Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Sperrbildschirm Win7 64bit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.07.2012, 22:43   #1
Grftjx
 
GVU Sperrbildschirm Win7 64bit - Standard

GVU Sperrbildschirm Win7 64bit



Hallo,
auch mich hat gestern der GVU Sperrbildschirm ereilt. Ich poste mal die verschiedenen log-files und hoffe, dass das alles ist, was ihr braucht.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jan :: JAN-PC [Administrator]

Schutz: Aktiviert

05.07.2012 21:06:34
mbam-log-2012-07-05 (21-06-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 508703
Laufzeit: 1 Stunde(n), 4 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
K:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Worm.Autorun) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
K:\ ist übrigens mein USB-Stick

Code:
ATTFilter
OTL logfile created on: 05.07.2012 22:23:25 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Jan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 9,70 Gb Available Physical Memory | 80,80% Memory free
24,00 Gb Paging File | 21,46 Gb Available in Paging File | 89,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 20,95 Gb Free Space | 21,46% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 76,98 Gb Free Space | 20,91% Space Free | Partition Type: NTFS
Drive K: | 3,73 Gb Total Space | 1,64 Gb Free Space | 43,90% Space Free | Partition Type: FAT32
 
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.05 21:12:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.07.03 18:21:27 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\afwServ.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.24 00:38:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.10.06 02:21:56 | 000,288,088 | ---- | M] () -- E:\Hotspot Shield\bin\openvpnas.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.05.27 01:14:40 | 000,329,544 | ---- | M] () -- E:\Hotspot Shield\bin\hsswd.exe
PRC - [2011.05.27 01:14:36 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- E:\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- E:\Cisco Systems\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.05 14:59:08 | 000,256,160 | ---- | M] () -- C:\Users\Jan\AppData\Local\Temp\0_0u_l.exe
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.03 18:21:27 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2012.06.23 10:37:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.24 00:38:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.02.21 06:26:30 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- E:\Global Agenda\HiPatchService.exe -- (HiPatchService)
SRV - [2012.02.01 23:59:43 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.06 02:24:34 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- E:\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011.10.06 02:21:56 | 000,288,088 | ---- | M] () [Auto | Running] -- E:\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.27 01:14:40 | 000,329,544 | ---- | M] () [Auto | Running] -- E:\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011.05.27 01:14:36 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- E:\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- E:\Cisco Systems\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.09.17 09:36:18 | 000,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.07.03 18:21:52 | 000,266,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012.07.03 18:21:52 | 000,142,128 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 18:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.05.17 18:50:28 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.30 15:22:02 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011.08.30 15:22:02 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011.05.25 01:40:12 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2011.04.30 13:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.07 16:24:46 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2010.09.04 00:24:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010.03.09 12:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.03.04 13:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.27 17:46:16 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.10 21:09:35 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.10.10 21:09:33 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.17 13:17:22 | 000,196,096 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.11.04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (Magic Tune)
DRV:64bit: - [2007.05.01 15:37:06 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH0464.sys -- (SaiH0464)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.07 12:03:40 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- E:\PC Wizard 2009\pcwiz64.sys -- (cpuz132)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F E4 80 F9 AD 5A CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/mail?&.src=ym&.intl=de&rl=1"
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: E:\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Jan\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.27 17:19:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.07.05 15:11:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Mozilla Firefox 4.0 Beta 7\components [2012.07.05 14:56:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Mozilla Firefox 4.0 Beta 7\plugins [2012.04.14 11:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: E:\Mozilla Firefox\components [2011.11.15 21:05:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: E:\Mozilla Firefox\plugins [2012.04.14 11:55:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: E:\Mozilla Firefox 4.0 Beta 7\components [2012.07.05 14:56:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: E:\Mozilla Firefox 4.0 Beta 7\plugins [2012.04.14 11:55:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: E:\Mozilla Firefox\components [2011.11.15 21:05:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: E:\Mozilla Firefox\plugins [2012.04.14 11:55:37 | 000,000,000 | ---D | M]
 
[2009.10.29 11:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2012.05.18 21:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions
[2010.04.28 12:29:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.18 21:28:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.03.10 15:53:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.11.25 00:08:53 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\battlefieldheroespatcher@ea.com
[2011.04.14 16:36:25 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\battlefieldplay4free@ea.com
[2011.08.12 15:16:59 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\DeviceDetection@logitech.com
[2009.10.29 11:15:09 | 000,000,000 | ---D | M] ("Image Download") -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\imagedownload@whygudu.iblog.cn
[2010.07.30 23:05:07 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\YoutubeDownloader@PeterOlayev.com
[2011.01.09 14:31:13 | 000,001,742 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\uqp4qoq0.default\searchplugins\googlede-pws.xml
[2012.07.05 15:11:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012.03.24 12:01:37 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UQP4QOQ0.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - E:\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - E:\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Xvid] E:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - C:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B8DFC33-AC17-4778-83C9-38F3358C7C2B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b21ac3c3-844f-11e0-af39-002421e3d649}\Shell - "" = AutoRun
O33 - MountPoints2\{b21ac3c3-844f-11e0-af39-002421e3d649}\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\{ffad9f23-a03c-11e1-8453-978914e137ec}\Shell - "" = AutoRun
O33 - MountPoints2\{ffad9f23-a03c-11e1-8453-978914e137ec}\Shell\AutoRun\command - "" = F:\arun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.05 21:12:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2012.07.05 21:00:24 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes
[2012.07.05 21:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.05 21:00:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.05 21:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.05 21:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.03 20:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2012.07.03 20:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2012.07.03 20:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012.07.03 20:58:47 | 000,000,000 | ---D | C] -- C:\Temp
[2012.07.02 16:17:09 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Electronic Arts
[2012.07.02 16:15:57 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Electronic Arts
[2012.07.02 11:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.01 17:42:18 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012.06.16 17:53:51 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Klinische Psychologie Seminar SS12
[2012.06.13 16:52:32 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Macromedia
[2012.06.13 08:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.13 08:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.13 08:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2009.09.04 19:12:23 | 052,930,896 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Jan\9-8_vista32-64_ccc_lang2.exe
[2009.09.04 19:08:27 | 042,859,104 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Jan\9-8_vista64_win7_64_dd.exe
[2 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.05 22:27:10 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 22:27:10 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 22:22:18 | 000,000,020 | ---- | M] () -- C:\Users\Jan\defogger_reenable
[2012.07.05 22:20:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.05 22:19:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.05 22:19:34 | 1073,094,654 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.05 22:11:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.05 21:37:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.05 21:12:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2012.07.05 21:11:53 | 000,050,477 | ---- | M] () -- C:\Users\Jan\Desktop\Defogger.exe
[2012.07.05 21:00:19 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.05 20:52:28 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.05 15:29:44 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.05 15:29:44 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.05 15:29:44 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.05 15:29:44 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.05 15:29:44 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.05 15:11:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.07.05 14:59:08 | 000,001,873 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.03 21:00:07 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2012.07.03 20:59:30 | 000,002,591 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2012.07.03 20:58:22 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.07.03 18:21:52 | 000,266,776 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.07.03 18:21:52 | 000,142,128 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.07.03 18:21:52 | 000,019,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.07.03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.06.19 15:09:09 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.19 15:09:09 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.19 15:08:33 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.06.14 10:19:46 | 000,446,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 08:25:11 | 000,001,440 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.11 13:50:46 | 000,187,392 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
 
