:\splinter cell\splinter cell conviction\src\system\conviction_game.exe | 
"UDP Query User{06FBA6FA-855D-47F8-8F0C-CFA596CC42D5}G:\hitman\blood money\installation\hitmanbloodmoney.exe" = protocol=17 | dir=in | app=g:\hitman\blood money\installation\hitmanbloodmoney.exe | 
"UDP Query User{10F3547E-877E-4E32-B0B7-9AE582E53E0B}G:\splinter cell\4 double agent\installation\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=g:\splinter cell\4 double agent\installation\scda-offline\system\splintercell4.exe | 
"UDP Query User{1780425B-8D42-480A-939C-82A323DF783F}G:\crysis\crysis\installation\bin32\crysis.exe" = protocol=17 | dir=in | app=g:\crysis\crysis\installation\bin32\crysis.exe | 
"UDP Query User{18995EA8-72F2-4150-BD65-EC00FC380278}G:\call of duty\4 modern warfare 1\installation\iw3mp.exe" = protocol=17 | dir=in | app=g:\call of duty\4 modern warfare 1\installation\iw3mp.exe | 
"UDP Query User{1BFE4DD7-9DBF-4B0E-BE7B-2218DD666E02}G:\prince of persia the forgotten sands\prince of persia.exe" = protocol=17 | dir=in | app=g:\prince of persia the forgotten sands\prince of persia.exe | 
"UDP Query User{1EF0BEA7-E57F-4952-92D1-D8AA0D4DCD99}G:\mass effect\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=g:\mass effect\mass effect 2\binaries\masseffect2.exe | 
"UDP Query User{249ED187-45DD-4CB0-AC5C-954FA54ABFBD}G:\call of duty\6 modern warfare 2\installation\iw4mp.exe" = protocol=17 | dir=in | app=g:\call of duty\6 modern warfare 2\installation\iw4mp.exe | 
"UDP Query User{27C5C7E8-8542-4E50-A002-2B0F9AF49591}P:\vlc\installation\vlc\vlc.exe" = protocol=17 | dir=in | app=p:\vlc\installation\vlc\vlc.exe | 
"UDP Query User{2A5CD065-5A5B-436B-B473-044D8C05234B}G:\medal of honor\installation\mp\mohmpgame.exe" = protocol=17 | dir=in | app=g:\medal of honor\installation\mp\mohmpgame.exe | 
"UDP Query User{346BC865-5640-45DC-A4F7-A5F552DFD409}G:\medal of honor\installation\binaries\moh.exe" = protocol=17 | dir=in | app=g:\medal of honor\installation\binaries\moh.exe | 
"UDP Query User{3FE12E3F-AF6E-4278-93F1-155AFA56A07E}G:\anno 2070\installation\anno5.exe" = protocol=17 | dir=in | app=g:\anno 2070\installation\anno5.exe | 
"UDP Query User{401020AB-17DE-433B-8F60-373313E3298F}G:\batman arkham asylum\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=g:\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"UDP Query User{489726E9-3F2F-4A90-A1DC-ED133A432A6C}G:\call of duty\6 modern warfare 2\installation\iw4mp.exe" = protocol=17 | dir=in | app=g:\call of duty\6 modern warfare 2\installation\iw4mp.exe | 
"UDP Query User{4980F393-D13B-4460-93F2-CD8A50069E45}C:\users\***\desktop\skype portable\skypeportable\phone\skype.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\skype portable\skypeportable\phone\skype.exe | 
"UDP Query User{4B2EC3CB-DE9C-4C6B-A457-3D862554A4A4}G:\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=g:\far cry 2\bin\farcry2.exe | 
"UDP Query User{4B98665D-0FC5-4C53-8CEA-CDFBFC09A48F}G:\crysis\crysis2\installation\bin32\crysis2.exe" = protocol=17 | dir=in | app=g:\crysis\crysis2\installation\bin32\crysis2.exe | 
"UDP Query User{509F9060-A453-4435-A54B-30580319EC08}G:\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=g:\far cry 2\bin\farcry2.exe | 
"UDP Query User{54688DF1-5824-4C05-8583-5FEAC1DC8758}G:\gta\iv\installation\eflc\eflc.exe" = protocol=17 | dir=in | app=g:\gta\iv\installation\eflc\eflc.exe | 
"UDP Query User{570152FF-97CD-4DA5-8C7A-76DD7B9AC2F2}G:\gta\iv\installation\eflc\eflc.exe" = protocol=17 | dir=in | app=g:\gta\iv\installation\eflc\eflc.exe | 
"UDP Query User{5D361777-078B-4231-A7B9-5E77D4548F2C}C:\program files (x86)\samsung electronics\snap n' go\sng_monitor_app.win32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\samsung electronics\snap n' go\sng_monitor_app.win32.exe | 
