Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner der Webseitenaufruf verhindert?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.07.2012, 16:18   #1
chris84
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



Hallo zusammen,

ich habe seit 2 Tagen folgendes Problem. Ich kann Facebook.com nicht mehr aufrufen alle möglichen anderen Seiten aber schon. mit meiner Antivirus software von Win 7 habe ich nichts finden können. Kennt wer das Problem und kann mir helfen?

habe auch keinen Eintrag in der Hosts und auch schon versucht die Firewall sowie Antivirus auszuschalten leider ohne Erfolg.


grüße chris

Geändert von chris84 (19.07.2012 um 16:49 Uhr)

Alt 19.07.2012, 17:12   #2
markusg
/// Malware-holic
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



hi,dein thema kommt noch ins passene unterforum, es wird verschoben, brauchst kein neues aufmachen
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 20.07.2012, 17:22   #3
chris84
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



Hi markus,

danke schonmal das du mir helfen möchstest. Anbei die OTL.txt und Extra.txt.

OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 20.07.2012 18:04:50 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Loken\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,61% Memory free
15,99 Gb Paging File | 14,21 Gb Available in Paging File | 88,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,32 Gb Total Space | 31,36 Gb Free Space | 29,22% Space Free | Partition Type: NTFS
Drive D: | 1289,84 Gb Total Space | 329,25 Gb Free Space | 25,53% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 202,65 Gb Free Space | 43,51% Space Free | Partition Type: NTFS
 
Computer Name: LOKEN-PC | User Name: Loken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 18:15:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Loken\Desktop\OTL.exe
PRC - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Loken\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.02.22 21:48:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.11.14 00:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.11.14 00:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011.11.14 00:27:06 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011.11.13 22:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011.09.23 21:35:54 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.10.05 10:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.05.05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010.04.02 15:21:50 | 001,109,632 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.12.28 15:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.09.01 08:39:28 | 000,095,528 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.02.08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009.09.30 05:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2008.12.10 20:04:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld -- (MySQL)
SRV:64bit: - [2012.06.11 19:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.12.16 22:49:02 | 009,690,112 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL5)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.19 16:10:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.07.10 20:23:29 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.06.24 20:42:01 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- D:\games\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.06.20 21:03:42 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.02.22 21:48:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011.11.14 00:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.11.14 00:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.11.13 23:55:18 | 011,839,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2011.11.13 22:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.08.29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2010.08.11 21:29:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.08.11 20:59:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.07.16 18:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010.05.07 09:12:42 | 000,039,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.28 15:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.02.19 09:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.11 20:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.06.11 18:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.01.05 01:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.12.19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011.11.29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011.11.14 00:28:16 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.11.14 00:26:30 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.11.13 22:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.11.13 22:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.10.26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011.08.29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.08.08 15:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.21 13:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 21:37:05 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.09.29 12:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010.09.29 12:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010.09.08 05:16:54 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs64.sys -- (CbFs)
DRV:64bit: - [2010.08.12 21:12:32 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.03 17:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010.05.11 12:00:40 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010.05.07 09:12:42 | 000,038,432 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.05.06 11:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.05.05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.05.05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.05.05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.05.05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.05.05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.05.05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.05.05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.01.11 13:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.10.19 14:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 87 BD 25 CD 08 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=5a7f0fd200000000000000ff0fd4309c
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5C63DD7F-42B3-4B5A-B1BD-8F2DEA401F1B}&mid=04cefb0dbf4f47d0a2a2d1191024e9fb-916f47a1f52547da16c94637ad6aaa9497fca25b&lang=de&ds=gm011&pr=sa&d=2012-04-18 11:00:08&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B9e7f2144-89ba-4bae-8e81-015d8c440e60%7D&mid=04cefb0dbf4f47d0a2a2d1191024e9fb-916f47a1f52547da16c94637ad6aaa9497fca25b&ds=gm011&v=10.2.0.3&lang=de&pr=sa&d=2012-04-18%2011%3A00%3A08&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33: C:\Users\Loken\AppData\Local\Spoon\3.33.0.18\npMozillaSpoonPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Loken\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Loken\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Loken\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 17:20:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.31 20:09:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.06 12:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 17:20:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.31 20:09:56 | 000,000,000 | ---D | M]
 