========== Files Created - No Company Name ==========
 
[2012.07.05 22:22:17 | 000,000,020 | ---- | C] () -- C:\Users\Jan\defogger_reenable
[2012.07.05 21:11:52 | 000,050,477 | ---- | C] () -- C:\Users\Jan\Desktop\Defogger.exe
[2012.07.05 21:00:19 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.05 14:59:08 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.07.05 14:59:08 | 000,001,873 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.03 20:59:30 | 000,002,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2012.07.03 20:58:22 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2012.06.13 08:25:11 | 000,001,440 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.11 13:50:46 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.29 15:46:14 | 000,035,407 | ---- | C] () -- C:\Users\Jan\.TransferManager.db
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.11 13:05:03 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.08.11 13:05:03 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.04.22 13:40:30 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.04.22 13:40:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.04.22 13:40:26 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.03.05 18:30:23 | 000,007,606 | ---- | C] () -- C:\Users\Jan\AppData\Local\Resmon.ResmonCfg
[2010.10.29 12:59:37 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010.10.29 12:59:37 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010.10.24 22:09:04 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.04.24 22:07:55 | 000,005,632 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.09 21:33:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.29 11:28:32 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.09.04 19:22:46 | 037,922,152 | ---- | C] () -- C:\Users\Jan\setupger.exe
 
========== LOP Check ==========
 
[2012.01.21 23:28:06 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\.minecraft
[2012.01.22 00:11:18 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\.minecraft_xray
[2011.08.17 16:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\.visualvm
[2009.10.29 11:15:06 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Azureus
[2009.10.29 11:15:06 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Bump Technologies, Inc
[2012.05.17 18:51:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
[2011.12.01 01:00:11 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoft
[2011.11.28 23:22:23 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.02 16:15:57 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Electronic Arts
[2009.12.02 16:05:38 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Foxit
[2011.02.22 01:36:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Hi-Rez Studios
[2011.01.04 00:39:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ICQ
[2009.10.29 11:15:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Leadertech
[2010.12.19 03:10:43 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\LolClient
[2009.12.11 00:00:49 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.04.27 23:31:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Mount&Blade Warband
[2009.10.29 11:15:09 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\OpenOffice.org
[2011.10.26 22:07:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Origin
[2011.03.17 15:54:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PunkBuster
[2012.04.24 22:16:43 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TS3Client
[2011.05.23 00:24:17 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Ubisoft
[2012.01.18 01:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Unity
[2012.06.19 14:49:43 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 05.07.2012 22:23:25 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Jan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 9,70 Gb Available Physical Memory | 80,80% Memory free
24,00 Gb Paging File | 21,46 Gb Available in Paging File | 89,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 20,95 Gb Free Space | 21,46% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 76,98 Gb Free Space | 20,91% Space Free | Partition Type: NTFS
Drive K: | 3,73 Gb Total Space | 1,64 Gb Free Space | 43,90% Space Free | Partition Type: FAT32
 