"UDP Query User{5FCA9713-7964-42A1-86FB-0F61744AC10C}S:\portable programme\poker texas hold'em\installation\pokerthportable\app\pokerth\pokerth.exe" = protocol=17 | dir=in | app=s:\portable programme\poker texas hold'em\installation\pokerthportable\app\pokerth\pokerth.exe | 
"UDP Query User{65218BE7-0048-427D-AEC8-9475D59322CA}C:\program files (x86)\samsung electronics\snap n' go\monitorlauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\samsung electronics\snap n' go\monitorlauncher.exe | 
"UDP Query User{663F59C3-178A-4CC9-BAA6-C2084A8ADF08}G:\max payne\3 installation\maxpayne3.exe" = protocol=17 | dir=in | app=g:\max payne\3 installation\maxpayne3.exe | 
"UDP Query User{691DC271-33D6-41A0-BE34-44DA52F7C64B}G:\racedriver grid\installation\grid.exe" = protocol=17 | dir=in | app=g:\racedriver grid\installation\grid.exe | 
"UDP Query User{6F82C56A-E3B5-47CC-B2E7-BE08C84E9007}G:\ghost recon future soldier\installation\future soldier.exe" = protocol=17 | dir=in | app=g:\ghost recon future soldier\installation\future soldier.exe | 
"UDP Query User{726FF81D-72FC-42C2-975E-219D0430FC20}P:\quick time pro\installation\quicktimeplayer.exe" = protocol=17 | dir=in | app=p:\quick time pro\installation\quicktimeplayer.exe | 
"UDP Query User{89EE9F0C-0A35-4952-9EC2-2C0E52DDFD6B}G:\medal of honor\installation\binaries\moh.exe" = protocol=17 | dir=in | app=g:\medal of honor\installation\binaries\moh.exe | 
"UDP Query User{8C705440-17DF-435D-87AC-5EA61ECE9A99}G:\need for speed\hot persuit n\installation\nfs11.exe" = protocol=17 | dir=in | app=g:\need for speed\hot persuit n\installation\nfs11.exe | 
"UDP Query User{8E843EA1-2137-4B58-B696-F3C85D175ED2}G:\crysis\crysis\installation\bin32\crysis.exe" = protocol=17 | dir=in | app=g:\crysis\crysis\installation\bin32\crysis.exe | 
"UDP Query User{A461C79A-2904-42AB-A485-C85B0583E77C}G:\prince of persia the forgotten sands\prince of persia.exe" = protocol=17 | dir=in | app=g:\prince of persia the forgotten sands\prince of persia.exe | 
"UDP Query User{ACC46A25-DFB1-4EEC-9C06-8ADA15DF955C}G:\gost recon 2\installation\ghost recon advanced warfighter 2\graw2.exe" = protocol=17 | dir=in | app=g:\gost recon 2\installation\ghost recon advanced warfighter 2\graw2.exe | 
"UDP Query User{AD966DAD-DE28-41A4-9F93-95BA59EB2A86}C:\users\***\desktop\skype portabl\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\skype portabl\skypeportable\app\skype\phone\skype.exe | 
"UDP Query User{AF9440A1-47B1-4FCF-AE94-449E280299B0}G:\medal of honor\installation\mp\mohmpgame.exe" = protocol=17 | dir=in | app=g:\medal of honor\installation\mp\mohmpgame.exe | 
"UDP Query User{B1652FE1-4F83-47F3-A582-5D15223DB5FB}P:\safari\installation\safari.exe" = protocol=17 | dir=in | app=p:\safari\installation\safari.exe | 
"UDP Query User{BA0600F6-D9DB-4BE3-AD03-ABD3B94729DA}G:\need for speed\most wanted\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=g:\need for speed\most wanted\need for speed most wanted\speed.exe | 
"UDP Query User{BEF28B92-3159-4897-B24E-1CB70D7E7881}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{CD062A91-86D1-4C5D-8A80-7D1156F0D02C}G:\blur\installation\blur.exe" = protocol=17 | dir=in | app=g:\blur\installation\blur.exe | 
"UDP Query User{CDEE60C8-DAC7-46AE-BCF0-4DDC6A291FD1}G:\steam (metro, cod bo)\installation\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=g:\steam (metro, cod bo)\installation\steamapps\common\worms reloaded\wormsreloaded.exe | 
"UDP Query User{D2E2C1D1-5168-4E35-AAAB-C02E88879DB0}P:\monitor\magic tune\installation\magictune premium\magictune.exe" = protocol=17 | dir=in | app=p:\monitor\magic tune\installation\magictune premium\magictune.exe | 
"UDP Query User{D4C1F7F6-EA6B-4315-B49C-340588D93ED5}G:\anno 2070\installation\autopatcher.exe" = protocol=17 | dir=in | app=g:\anno 2070\installation\autopatcher.exe | 
"UDP Query User{D6F9D915-174E-493F-84BA-A603659767F0}G:\gta\iv\installation\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=g:\gta\iv\installation\gta iv\grand theft auto iv\gtaiv.exe | 