[2012.02.08 16:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loken\AppData\Roaming\mozilla\Extensions
[2012.02.08 16:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loken\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2012.07.19 16:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loken\AppData\Roaming\mozilla\Firefox\Profiles\b7hssp2t.default\extensions
[2012.01.02 11:32:11 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Loken\AppData\Roaming\mozilla\Firefox\Profiles\b7hssp2t.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2012.02.08 14:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.31 08:17:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.03.25 16:52:33 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\LOKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B7HSSP2T.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012.01.17 12:05:16 | 000,584,123 | ---- | M] () (No name found) -- C:\USERS\LOKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B7HSSP2T.DEFAULT\EXTENSIONS\BONFIRE-DEV@ATLASSIAN.COM.XPI
[2012.07.19 16:10:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.09.01 12:06:13 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.06.22 08:19:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.10 01:05:38 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.04.18 02:12:30 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.22 08:19:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.22 08:19:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 08:19:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 08:19:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 08:19:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Loken\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Loken\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Loken\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Loken\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Downloader Detector (Enabled) = C:\Program Files (x86)\Downloader\npdd.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Loken\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Adblock Plus (Beta) = C:\Users\Loken\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Loken\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
 
O1 HOSTS File: ([2012.02.29 20:29:53 | 000,000,880 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.akademische.de
O1 - Hosts: 127.0.0.1 akademische.de
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Loken\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C929A4AE-69E5-4A65-9AC8-2F44EAC7A733}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e6cd621c-dd3a-11e0-b7ac-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{e6cd621c-dd3a-11e0-b7ac-005056c00008}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 18:15:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Loken\Desktop\OTL.exe
[2012.07.19 17:22:10 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Roaming\Malwarebytes
[2012.07.19 17:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.19 17:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.19 17:21:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.19 17:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.19 16:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.07.19 16:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.07.19 15:36:45 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Local\Apps
[2012.07.19 11:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.07.19 11:38:06 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012.07.19 11:38:05 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012.07.19 11:38:05 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.07.19 11:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.07.19 11:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012.07.19 11:37:15 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Local\adawarebp
[2012.07.19 11:34:56 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Roaming\Ad-Aware Antivirus
[2012.07.17 23:03:07 | 000,000,000 | ---D | C] -- C:\Users\Loken\Documents\Rockstar Games
[2012.07.17 22:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.07.17 22:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2012.07.06 12:19:04 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Roaming\Thunderbird
[2012.07.06 12:19:04 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Local\Thunderbird
[2012.07.06 12:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.07.05 17:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.07.05 17:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.05 17:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.07.03 12:12:37 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Local\Funcom
[2012.07.03 12:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs
[2012.07.03 12:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012.06.28 14:59:16 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Local\Xenocode
[2012.06.28 14:59:16 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Local\Spoon
[2011.03.04 21:37:05 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Loken\AppData\Roaming\pcouffin.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.20 18:08:15 | 000,020,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 18:08:15 | 000,020,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 18:01:38 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.07.20 18:01:33 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.20 18:00:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 18:00:49 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 03:41:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1970983249-3038457689-1220004006-1000UA.job