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ECD0029-747B-44A1-B42F-86A1AB926CF9}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{10114B6B-E924-4445-9B17-F16F57C835D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1FCE04CC-8EFD-490E-8C31-1ECE6872D247}" = lport=3724 | protocol=6 | dir=in | name=blizzard | 
"{2379E9EB-7C31-4C7A-89FB-3B434CC82777}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{313E3685-22C0-47F2-8393-1A2E28C8D605}" = rport=138 | protocol=17 | dir=out | app=system | 
"{33FDD278-5024-4E9E-887F-AABEFCA6987F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{349166D8-7849-4378-BA64-F65E0BA47F4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3731AB24-C4F4-488A-90B4-2A28DC7DFC4D}" = lport=6993 | protocol=17 | dir=in | name=league of legends launcher | 
"{3903FB2A-8C7D-4800-9604-E8E96480ADF2}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{3B0E206C-8F2A-4CA8-8BC2-6C1D561E63E2}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{3E4511B1-17F9-4721-A8A4-676801202E35}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{4D0B3D67-D465-4398-A299-153360FF0095}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{4EB3F8F4-1134-4560-9D88-C286960B51AE}" = lport=6944 | protocol=17 | dir=in | name=league of legends launcher | 
"{51F56C72-2EB8-4D20-A83D-D6389B875877}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{52467EFE-14D3-47D3-83B5-B3F2DAE9C75D}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{52AE3E79-B87A-44A0-826B-70DCD6DA874E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{52D2053C-C7A1-4A36-8419-7D3090EEFF05}" = lport=6993 | protocol=6 | dir=in | name=league of legends launcher | 
"{5C4D133F-4537-4F5E-AE20-FD515FBE9F58}" = lport=3724 | protocol=17 | dir=in | name=wow | 
"{64335716-B49E-4863-8A90-2BB78FFFCEA0}" = lport=1119 | protocol=17 | dir=in | name=wow | 
"{80122AD6-03EB-4250-8252-5C9D178688EE}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{84B43CA1-E808-422F-B9E1-D4C42A90E991}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{87CA625D-3045-4B88-88A8-8EA5CA5B08B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8AB1E30B-1077-4305-A17A-AC4D5FCDE01B}" = lport=6004 | protocol=17 | dir=in | app=c:\microsoft office\office14\outlook.exe | 
"{8DB379B9-6CEF-41F7-B531-E7A037913362}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{8F2CA56A-668E-4B24-A3AC-7D9CEAFFBBA1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{91DE59C7-ACE9-45D9-ABA5-1AC3BE1C0B52}" = lport=6948 | protocol=17 | dir=in | name=league of legends launcher | 
"{93E1B5A9-759D-42EA-AA6E-2101585FB13A}" = lport=6948 | protocol=6 | dir=in | name=league of legends launcher | 
"{97BE848D-B48E-41BD-9393-196E617C823B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A29C97C5-C7C2-47A5-BF1D-21A8440ADD62}" = lport=1119 | protocol=6 | dir=in | name=wow | 
"{A8027A9F-10D3-48D4-A881-A0A99E4F8AB4}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{B23CDA7C-7020-4C6B-8CC8-F10D309D7A28}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B2D9E3DC-49A7-4215-867B-42A05D658A95}" = lport=6944 | protocol=6 | dir=in | name=league of legends launcher | 
"{B5B93F40-FD4C-4B7E-B93A-799C454985B1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BADE2AD7-554B-4249-9800-4FAFBBF50769}" = lport=4000 | protocol=6 | dir=in | name=wc3 | 
"{BC6494A9-7277-4861-A4D0-3205EBB0C13D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C4B546E4-E6D9-4640-8B2F-2AAA40C2F296}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CA4497F4-2BF2-4C1E-A7E6-4A7C87B9B721}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CCA013DC-0C31-4982-9474-89EF17A5FFC2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E986D5C4-CDEE-4438-82F9-E8A1B3F8AA44}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F2D2697B-F6AE-4F38-BA68-3555CB007ABE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F3FEC633-2A78-4E95-8370-76E7E707B6AE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F6AC7B29-8F1C-457C-BA93-D5D60A1DF742}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB3CB45A-D0AE-4140-B9FC-B0A06FCE21B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FF29A720-E90C-43D8-8E59-0B76EBEC1316}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01096B37-39A0-4D55-9D90-71BB616FBF5F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0218DB8F-F3B1-475D-B517-8195EBA0C667}" = protocol=6 | dir=in | app=e:\ac 2\assassinscreedii.exe | 
"{03BC1D50-EE7F-4159-913F-8774A0BFA04D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{081B42E9-B9BA-41AB-AC1D-27199600F3EA}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\portal 2\portal2.exe | 
"{0967D264-9E95-4639-AD60-0ADE162E7876}" = protocol=17 | dir=in | app=e:\ac 2\assassinscreedii.exe | 
"{09B60185-E465-4348-98B1-B0E83D57966C}" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.patch.exe | 
"{0AF9FFD7-BDA8-4DD9-A11B-559FB075BE2F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0E20B237-A263-4920-AF28-C69A1BAE9E51}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1209DC48-9142-4879-AF2E-FB07F5C6403E}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\acbmp.exe | 
"{12A4B7FB-4D01-4719-89C0-FCEAD1EF7465}" = protocol=6 | dir=in | app=e:\games\league of legends\game\league of legends.exe | 
"{13B1912D-69D9-4A61-98BA-3DAB5A084B87}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{174C43A2-58A7-4BD3-BE15-AFDF971A46A0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{178F090B-B5B6-4512-A627-635F5F39A5EE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | 
"{1BB0DD17-3835-4E1F-A79B-A53A8C510B85}" = protocol=6 | dir=in | app=e:\league of legends\air\lolclient.exe | 