"UDP Query User{DA2B3E3B-C04A-4F25-926E-EE54D5FB79E0}G:\gta\iv\installation\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=g:\gta\iv\installation\gta iv\grand theft auto iv\gtaiv.exe | 
"UDP Query User{DCAF367F-F55C-48CC-B841-74DD7D55CDF4}G:\mass effect\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=g:\mass effect\mass effect 2\binaries\masseffect2.exe | 
"UDP Query User{E2CF985B-00BF-4049-86D8-775C0AAEF98B}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{E8B5CFFB-1C3B-41F5-836A-179C97845430}C:\users\***\desktop\skype portabl\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\skype portabl\skypeportable\app\skype\phone\skype.exe | 
"UDP Query User{E8BA911E-CFA7-49A3-9F80-4B2C4BD5203A}G:\unreal tournament\ut3\installation\binaries\ut3.exe" = protocol=17 | dir=in | app=g:\unreal tournament\ut3\installation\binaries\ut3.exe | 
"UDP Query User{E9B8E5AD-6E25-4DB5-9740-CCD600778C9F}G:\crysis\crysis2\installation\bin32\crysis2.exe" = protocol=17 | dir=in | app=g:\crysis\crysis2\installation\bin32\crysis2.exe | 
"UDP Query User{EE488466-EA7F-4684-9063-B6F678E36899}P:\unified remote\installation\unifiedremoteserver.exe" = protocol=17 | dir=in | app=p:\unified remote\installation\unifiedremoteserver.exe | 
"UDP Query User{FA65EE23-65F9-4776-984F-BB9B9306EEF0}P:\monitor\magic tune\installation\magictune premium\magictune.exe" = protocol=17 | dir=in | app=p:\monitor\magic tune\installation\magictune premium\magictune.exe | 
"UDP Query User{FB93F0D7-3F89-4C28-BB2B-23550D39F791}G:\intel appup\intelappstore\bin\ismagent.exe" = protocol=17 | dir=in | app=g:\intel appup\intelappstore\bin\ismagent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23B47A34-0517-48DA-8B76-015DA8546893}" = WD SmartWare
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DB61F989-7664-4E18-97C8-0AC4C5DD9FFC}" = e-mix 5.6.4 Basic Edition
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.20
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run
"{0EEDADC6-5614-4823-8CFD-B448F1601E83}" = SRS Premium Sound Control Panel
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{135100F7-9F65-4CC5-8EA4-F7E30B3BD981}" = MAGIX Music Maker 17 (Einführungsvideos)
"{1639D1F1-2088-4D13-B6B5-5450BF490658}" = MAGIX Music Maker 17 (Demosongs)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21550042-EA9F-4419-A8D7-DF732DCEB76E}" = Microsoft Office PowerPoint Remote
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28DB6586-1AAE-44DE-A1E6-9A2A5AE6112B}" = MAGIX Music Maker 17 (Soundpaket)
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4356EDD5-144A-44F2-B352-A9232D280A0C}" = MAGIX Music Maker 17
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4C781ED5-4C2A-4495-875B-85CC9266F1F0}" = ANNO 1602
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5FE71C58-78B3-4207-84C1-AF7F8F839301}" = MAGIX Web Designer 6
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66B6D13A-9CC1-417D-B6F2-58AA539D1031}" = Nero 7 Essentials
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76BB417B-2707-4450-9101-B593CA88C242}" = MYGIC TV
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit
"{84C176F9-1DAE-803C-5993-CF8703AE5841}" = Adobe Download Assistant
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9312191B-30A5-44E1-8D8D-6936FE06CDE8}" = Wanted: Weapons of Fate
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1" = WinZip Driver Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DD1AD5F-CBE7-4E0C-A251-76D25FE4D4F1}" = MAGIX Music Maker 17 (Instrumenten-Paket 1)
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6D309F9-38AB-4cc3-8DA7-0544F5011788}" = soft Xpansion Perfect PDF 6 Converter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A8BAA106-A1FB-4538-934D-3411A4B1B31D}" = MAGIX Music Maker 17 (Instrumenten-Paket 2)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA107568-1B58-407E-9867-D51F71C9F446}" = Driver Install 64-Bit