"{1C0720F0-C462-4646-B320-C5F02BA38C0B}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{1EF34689-2119-4881-AD09-7C5152DA0824}" = protocol=6 | dir=out | app=system | 
"{1F6D4F8A-F768-45AD-AEB0-99A29CB04798}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{23C3D17D-8BDF-43FD-B666-42EF7DE32C6E}" = protocol=17 | dir=in | app=e:\games\lol\air\lolclient.exe | 
"{2569B4DF-FEAA-4790-A3F4-47E823E6B411}" = protocol=6 | dir=in | app=e:\anno 1404\tools\anno4web.exe | 
"{267611C9-BEB2-4515-99A7-B30AF8EF4EE0}" = protocol=6 | dir=in | app=e:\ac 2\assassinscreediigame.exe | 
"{2875CA18-D694-48F2-A899-524C81B145BE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{28C685BE-E8F4-45D4-B2E8-BD01397C9D91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2A9F1D63-6F56-4E34-A913-119849A28F43}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\uplaybrowser.exe | 
"{2C8DE28A-0FFB-4CDA-9C7F-A72110BB884B}" = protocol=17 | dir=in | app=e:\anno 1404\anno4.exe | 
"{2FDE20C8-6F05-4469-A753-FE5754C70F59}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{335AA602-1988-41A8-A735-3535C693BDBD}" = protocol=6 | dir=in | app=e:\battlefield 2\bf2.exe | 
"{335C255B-507F-489C-A2A9-E55AAE3AC992}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{36DC6640-99CC-4F69-A589-126E19D0121C}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{374EC68D-3A2E-4FAA-81AB-AD28E886E2D7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | 
"{3912B93B-53CB-4E3B-944B-27D3D9480CD0}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\acbsp.exe | 
"{3941E6AA-E040-4825-B1BB-1271C42E0CE2}" = protocol=6 | dir=in | app=e:\anno 1404\anno4.exe | 
"{397A33A2-6BC0-4EF9-B3BF-D41CF81914D9}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{434200E9-A3D2-4EB2-81AE-5B8CA54418F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{44390BCE-A5E5-4E6B-BD7B-09A984CA7B51}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | 
"{45AD8206-F347-4558-B6C7-3600D0B9097B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{4B308AAE-FC80-4827-8E2A-CEFC7D66FE8A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{52355B85-84BA-499E-8205-9F8B41761DF1}" = protocol=17 | dir=in | app=e:\games\world of warcraft\backgrounddownloader.exe | 
"{52A8253B-652F-4293-99C4-6EFB18A780F6}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{55EE0D63-457C-47C5-B0B0-9FF845770DDF}" = protocol=17 | dir=in | app=e:\anno 1404\tools\anno4web.exe | 
"{593E33B4-E2E1-44C1-B97F-B26DD0EEA93E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{598EF00A-6D32-4CE1-B34C-05B357FCCD12}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{59B17F49-FEFD-40F9-A61D-A87FC1D10BCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5A3F19CE-8BA5-4C59-855B-4D8D2F1DC645}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5BADCF9A-1B1A-4874-AE6B-281E156B2037}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5BDF4EAE-BDEC-4605-8215-AA4D31D0A0D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C97A9A9-D9AC-43EE-AA80-E0D395571017}" = protocol=17 | dir=in | app=c:\bluetooth\bluesoleil.exe | 
"{5FC49D07-53C9-445D-8585-3E68F3A07045}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{63287CBB-A327-4062-8F98-0FB6A60096C4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{638BCDC6-23A8-4B64-869B-0F9B100EF3D8}" = protocol=6 | dir=in | app=e:\games\league of legends\air\lolclient.exe | 
"{63A4AFC7-F50F-4D5A-94ED-C6AEDB51EF1C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{65952847-E5CB-4F9E-A01A-B659F4C67F87}" = protocol=17 | dir=in | app=e:\battlefield 2\bf2.exe | 
"{66276E9E-3BA7-4805-A618-78FF31E6309E}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{66400829-01A2-4690-BCE0-E44A6261CEDB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6BE3403F-6ADA-40B6-BEE8-E1BF73673DBD}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\uplaybrowser.exe | 
"{70A8F198-1CE0-4F08-A56D-93132ED4E551}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{735CDBA1-899E-4C45-99FC-ED33E3EE56BC}" = protocol=6 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe | 
"{73E55D7C-0F11-4B7E-BA99-16CA487C722C}" = protocol=17 | dir=in | app=e:\ac 2\assassinscreediigame.exe | 
"{743E90EF-A9E4-4B58-96FC-6C6D303E23A6}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\acbmp.exe | 
"{763850FA-36E2-4EA3-B17E-1F322F656B81}" = protocol=17 | dir=in | app=c:\microsoft office\office14\onenote.exe | 
"{7A52E283-C559-4868-8FB5-B92B82E4CF83}" = protocol=6 | dir=in | app=c:\bluetooth\bluesoleil.exe | 
"{7B1C9E8D-C26D-4828-B7E2-7A6B8A022A89}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | 
"{86551163-F02D-4C9E-9FEF-1CAC8A03053A}" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.patch.exe | 
"{8A59A1D7-3C2F-4DE3-A45D-8DECC55B8980}" = protocol=17 | dir=in | app=e:\vindictus\vindictus eu\en-eu\nmservice.exe | 
"{8F667F4B-6374-4C81-B07E-CBD29F94AE16}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{93919DE2-88B0-43B5-9E24-009061ACC8C3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{939A6B93-FC26-41DC-8379-3CC68A2080FF}" = protocol=6 | dir=in | app=e:\games\lol\air\lolclient.exe | 
"{944B3B11-A1AF-48A1-A0FA-42029FE0A3CF}" = protocol=17 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe | 
"{954F30F6-96DC-4FCF-AB7A-6CCA39E5F5B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{95C708BA-CECA-4102-BC9E-2C9254AD31FF}" = protocol=17 | dir=in | app=e:\games\league of legends\air\lolclient.exe | 
"{962955F3-E0FF-49F1-A893-434282F0D2B4}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{993B7061-3A15-4EDE-925A-621275186CC9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9AAA9E79-CE41-4ABD-B42B-0FC0B0EABBD8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9DBC2F26-1642-47B7-BDFC-D70EA1E3D597}" = protocol=6 | dir=in | app=e:\bad company 2\bfbc2updater.exe | 