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D1DAE3-C801-4484-B884-08AD241331AF}" = PocketCloud Windows Companion
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9A17C96-1348-45CB-BB0A-1BCB3A0F854E}" = Bluesoleil2.7.0.35 VoIP Release 080317
"{BC73BB64-DC02-4ECA-9616-7133BAA4D104}" = Unified Remote
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1FD3035-DD6F-4A17-BC30-784E97EFBC68}" = Gothic III - Forsaken Gods
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E33B0160-C539-4E5E-A396-F825DE2264FC}" = MAGIX Music Maker 17 (Synthesizer und Effekte)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E46C4D1B-39D0-4A9F-0001-6529DDC11226}" = CDRWIN 9 Basic
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1Sec}_is1" = ArcaniA - Gothic 4 Patch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"ArcaniA" = ArcaniA - Gothic 4
"ArtMoney SE_is1" = ArtMoney SE v7.37
"Ashampoo Undeleter_is1" = Ashampoo Undeleter v.1.10
"Ashampoo UnInstaller 2010_is1" = Ashampoo UnInstaller 2010
"Ashampoo WinOptimizer 5_is1" = Ashampoo WinOptimizer 5.10
"ASIO4ALL" = ASIO4ALL
"Audio Recorder for FREE_is1" = Audio Recorder for FREE 2010 v12.8.1
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Cool Record Edit Pro" = Cool Record Edit Pro
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dlancockpit" = devolo dLAN Cockpit
"Drumaxx" = Drumaxx
"DS-MP3 Source" = DS-MP3 Source 1.30
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.4" = ESN Sonar
"FL Studio 9" = FL Studio 9
"Freemake Video Downloader_is1" = Freemake Video Downloader
"Freeraser" = Freeraser
"Game Booster_is1" = Game Booster
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"Giraffic" = Veoh Giraffic Video Accelerator
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
"InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}" = Driver Install 64-Bit
"MAGIX_{135100F7-9F65-4CC5-8EA4-F7E30B3BD981}" = MAGIX Music Maker 17 (Einführungsvideos)
"MAGIX_{1639D1F1-2088-4D13-B6B5-5450BF490658}" = MAGIX Music Maker 17 (Demosongs)
"MAGIX_{28DB6586-1AAE-44DE-A1E6-9A2A5AE6112B}" = MAGIX Music Maker 17 (Soundpaket)
"MAGIX_{4356EDD5-144A-44F2-B352-A9232D280A0C}" = MAGIX Music Maker 17
"MAGIX_{9DD1AD5F-CBE7-4E0C-A251-76D25FE4D4F1}" = MAGIX Music Maker 17 (Instrumenten-Paket 1)
"MAGIX_{A8BAA106-A1FB-4538-934D-3411A4B1B31D}" = MAGIX Music Maker 17 (Instrumenten-Paket 2)
"MAGIX_{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"MAGIX_{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"MAGIX_{E33B0160-C539-4E5E-A396-F825DE2264FC}" = MAGIX Music Maker 17 (Synthesizer und Effekte)
"MAGIX_MSI_Web_Designer_6_DLM" = MAGIX Web Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFreeCodec" = MyFreeCodec
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Sakura" = Sakura
"Sawer" = Sawer
"ST6UNST #1" = GSkype 1.5
"Steam App 22600" = Worms Reloaded
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 34830" = Sniper: Ghost Warrior
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 49480" = Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo
"Steam App 55100" = Homefront
"stunnel" = stunnel
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"TightVNC" = TightVNC 2.0.4
"Toxic Biohazard" = Toxic Biohazard
"TweakNow RegCleaner 2012_is1" = TweakNow RegCleaner 2012
"TweakNow WinSecret 2012_is1" = TweakNow WinSecret 2012
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 2.0.1
"Vtune_is1" = Vtune 7.5
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Winter Wonderland 3D Screensaver and Animated Wallpaper_is1" = Winter Wonderland 3D Screensaver and Animated Wallpaper 1.1
"Wireless Wireless Flat Metal Keyboard" = Wireless Flat Metal Keyboard 
"XMedia Recode" = XMedia Recode 2.1.2.5
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.07.2012 22:39:20 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.07.2012 22:39:20 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10000
 
Error - 03.07.2012 22:39:20 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10000
 
Error - 03.07.2012 22:39:21 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.07.2012 22:39:21 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10998
 
Error - 03.07.2012 22:39:21 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10998
 
Error - 03.07.2012 22:39:22 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.07.2012 22:39:22 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11996
 
Error - 03.07.2012 22:39:22 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11996
 
Error - 03.07.2012 22:39:23 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.07.2012 22:39:23 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13010
 
Error - 03.07.2012 22:39:23 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13010
 
[ System Events ]
Error - 03.07.2012 10:21:52 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 03.07.2012 10:33:42 | Computer Name = *** | Source = DCOM | ID = 10010
Description = 
 
Error - 03.07.2012 10:35:36 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.07.2012 10:37:40 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 03.07.2012 10:37:45 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 03.07.2012 10:38:19 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 03.07.2012 12:49:30 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 03.07.2012 19:21:11 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 03.07.2012 20:09:58 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 04.07.2012 04:40:12 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von Lt.P (06.07.2012 um 12:29 Uhr)

Alt 06.07.2012, 12:31   #8
Lt.P
 
GVU-Sperre umgangen, Trojaner noch da? - Standard

GVU-Sperre umgangen, Trojaner noch da?



...und zur Vervollständigung:

3. Avira Antivir log:
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 3. Juli 2012  16:51

Es wird nach 3829258 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : ***
Computername   : ***

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE     : 12.3.0.15     466896 Bytes  01.05.2012 22:48:48
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  02.05.2012 00:02:50
LUKE.DLL       : 12.3.0.15      68304 Bytes  01.05.2012 23:31:47
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  01.05.2012 22:13:36
AVREG.DLL      : 12.3.0.17     232200 Bytes  03.07.2012 14:49:26
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:22:12
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 23:31:36
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 10:43:53
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 14:49:19
VBASE006.VDF   : 7.11.34.117     2048 Bytes  29.06.2012 14:49:19
VBASE007.VDF   : 7.11.34.118     2048 Bytes  29.06.2012 14:49:19
VBASE008.VDF   : 7.11.34.119     2048 Bytes  29.06.2012 14:49:19
VBASE009.VDF   : 7.11.34.120     2048 Bytes  29.06.2012 14:49:19
VBASE010.VDF   : 7.11.34.121     2048 Bytes  29.06.2012 14:49:19
VBASE011.VDF   : 7.11.34.122     2048 Bytes  29.06.2012 14:49:19
VBASE012.VDF   : 7.11.34.123     2048 Bytes  29.06.2012 14:49:19
VBASE013.VDF   : 7.11.34.124     2048 Bytes  29.06.2012 14:49:19
VBASE014.VDF   : 7.11.34.201   169472 Bytes  02.07.2012 14:49:20
VBASE015.VDF   : 7.11.34.202     2048 Bytes  02.07.2012 14:49:20
VBASE016.VDF   : 7.11.34.203     2048 Bytes  02.07.2012 14:49:20
VBASE017.VDF   : 7.11.34.204     2048 Bytes  02.07.2012 14:49:20
VBASE018.VDF   : 7.11.34.205     2048 Bytes  02.07.2012 14:49:20
VBASE019.VDF   : 7.11.34.206     2048 Bytes  02.07.2012 14:49:20
VBASE020.VDF   : 7.11.34.207     2048 Bytes  02.07.2012 14:49:20
VBASE021.VDF   : 7.11.34.208     2048 Bytes  02.07.2012 14:49:20
VBASE022.VDF   : 7.11.34.209     2048 Bytes  02.07.2012 14:49:20
VBASE023.VDF   : 7.11.34.210     2048 Bytes  02.07.2012 14:49:20
VBASE024.VDF   : 7.11.34.211     2048 Bytes  02.07.2012 14:49:20
VBASE025.VDF   : 7.11.34.212     2048 Bytes  02.07.2012 14:49:20
VBASE026.VDF   : 7.11.34.213     2048 Bytes  02.07.2012 14:49:20
VBASE027.VDF   : 7.11.34.214     2048 Bytes  02.07.2012 14:49:20
VBASE028.VDF   : 7.11.34.215     2048 Bytes  02.07.2012 14:49:20
VBASE029.VDF   : 7.11.34.216     2048 Bytes  02.07.2012 14:49:20
VBASE030.VDF   : 7.11.34.217     2048 Bytes  02.07.2012 14:49:20
VBASE031.VDF   : 7.11.34.242    38912 Bytes  03.07.2012 14:49:20
Engineversion  : 8.2.10.102
AEVDF.DLL      : 8.1.2.8       106867 Bytes  03.07.2012 14:49:25
AESCRIPT.DLL   : 8.1.4.28      455035 Bytes  03.07.2012 14:49:25
AESCN.DLL      : 8.1.8.2       131444 Bytes  16.02.2012 16:11:36
AESBX.DLL      : 8.2.5.12      606578 Bytes  03.07.2012 14:49:25
AERDL.DLL      : 8.1.9.15      639348 Bytes  20.01.2012 23:21:32
AEPACK.DLL     : 8.2.16.22     807288 Bytes  03.07.2012 14:49:25
AEOFFICE.DLL   : 8.1.2.40      201082 Bytes  03.07.2012 14:49:24
AEHEUR.DLL     : 8.1.4.58     4993399 Bytes  03.07.2012 14:49:24
AEHELP.DLL     : 8.1.23.2      258422 Bytes  03.07.2012 14:49:21
AEGEN.DLL      : 8.1.5.30      422261 Bytes  03.07.2012 14:49:21
AEEXP.DLL      : 8.1.0.58       82292 Bytes  03.07.2012 14:49:25
AEEMU.DLL      : 8.1.3.0       393589 Bytes  20.01.2012 23:21:29
AECORE.DLL     : 8.1.25.10     201080 Bytes  03.07.2012 14:49:21
AEBB.DLL       : 8.1.1.0        53618 Bytes  20.01.2012 23:21:28
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  01.05.2012 22:59:21
AVPREF.DLL     : 12.3.0.15      51920 Bytes  01.05.2012 22:44:31
AVREP.DLL      : 12.3.0.15     179208 Bytes  01.05.2012 22:13:35
AVARKT.DLL     : 12.3.0.15     211408 Bytes  01.05.2012 22:21:32
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  01.05.2012 22:28:49
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  16.04.2012 21:11:02
AVSMTP.DLL     : 12.3.0.15      63440 Bytes  01.05.2012 22:51:35
NETNT.DLL      : 12.3.0.15      17104 Bytes  01.05.2012 23:33:29
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  02.05.2012 00:03:51
RCTEXT.DLL     : 12.3.0.15      98512 Bytes  02.05.2012 00:03:51