"{9DF522AF-E6AA-4069-9DBF-4AE98C126668}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A255C2EB-2C78-4363-8407-E8057EBF1B79}" = protocol=6 | dir=in | app=e:\anno 1404\anno4.exe | 
"{A2AB67A9-08AE-4AC5-9DC3-E7E566656B05}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A2BDB4F1-C10A-419C-8F85-2AB25ABFFF80}" = protocol=6 | dir=in | app=e:\anno 1404\tools\anno4web.exe | 
"{A316A9F0-63D7-4511-8BAA-2B2EFE748F8B}" = protocol=17 | dir=in | app=e:\hellgate\hgllauncher.exe | 
"{A609792B-26A7-42BE-A8F3-80019654D2FF}" = protocol=17 | dir=in | app=e:\league of legends\game\league of legends.exe | 
"{AB29ED1F-3873-4CC4-A4F1-11075D4E3546}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AF0DBFDB-8D16-4BEA-9B90-81B112E76EF2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{AFCE6586-BF8D-4682-916B-E04588FA4F21}" = protocol=17 | dir=in | app=e:\league of legends\air\lolclient.exe | 
"{B78B3ACD-23CD-42DA-B86F-55EEC203C566}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{BC67D613-42E8-40B4-B9CB-4FB9F74A5DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BD603000-E755-493D-A4EE-487CFB2C98E6}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\portal 2\portal2.exe | 
"{C0300FC9-7261-4172-A4F5-E81C5295DB88}" = protocol=6 | dir=in | app=c:\bluetooth\bluesoleil.exe | 
"{C0C9E006-C598-4623-9655-53A596A7E5E9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{C10ACA8E-745D-4DC2-9227-B23A25333F6A}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{C3A0E66F-BFD5-4B80-B240-3069B7E9C4F2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C5760FC1-05DA-4109-9B9F-A40F96831573}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{C7421A38-3930-480D-AE7F-9A9A4F91FFC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C960FA3B-AA48-4EE8-8151-5F324FDC52D5}" = protocol=17 | dir=in | app=e:\games\lol\game\league of legends.exe | 
"{C9A53DDC-86C5-4C3A-AA33-FA8BC92DD5DD}" = protocol=17 | dir=in | app=e:\anno 1404\tools\anno4web.exe | 
"{CAAD4758-61C2-4E30-B895-7BAE3684EDD5}" = protocol=6 | dir=in | app=e:\games\starcraft ii\starcraft ii.exe | 
"{CD3819B5-5F69-4E29-911C-9C8A6D76C22E}" = protocol=17 | dir=in | app=c:\bluetooth\bluesoleil.exe | 
"{CDB494FE-7BFA-42C2-A8DB-ECDA75345A80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CF13117F-78D7-49F0-8745-D00906715002}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{D06F79C4-3E88-429D-AA2C-F0C244D0E3F6}" = protocol=6 | dir=in | app=e:\ac 2\uplaybrowser.exe | 
"{D1B9C84E-7314-4781-B84D-B15D0D973AE1}" = protocol=17 | dir=in | app=e:\games\starcraft ii\starcraft ii.exe | 
"{D26B6A97-E005-4122-A388-E390DDE0E7CD}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{D4A98EA2-4456-4AA2-B54B-558E038081D2}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | 
"{D626A120-4B89-4B56-8547-7B6906AB14BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D9D2433C-B16B-49E1-B118-D18EAD77D69E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{DA7F8796-BBC8-4044-9099-49E30B6F63C7}" = protocol=17 | dir=in | app=e:\ac 2\uplaybrowser.exe | 
"{DCACD27A-BF05-4237-B2D0-97E757BFBCE0}" = protocol=17 | dir=in | app=e:\games\league of legends\game\league of legends.exe | 
"{DE42FA76-5EF7-4726-B4E5-52113499AFC4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E118AB05-B17D-401C-B587-B39CE56B619E}" = protocol=6 | dir=in | app=c:\microsoft office\office14\onenote.exe | 
"{E1880CF9-6A59-41B1-BAFD-AC2A83500CEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E32F0EAF-16B7-4021-B484-F7B12EC0C61F}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{E3742938-E19B-4DFC-A8FD-C57A508634E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E41973A9-638A-409C-BC5E-0026C7913238}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | 
"{E43C4262-A5C2-49FA-B579-1C52E7E0A57D}" = protocol=17 | dir=in | app=e:\anno 1404\anno4.exe | 
"{E50F92FA-1537-4314-86CA-846B853412A5}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\acbsp.exe | 
"{E732B888-EDFB-4DF9-9220-F1C534CB2E65}" = protocol=6 | dir=in | app=e:\games\lol\game\league of legends.exe | 
"{EC0F9933-33EA-4701-B1A6-95BC782543CE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{F16EC508-58D8-4387-9F94-33750DAD5EE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F214F0A5-D5AC-4C7E-9EFB-E4648F200515}" = protocol=6 | dir=in | app=e:\vindictus\vindictus eu\en-eu\nmservice.exe | 
"{F68E0405-2218-4666-962E-7D65CAB740A4}" = protocol=17 | dir=in | app=e:\bad company 2\bfbc2updater.exe | 
"{F8648142-39C7-49AC-B29A-4949670379EE}" = protocol=6 | dir=in | app=e:\games\world of warcraft\backgrounddownloader.exe | 
"{FA0331C6-6256-48AA-830C-8FC071C20BAC}" = protocol=6 | dir=in | app=e:\league of legends\game\league of legends.exe | 
"{FB89542C-5110-49A0-B919-83DDBAF1FFC5}" = protocol=6 | dir=in | app=e:\hellgate\hgllauncher.exe | 
"{FC6E4F64-9576-4D0E-9BF9-A5E572FED142}" = dir=in | app=e:\itunes\itunes.exe | 
"{FE0E4A62-BAE0-4728-8544-608502961ACA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{04C8EC21-0CBA-4D5F-BDDD-D6D1ED5C4403}C:\program files (x86)\sony\station\launchpad\_aunchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\_aunchpad.exe | 
"TCP Query User{0FBA6E35-C421-4A69-8362-C935B5337760}E:\games\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base16605\sc2.exe | 
"TCP Query User{14557225-88D7-42D6-92B8-3CB2AACFA746}E:\games\war_trial_downloader.exe" = protocol=6 | dir=in | app=e:\games\war_trial_downloader.exe | 
"TCP Query User{17B3C0FE-5261-4890-AA37-978A139DA0BC}E:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base16561\sc2.exe | 
"TCP Query User{1BA2510C-5221-4911-BAEE-164CCB2C3ED7}E:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.exe | 
"TCP Query User{1DBFE5F6-AEAE-497E-A67E-D55831E7EED5}E:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\games\warcraft iii\war3.exe | 
"TCP Query User{34BDC3D8-F609-439F-8277-667DB3C331B0}E:\java\jdk1.7.0\bin\java.exe" = protocol=6 | dir=in | app=e:\java\jdk1.7.0\bin\java.exe | 
"TCP Query User{3526CFBA-348D-4484-B9E5-5E88900D3F24}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{37201149-7303-4202-A0F1-C1629A6F2EC2}E:\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=e:\age of conan\conanpatcher.exe | 
"TCP Query User{3AB6F258-5AA2-4852-87AA-61D85F16CCB0}E:\bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=e:\bad company 2\bfbc2game.exe | 
"TCP Query User{4612B421-1D70-47E5-8488-277F6C9EDBE0}E:\steam\steamapps\dr_grftjx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\dr_grftjx\team fortress 2\hl2.exe | 
"TCP Query User{48655786-E425-4932-B532-120E0807A176}E:\eve\bin\exefile.exe" = protocol=6 | dir=in | app=e:\eve\bin\exefile.exe | 
"TCP Query User{48B97985-3C93-4B1D-8114-DA32208D8D29}E:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{4AAB5F62-1EC9-4A53-B274-DD3534167875}E:\gw2 beta\gw2.exe" = protocol=6 | dir=in | app=e:\gw2 beta\gw2.exe | 
"TCP Query User{4B7E3A10-0E2C-4154-B351-EB2AA2C0E7F4}E:\games\anarchyonline_18.1.1-large.exe" = protocol=6 | dir=in | app=e:\games\anarchyonline_18.1.1-large.exe | 
"TCP Query User{4FDEC4A8-A9E1-4EE3-AAEC-D3CCACE1419A}E:\emule\emule.exe" = protocol=6 | dir=in | app=e:\emule\emule.exe | 
"TCP Query User{52EDE5DC-8C17-4DAA-AC26-6A84354EAB7C}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{53EE0D91-A6AC-42B2-A75B-50254A1047AF}E:\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=e:\age of conan\ageofconan.exe | 
"TCP Query User{54E2BE7C-ECAF-473E-8B59-B95EBB8371B1}E:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{6366966E-6629-467F-B9E8-DFF86A532E80}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | 
"TCP Query User{6BA5B67B-1731-4F6A-9210-1B6D5A09BB8F}E:\loleudownloader.exe" = protocol=6 | dir=in | app=e:\loleudownloader.exe | 
"TCP Query User{74124F36-F579-4E51-8C2F-7E2491759768}E:\games\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{8FDCDB3C-11A1-46EC-A62F-5ED9C8DF89BB}E:\programme\azureus.exe" = protocol=6 | dir=in | app=e:\programme\azureus.exe | 
"TCP Query User{929A0E5F-6395-453F-AB2D-4B858519530E}E:\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | 
"TCP Query User{A0DC9AC0-A3E0-42C8-96DB-9473900BC41F}E:\age of conan\ageofconandx10.exe" = protocol=6 | dir=in | app=e:\age of conan\ageofconandx10.exe | 
"TCP Query User{C3A810F0-7FB3-4FA7-8401-D77BCACC551F}E:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.exe | 
"TCP Query User{C3C54E3D-85A8-40AF-8404-99FEC8E89649}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{C3D496C6-1818-498C-8193-BAA411B03B6B}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe | 
"TCP Query User{CE269316-48E9-47D2-A28F-9267EFB2A868}E:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\games\warcraft iii\war3.exe | 
"TCP Query User{DE6F404D-9892-4BDE-8604-AD3D4AAA5CD2}C:\users\jan\downloads\anarchyonline_18.1.1-large.exe" = protocol=6 | dir=in | app=c:\users\jan\downloads\anarchyonline_18.1.1-large.exe | 
"TCP Query User{EB53FBDD-2487-4B8B-9AA5-64CED18B51E6}E:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{F1A9B97A-FA5B-4CD2-95E6-F15CB253A691}E:\bf play4free\bfp4f.exe" = protocol=6 | dir=in | app=e:\bf play4free\bfp4f.exe | 
"TCP Query User{F9275379-404F-4309-A154-05F7A6DFC850}E:\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=e:\battlefield 2\bf2.exe | 
"TCP Query User{FACE66CC-A104-4AA5-B377-F5862F8EB1F9}E:\global agenda\games\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=e:\global agenda\games\global agenda live\binaries\globalagenda.exe | 
"UDP Query User{0E4A821C-5450-44A9-8B2E-982433B1DAA2}E:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{106F429C-867A-4F07-AD9A-9B7EE209F315}E:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\games\warcraft iii\war3.exe | 
"UDP Query User{16D5F74A-1699-4725-B086-DB298A289CBC}E:\loleudownloader.exe" = protocol=17 | dir=in | app=e:\loleudownloader.exe | 
"UDP Query User{20E08F46-4CEF-4AF9-B6BE-9CEE35D211A5}E:\gw2 beta\gw2.exe" = protocol=17 | dir=in | app=e:\gw2 beta\gw2.exe | 
"UDP Query User{2316560A-CC4A-4229-A73E-0EA9562AC39D}E:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\games\warcraft iii\war3.exe | 
"UDP Query User{2F413A2D-7312-471A-858C-0A2E3DEBDF70}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{4158F0E4-7206-4A4F-9F34-D21307FC1488}E:\games\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{467C4D95-F54B-4F95-A8F9-E7351F5BBCE7}E:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.exe | 
"UDP Query User{55034E3F-B7A2-48F9-BA8E-4EEE6F625824}E:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{58028835-07E3-4710-B9D8-AD06B81E61C1}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe | 
"UDP Query User{5E76A491-0EBD-4864-809E-DABE670D5969}C:\program files (x86)\sony\station\launchpad\_aunchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\_aunchpad.exe | 
"UDP Query User{6ADFBAFD-D150-4179-904A-7F4D483B9F4A}E:\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | 
"UDP Query User{6C60A872-57A0-430C-A4CF-208A839764F5}E:\emule\emule.exe" = protocol=17 | dir=in | app=e:\emule\emule.exe | 
"UDP Query User{701495AF-F271-4C0A-B31C-6CF9F453774F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{74311317-421A-48B9-88C3-B0C26A72AA88}E:\global agenda\games\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=e:\global agenda\games\global agenda live\binaries\globalagenda.exe | 