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Kurze Systemprüfung nach Installation
Konfigurationsdatei...................: p:\avira\antivir\installation\avira\antivir desktop\setupprf.dat
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Dienstag, 3. Juli 2012  16:51

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avconfig.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'setup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'presetup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avira_free_antivirus_de.exe' - '1' Modul(e) wurden durchsucht
  Modul ist OK -> <P:\Installationsdateien\Programme\Sicherheit\avira_free_antivirus_de.exe>
  [WARNUNG]   Die Datei ist kennwortgeschützt
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FABS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'veohwebplayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmplayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Veoh_Giraffic.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'tvnserver.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IoctlSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Veoh_GirafficWatchdog.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CaptureLibService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'devolonetsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASCService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\AC3Filter\uninstall.exe
  [WARNUNG]   Unerwartetes Dateiende erreicht
C:\Program Files (x86)\stunnel\uninstall.exe
  [WARNUNG]   Unerwartetes Dateiende erreicht
C:\Windows\Sysnative\drivers\sptd.sys
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '7355' Dateien ).



Ende des Suchlaufs: Dienstag, 3. Juli 2012  16:52
Benötigte Zeit: 01:43 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   8052 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
   8051 Dateien ohne Befall
     52 Archive wurden durchsucht
      4 Warnungen
      0 Hinweise
         
4. Malwarebytes logs:
4.1. mbam-log-2012-07-02 (23-53-27).txt
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

Schutz: Aktiviert

02.07.2012 23:53:27
mbam-log-2012-07-02 (23-53-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 680435
Laufzeit: 6 Stunde(n), 53 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 11
P:\Installationsdateien\Programme\Chip.de Adventskalener 2011\SoftonicDownloader_fuer_hypercam.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Local\Temp\er1s0irh.tmp\SoftonicDownloader_fuer_ac3filter.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
P:\Installationsdateien\Spiele\Mods\Ghost Recon Advanced Warfighter 2\graw -3\gh-graw2.exe (Malware.Packer.as) -> Erfolgreich gelöscht und in Quarantäne gestellt.
P:\Installationsdateien\Spiele\Mods\GTA\GTASA\Cheat Prg\pztrain.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
T:\portable Programme\Lupo Suite\Lupo PenSuite v6.75 Full\Apps\CCleaner Portable\unicows.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
T:\portable Programme\Lupo Suite\Lupo PenSuite v6.75 Full\Apps\Extra\Network\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.
T:\portable Programme\Lupo Suite\Lupo PenSuite v6.75 Full\Apps\FDM Lite\dbghelp.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
T:\portable Programme\Lupo Suite\Lupo PenSuite v6.75 Full\Apps\FDM Lite\msvcp60.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
T:\portable Programme\Lupo Suite\Lupo PenSuite v6.75 Full\Apps\Recuva Portable\unicows.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\reg.reg (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\reg.reg (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
4.2. protection-log-2012-07-02.txt
Code:
ATTFilter
2012/07/02 23:53:09 +0200	***	***	MESSAGE	Starting protection
2012/07/02 23:53:11 +0200	***	***	MESSAGE	Executing scheduled update:  Daily
2012/07/02 23:53:15 +0200	***	***	MESSAGE	Protection started successfully
2012/07/02 23:53:15 +0200	***	***	MESSAGE	Database already up-to-date
2012/07/02 23:53:18 +0200	***	***	MESSAGE	Starting IP protection
2012/07/02 23:53:21 +0200	***	***	MESSAGE	IP Protection started successfully
         
4.3. protection-log-2012-07-03.txt
Code:
ATTFilter
2012/07/03 00:12:38 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49870, Process: firefox.exe)
2012/07/03 00:12:48 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49872, Process: firefox.exe)
2012/07/03 00:12:48 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49874, Process: firefox.exe)
2012/07/03 00:12:48 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49876, Process: firefox.exe)
2012/07/03 00:12:48 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49877, Process: firefox.exe)
2012/07/03 16:20:07 +0200	***	***	MESSAGE	Executing scheduled update:  Daily
2012/07/03 16:20:17 +0200	***	***	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.07.02.05 to version v2012.07.03.05
2012/07/03 16:20:58 +0200	***	***	MESSAGE	Starting protection
2012/07/03 16:21:02 +0200	***	***	MESSAGE	Protection started successfully
2012/07/03 16:21:05 +0200	***	***	MESSAGE	Starting IP protection
2012/07/03 16:21:06 +0200	***	***	MESSAGE	IP Protection started successfully
2012/07/03 16:21:06 +0200	***	***	MESSAGE	Starting database refresh
2012/07/03 16:21:06 +0200	***	***	MESSAGE	Stopping IP protection
2012/07/03 16:22:24 +0200	***	***	MESSAGE	IP Protection stopped
2012/07/03 16:22:27 +0200	***	***	MESSAGE	Database refreshed successfully
2012/07/03 16:22:27 +0200	***	***	MESSAGE	Starting IP protection
2012/07/03 16:22:27 +0200	***	***	MESSAGE	IP Protection started successfully
2012/07/03 16:38:15 +0200	***	***	MESSAGE	Starting protection
2012/07/03 16:38:19 +0200	***	***	MESSAGE	Protection started successfully
2012/07/03 16:38:22 +0200	***	***	MESSAGE	Starting IP protection
2012/07/03 16:38:24 +0200	Ü***	***	MESSAGE	IP Protection started successfully
2012/07/03 16:44:58 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49295, Process: firefox.exe)
2012/07/03 16:47:39 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49341, Process: firefox.exe)
2012/07/03 16:47:55 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49378, Process: firefox.exe)
2012/07/03 16:47:55 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49394, Process: firefox.exe)
2012/07/03 16:47:55 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49400, Process: firefox.exe)
2012/07/03 16:47:55 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49401, Process: firefox.exe)
2012/07/03 16:47:55 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49402, Process: firefox.exe)
2012/07/03 16:47:55 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49405, Process: firefox.exe)
2012/07/03 16:58:31 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49519, Process: firefox.exe)
2012/07/03 16:58:31 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49520, Process: firefox.exe)
2012/07/03 16:58:31 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49536, Process: firefox.exe)
2012/07/03 16:58:31 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49549, Process: firefox.exe)
2012/07/03 16:58:31 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49556, Process: firefox.exe)
2012/07/03 16:58:31 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49559, Process: firefox.exe)
2012/07/03 16:58:31 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49560, Process: firefox.exe)
2012/07/03 16:58:31 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 49564, Process: firefox.exe)
2012/07/03 17:00:08 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 50038, Process: firefox.exe)
2012/07/03 17:00:08 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 50039, Process: firefox.exe)
2012/07/03 17:00:08 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 50041, Process: firefox.exe)
2012/07/03 17:00:08 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 50045, Process: firefox.exe)
2012/07/03 17:00:41 +0200	***	***	IP-BLOCK	**************** (Type: outgoing, Port: 50200, Process: firefox.exe)
2012/07/03 17:02:23 +0200	***	***	MESSAGE	Stopping IP protection
2012/07/03 17:03:53 +0200	***	***	MESSAGE	IP Protection stopped
         
4.4. protection-log-2012-07-04.txt
Code:
ATTFilter
2012/07/04 12:48:58 +0200	***	***	MESSAGE	Executing scheduled update:  Daily
2012/07/04 12:49:08 +0200	***	***	MESSAGE	Starting database refresh
2012/07/04 12:49:08 +0200	***	***	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.07.03.05 to version v2012.07.04.04
2012/07/04 12:49:11 +0200	***	***	MESSAGE	Database refreshed successfully
2012/07/04 14:15:25 +0200	***	***	DETECTION	C:\Users***\AppData\Local\Temp\0_0u_l.exe	Trojan.Agent	QUARANTINE
2012/07/04 14:54:44 +0200	***	***	DETECTION	c:\users\***\appdata\local\temp\0_0u_l.exe	Trojan.Agent	DENY
2012/07/04 14:54:44 +0200	***	***	DETECTION	c:\users\***\appdata\local\temp\0_0u_l.exe	Trojan.Agent	DENY
         

in den logfiles sind angaben zu persönlichem Schutz verschleiert:
*** für Benutzername/ PC-Name
*************** für div. IP-Adressen

durch einen anderen thread sehe ich ich daran erinnert:
ein webcamfenster war bei der gvu sperre auch integriert...

Alt 06.07.2012, 14:39   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Sperre umgangen, Trojaner noch da? - Standard

GVU-Sperre umgangen, Trojaner noch da?



Zitat:
(btw. der patch ist hier tatsächlich nur ein patch
Sry aber da bin ich anderer Meinung
Eine Suche nach PatchFX im Zusammenhang mit GTA fördert nur NoCD-Cracks zu Tage!