"UDP Query User{84F371FE-9CE6-4633-BCB5-22D4E493D24B}E:\programme\azureus.exe" = protocol=17 | dir=in | app=e:\programme\azureus.exe | 
"UDP Query User{87DC811E-DDBE-41B5-808A-2782C4B64373}E:\eve\bin\exefile.exe" = protocol=17 | dir=in | app=e:\eve\bin\exefile.exe | 
"UDP Query User{8DFCDCF4-A261-40D2-B5F6-DA405E9AD9C8}E:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base16561\sc2.exe | 
"UDP Query User{8EDEA2E3-BF0C-4842-A49E-9AB7AB04238D}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | 
"UDP Query User{93A8F3FD-3274-4C4A-880F-FEDD1F6F0C52}E:\steam\steamapps\dr_grftjx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\dr_grftjx\team fortress 2\hl2.exe | 
"UDP Query User{ADAF48E8-ED49-41E9-9BCE-EABE82F8A46D}E:\games\war_trial_downloader.exe" = protocol=17 | dir=in | app=e:\games\war_trial_downloader.exe | 
"UDP Query User{B079F691-E87D-4F93-8174-2F3B9169D7EB}E:\bf play4free\bfp4f.exe" = protocol=17 | dir=in | app=e:\bf play4free\bfp4f.exe | 
"UDP Query User{B1832AEF-043B-4EDB-B8EE-B7A38D1A563F}E:\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=e:\age of conan\ageofconan.exe | 
"UDP Query User{BFEFE293-1E81-4456-B2E8-0486FDD080EA}E:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.exe | 
"UDP Query User{CD1CBAC4-1286-4F6C-B31B-9F45F44AB490}E:\games\anarchyonline_18.1.1-large.exe" = protocol=17 | dir=in | app=e:\games\anarchyonline_18.1.1-large.exe | 
"UDP Query User{CD4F7A74-8D01-42B6-A5F1-C7E097434B31}E:\bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=e:\bad company 2\bfbc2game.exe | 
"UDP Query User{CEBECEEA-215D-41F3-BCA5-B2BF5DBB6C7A}E:\games\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base16605\sc2.exe | 
"UDP Query User{D0083876-E3CB-4D8A-8250-AFEABFE40FDD}E:\java\jdk1.7.0\bin\java.exe" = protocol=17 | dir=in | app=e:\java\jdk1.7.0\bin\java.exe | 
"UDP Query User{D01C5DE8-7F15-4208-84F3-C2F9D7EE4511}E:\age of conan\ageofconandx10.exe" = protocol=17 | dir=in | app=e:\age of conan\ageofconandx10.exe | 
"UDP Query User{D161F12E-F876-4251-AE7E-FFF4FB99E829}C:\users\jan\downloads\anarchyonline_18.1.1-large.exe" = protocol=17 | dir=in | app=c:\users\jan\downloads\anarchyonline_18.1.1-large.exe | 
"UDP Query User{D3779FF6-6840-47BB-85A9-97883B6E34AA}E:\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=e:\battlefield 2\bf2.exe | 
"UDP Query User{DD3C84E2-78D2-4273-BFC7-2B73DD9DECF9}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{F454277E-1109-4884-B078-C9699E343EBB}E:\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=e:\age of conan\conanpatcher.exe | 
"UDP Query User{F4E95B8A-B53C-4127-B960-054F3D4325D8}E:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{225FA1E8-372F-BBFF-F488-E79D78A5180E}" = AMD AVIVO64 Codecs
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.01
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7AAC-C5D5-B89B-EBA1-D4DFC5E46D6C}" = AMD Drag and Drop Transcoding
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"sp6" = Logitech SetPoint 6.30
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0E6C1531-9546-4153-9D88-689519385319}" = Haushaltsbuch 5.0
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{26A39957-0BE3-449B-BA6F-922C8713AB2B}" = G*Power 3.1.3
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF001}" = Global Agenda Live
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{45B3A3BD-F90D-48FE-A147-D74878A51031}" = Nero 7 Essentials
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{65DF3688-6EF3-4C86-83DE-54AB46029F07}" = Hellgate
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}" = Global Agenda Launcher
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EED52BE-2247-D8E2-2196-492D03ABF276}" = HydraVision
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BE90CE58-41DE-4708-9291-A9D1D49B1031}" = SecurDisc Viewer
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Conan_is1" = Age of Conan: Unchained
"Anarchy Online_is1" = Anarchy Online
"avast" = avast! Internet Security
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"CamSpy_is1" = CamSpy V.4.2.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dark Age of Camelot" = Dark Age of Camelot
"DesignWorkshop Lite" = DesignWorkshop Lite
"DivX Setup" = DivX-Setup
"DotAzilla" = DotAzilla
"eMule" = eMule
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 3.0.18.1123
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"Gpower_2.0i" = Gpower 2.0i
"HotspotShield" = Hotspot Shield 2.09
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
"Office14.SingleImage" = Microsoft Office Professional 2010
"Origin" = Origin
"PC Wizard 2009_is1" = PC Wizard 2009.1.90
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"StarCraft II" = StarCraft II
"Steam App 17050" = Global Agenda - Demo
"Steam App 440" = Team Fortress 2
"Steam App 48700" = Mount and Blade: Warband
"Steam App 620" = Portal 2
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.16.0.0b
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"XMind" = XMind
"Xvid Video Codec 1.3.1" = Xvid Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 14.0 (x86 de)" = Mozilla Firefox 14.0 (x86 de)
"UnityWebPlayer" = Unity Web Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 20 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 16.09.2009 19:21:33 | Computer Name = Jan-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 17.09.2009 05:00:11 | Computer Name = Jan-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 17.09.2009 05:56:22 | Computer Name = Jan-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 22.10.2009 07:03:02 | Computer Name = Jan-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 27.12.2009 11:32:26 | Computer Name = Jan-PC | Source = avast! | ID = 33554522
Description = 
 
[ Application Events ]
Error - 04.07.2012 12:18:52 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.07.2012 08:52:55 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.07.2012 09:23:59 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.07.2012 09:26:41 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.07.2012 09:27:19 | Computer Name = Jan-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.0.4562 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f1c    Startzeit: 
01cd5ab1a71174d4    Endzeit: 0    Anwendungspfad: E:\Mozilla Firefox 4.0 Beta 7\firefox.exe

Berichts-ID:
 21441f2d-c6a5-11e1-8387-f9c70f5bdb96  
 
Error - 05.07.2012 09:37:27 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.07.2012 09:41:35 | Computer Name = Jan-PC | Source = Application Hang | ID = 1002
Description = Programm rescue2usb.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 16c8    Startzeit:
 01cd5ab37b82985e    Endzeit: 60000    Anwendungspfad: K:\rescue2usb.exe    Berichts-ID: f50278e2-c6a6-11e1-aeea-cfd931ad8d8f

 
Error - 05.07.2012 14:32:14 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.07.2012 14:53:25 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.07.2012 16:21:28 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 05.07.2012 14:38:24 | Computer Name = Jan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 05.07.2012 14:38:32 | Computer Name = Jan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 05.07.2012 14:38:40 | Computer Name = Jan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 05.07.2012 14:38:48 | Computer Name = Jan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 05.07.2012 14:38:57 | Computer Name = Jan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 05.07.2012 14:39:05 | Computer Name = Jan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 05.07.2012 14:51:27 | Computer Name = Jan-PC | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 05.07.2012 14:51:59 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BTHidMgr  sptd
 
Error - 05.07.2012 16:19:25 | Computer Name = Jan-PC | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 05.07.2012 16:20:05 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BTHidMgr  sptd
 
 
< End of report >
         


Hoffe ihr könnt mir helfen. Beim Neustart wurde der Sperrbildschirm zwar von Malwarebytes blockiert, aber ich hätte das Ding schon gerne ganz weg.

Gruß

Alt 06.07.2012, 11:22   #2
markusg
/// Malware-holic
 
GVU Sperrbildschirm Win7 64bit - Standard

GVU Sperrbildschirm Win7 64bit



hi
bitte mal den stick in den pc, und dann rechtsklick, formatieren, der ist infiziert und das einfachste ist ihn zu formatieren, dann stick raus.

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.07.03 20:59:30 | 000,002,591 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2012.07.05 14:59:08 | 000,001,873 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
O33 - MountPoints2\{ffad9f23-a03c-11e1-8453-978914e137ec}\Shell\AutoRun\command - "" = F:\arun.exe
 :Files
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
falls das geklappt hatt:
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn fertig, bescheid geben bitte
__________________

__________________

Alt 06.07.2012, 16:50   #3
Grftjx
 
GVU Sperrbildschirm Win7 64bit - Standard

GVU Sperrbildschirm Win7 64bit



Vielen Dank schon mal. Nach dem Fix und dem anschließenden Neustart kam der Sperrbildschirm schon mal nicht.
Habe jetzt zwei gleichnamige Dateien auf dem Desktop (Desktop.ini)
Hier die Inhalte beider Dateien.

Code:
ATTFilter
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
         
Code:
ATTFilter
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
         
Gerade hat sich dann doch Malwarebytes gemeldet:
C:\users\Jan\appdata\local\temp\0_0U_L.exe
Trojan.Agent

Die .rar-Datei werde ich jetzt hochladen. Danke nochmals!

Edit: hoffe das hochladen hat geklappt. Hab da jetzt keine Bestätigung gesehen. Wenn nicht, einfach noch mal melden. Versuche es dann noch mal.
__________________

Geändert von Grftjx (06.07.2012 um 16:54 Uhr) Grund: Datei Upload

Alt 06.07.2012, 17:38   #4
markusg
/// Malware-holic
 
GVU Sperrbildschirm Win7 64bit - Standard

GVU Sperrbildschirm Win7 64bit



hi
File-Upload.net - Ihr kostenloser File Hoster!
datei mal da hochladen, link als private nachicht an mich
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU Sperrbildschirm Win7 64bit
antivirus, battle.net, bho, black, blockiert, bonjour, converter, document, error, firefox, flash player, format, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, hotspot, hotspot shield, install.exe, langs, launch, league of legends, logfile, microsoft office word, mp3, object, realtek, registry, rundll, scan, searchscopes, security, senden, software, sperrbildschirm, super, svchost.exe, teamspeak, udp, vista, win7 64bit, worm.autorun



Ähnliche Themen: GVU Sperrbildschirm Win7 64bit


  1. GVU-Sperrbildschirm samt Geldforderung nach einigen Minuten (Win7, 32Bit)
    Plagegeister aller Art und deren Bekämpfung - 08.12.2014 (15)
  2. Windows 7 64Bit Sperrbildschirm / FRST txt anbei
    Log-Analyse und Auswertung - 11.04.2014 (11)
  3. Win7 Weißer Sperrbildschirm
    Log-Analyse und Auswertung - 06.01.2014 (15)
  4. Windows 7 64Bit Sperrbildschirm
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (11)
  5. Trojaner windows7 64bit, 100€Mahnung wegen angeblicher Urheberrechtsverletzung, sperrbildschirm
    Log-Analyse und Auswertung - 09.10.2013 (3)
  6. Win7 32 bit auf 64bit win7 updeaten
    Alles rund um Windows - 08.09.2013 (10)
  7. Win7 Sperrbildschirm Landespolizeidirection
    Plagegeister aller Art und deren Bekämpfung - 28.05.2013 (9)
  8. Win7 64bit Polizei sperrbildschirm
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (9)
  9. GVU Trojaner - WIN7 Pro 64bit
    Log-Analyse und Auswertung - 16.01.2013 (14)
  10. GVU Trojaner 2.07 Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (12)
  11. BKA-Trojaner Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (12)
  12. GVU Trojaner Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (12)
  13. GVU 2.07 Win7 64bit
    Log-Analyse und Auswertung - 21.08.2012 (6)
  14. GVU Trojaner Win7 64Bit
    Log-Analyse und Auswertung - 19.08.2012 (10)
  15. Win7 64bit - GVU 2.07 eingefangen
    Log-Analyse und Auswertung - 12.08.2012 (10)
  16. GVU V2.07 - Win7 64bit Pro - Log-Analyse
    Log-Analyse und Auswertung - 11.08.2012 (4)
  17. BKA Trojaner - Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (13)

Zum Thema GVU Sperrbildschirm Win7 64bit - Hallo, auch mich hat gestern der GVU Sperrbildschirm ereilt. Ich poste mal die verschiedenen log-files und hoffe, dass das alles ist, was ihr braucht. Code: Alles auswählen Aufklappen ATTFilter Malwarebytes - GVU Sperrbildschirm Win7 64bit...
Archiv
Du betrachtest: GVU Sperrbildschirm Win7 64bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.