Sry aber bei illegaler Software gibt es hier nur noch Hilfe zur Datensicherung + Neuinstallation von Windows

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

Alt 06.07.2012, 15:10   #10
Lt.P
 
GVU-Sperre umgangen, Trojaner noch da? - Standard

GVU-Sperre umgangen, Trojaner noch da?



keine diskussionseinladung oder bitte um weitere hilfe, aber:

da bin ich nun doch sehr enttäuscht;
ich habe gta san andreas legal erworben, die cd steht in meinem regal. ich sehe nicht, wohingehend die beschaffung eines nocd cracks, der besitz oder die nutzng illegal ist. in meinem fall gründet das auf die einfache tatsache, dass ich nur ein laufwerk habe und nicht darauf eingeschränkt sein möchte, gta nicht spielen zu können, nur weil ich währenddessen music cds hören möchte oder eine software oder ein spiel installieren.

ich kann sehr gut nachvollziehen, dass sich dieses forum von illegalen machenschaften und produkten distanzieren möchte. aber eine pauschal-verurteilung von mitgliedern aufgrund von den administratoren ggf. unbekannter software oder patches, die nur dem persönlichen komfort/eigenbedarf und in KEINSTER weise der schädigung des urheberrechts dienen kann ich nicht nachvollziehen.

als einer der (leider wenigen) legal kaufenden kunden von urheberrechtlich geschützem gut unterstütze ich die verurteilung von dem widersprechenden machenschaften und die distanzierung von potentiellen tätern, aber ich hatte mit mehr objektivität und evt zumindest einer rücksprache gerechnent.

ich bedanke mich für die bis hierhin geleistete hilfe und werde das forum weiterempfehlen, aber auch darauf hinweisen, dass bzgl. völliger offenheit gegenüber den hilfeleistenden mit vorsicht vorzugehen ist.

mfg

p.s. danke für die tips bzgl. softonic und cracks im allgemeinen!

Alt 06.07.2012, 15:46   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Sperre umgangen, Trojaner noch da? - Standard

GVU-Sperre umgangen, Trojaner noch da?



Zitat:
ich habe gta san andreas legal erworben, die cd steht in meinem regal.
Schön mag ja sein, aber wie soll ich das durch das Forum verifizieren?
Wenn ich hier eine Ausnahme mach muss ich bei jedem Cracky eine Ausnahme machen und schon wäre unsere Regel wirkungslos und ad abusrdum geführt!

Auch ein NoCD Crack ist illegal, denn er stellt eine Veränderung an der Binärdatei des Herstellers dar, genau diese Änderung der ausführbaren Datei schließt jeder Hersteller in den Nutzungsbedingungen aus
Zudem könntest du mit diesem NoCD Crack rein theoretisch mit einer Lizenz eine beliebige Anzahl an Rechner mit diesem Spiel ausstatten

Antwort

Themen zu GVU-Sperre umgangen, Trojaner noch da?
0_0u_i.exe, antimalware, antivir, avira, defender, gesperrt, gvu- und gema-sperre, herunterfahren, kaspersky, log, malwarebytes, neustarten, prozess, scan, screen, sperrbildschirm, taskmanager, trojaner, trojaner?, win7, win7 64bit, windows



Ähnliche Themen: GVU-Sperre umgangen, Trojaner noch da?


  1. Schreiben der Telekom , unser Anschluss sei infiziert und versende Trojaner/Viren , drohende Sperre ?
    Plagegeister aller Art und deren Bekämpfung - 16.01.2014 (15)
  2. 100 Euro Sperre scheinbar Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (11)
  3. GVU Troyaner per Wiederherstellungsp. in XP umgangen. Malwarebytes findet 3 Einträge. Was nun?
    Plagegeister aller Art und deren Bekämpfung - 21.01.2013 (30)
  4. Laptop sperre angeblich Gema/Trojaner
    Log-Analyse und Auswertung - 07.08.2012 (2)
  5. PC Sperre - Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (9)
  6. AKM Virus,PC-Sperre
    Plagegeister aller Art und deren Bekämpfung - 08.05.2012 (3)
  7. AKM Virus,PC-Sperre
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (5)
  8. Windows Sperre bzw. 50 Euro Trojaner
    Log-Analyse und Auswertung - 17.02.2012 (15)
  9. Windows Sperre - 50 Euro Trojaner
    Log-Analyse und Auswertung - 16.02.2012 (11)
  10. BKA Trojaner umgangen, was sind die nächsten richtigen Schritte?
    Plagegeister aller Art und deren Bekämpfung - 26.08.2011 (3)
  11. Trojaner noch da? C Laufwerk noch unsichtbar
    Log-Analyse und Auswertung - 16.05.2011 (11)
  12. BKA UCASH Sperre
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (9)

Zum Thema GVU-Sperre umgangen, Trojaner noch da? - Guten Tag, 1. Am 02.07.2012 habe ich einen GVU Sperrbildschirm bekommen. Mehrere Wochen zuvor hatte ich einen ähnlichen Sperrbildschirm mit der GEMA als vermeindtlichem Initiator. 1.1. Bei dem GEMA Screen - GVU-Sperre umgangen, Trojaner noch da?...
Archiv
Du betrachtest: GVU-Sperre umgangen, Trojaner noch da? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.