[2012.07.20 03:24:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.19 18:15:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Loken\Desktop\OTL.exe
[2012.07.19 17:22:03 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.19 16:06:08 | 000,007,621 | ---- | M] () -- C:\Users\Loken\AppData\Local\Resmon.ResmonCfg
[2012.07.19 15:45:24 | 000,000,600 | ---- | M] () -- C:\Users\Loken\AppData\Local\PUTTY.RND
[2012.07.19 08:41:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1970983249-3038457689-1220004006-1000Core.job
[2012.07.19 08:07:39 | 000,239,427 | ---- | M] () -- C:\Users\Loken\Desktop\Vorgabe bzgl. Scoremed-Konzept-Download.png
[2012.07.19 08:03:56 | 004,846,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.17 16:32:13 | 000,011,008 | ---- | M] () -- C:\Users\Loken\Desktop\scoremed.de.har
[2012.07.17 16:18:24 | 000,013,346 | ---- | M] () -- C:\Users\Loken\Desktop\IMG_17072012_161814.png
[2012.07.17 14:58:19 | 000,003,954 | ---- | M] () -- C:\Users\Loken\Desktop\Bewerten.png
[2012.07.13 10:36:33 | 000,045,835 | ---- | M] () -- C:\Users\Loken\Desktop\Vorgabe Scoremed 'Selbstbeschreibung'.png
[2012.07.11 19:37:35 | 000,002,401 | ---- | M] () -- C:\Users\Loken\Desktop\Google Chrome.lnk
[2012.07.06 15:09:09 | 000,000,600 | ---- | M] () -- C:\Users\Loken\AppData\Roaming\winscp.rnd
[2012.07.06 12:19:00 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 12:12:33 | 000,000,703 | ---- | M] () -- C:\Users\Public\Desktop\The Secret World.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.19 17:22:03 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.19 11:38:40 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.07.19 08:07:18 | 000,239,427 | ---- | C] () -- C:\Users\Loken\Desktop\Vorgabe bzgl. Scoremed-Konzept-Download.png
[2012.07.17 16:32:06 | 000,011,008 | ---- | C] () -- C:\Users\Loken\Desktop\scoremed.de.har
[2012.07.17 16:18:23 | 000,013,346 | ---- | C] () -- C:\Users\Loken\Desktop\IMG_17072012_161814.png
[2012.07.17 14:58:13 | 000,003,954 | ---- | C] () -- C:\Users\Loken\Desktop\Bewerten.png
[2012.07.13 10:36:20 | 000,045,835 | ---- | C] () -- C:\Users\Loken\Desktop\Vorgabe Scoremed 'Selbstbeschreibung'.png
[2012.07.06 12:19:00 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.07.06 12:19:00 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.07.03 12:12:33 | 000,000,703 | ---- | C] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012.04.30 10:26:39 | 000,390,423 | ---- | C] () -- C:\Users\Loken\website_neu-19-5-1.jpg
[2012.04.30 10:26:39 | 000,370,593 | ---- | C] () -- C:\Users\Loken\website_neu-19-5-2.jpg
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.19 17:32:36 | 000,000,600 | ---- | C] () -- C:\Users\Loken\AppData\Local\PUTTY.RND
[2011.08.19 15:57:58 | 000,000,600 | ---- | C] () -- C:\Users\Loken\AppData\Roaming\winscp.rnd
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.10 20:27:16 | 000,007,621 | ---- | C] () -- C:\Users\Loken\AppData\Local\Resmon.ResmonCfg
[2011.03.04 21:37:05 | 000,099,384 | ---- | C] () -- C:\Users\Loken\AppData\Roaming\inst.exe
[2011.03.04 21:37:05 | 000,007,859 | ---- | C] () -- C:\Users\Loken\AppData\Roaming\pcouffin.cat
[2011.03.04 21:37:05 | 000,001,167 | ---- | C] () -- C:\Users\Loken\AppData\Roaming\pcouffin.inf
[2011.01.25 21:07:44 | 001,535,254 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.14 16:41:40 | 000,004,608 | ---- | C] () -- C:\Users\Loken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.11 00:09:11 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.12.11 00:09:09 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.11 00:09:02 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.12.11 00:09:02 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.12.11 00:09:00 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.08 16:26:32 | 000,001,456 | ---- | C] () -- C:\Users\Loken\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010.10.27 15:47:28 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.10.24 01:12:36 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010.10.20 00:40:10 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.05 15:05:24 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.05 15:05:23 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010.10.05 15:05:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.19 21:44:32 | 000,735,229 | ---- | C] () -- C:\Users\Loken\ace_uninstaller.exe
[2010.08.28 21:39:53 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.08.12 21:00:52 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2010.08.12 21:00:50 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2010.08.12 21:00:50 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2010.08.12 21:00:50 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2010.08.12 21:00:50 | 000,567,808 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2010.08.12 21:00:50 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2010.08.12 21:00:50 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2010.08.12 21:00:50 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysWow64\LXBKhcp.dll
[2010.08.12 21:00:50 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2010.08.12 21:00:50 | 000,233,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2010.08.12 21:00:50 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2010.08.12 21:00:50 | 000,194,048 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2010.08.12 21:00:50 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2010.08.12 21:00:50 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2010.08.12 21:00:49 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2010.08.12 21:00:49 | 000,565,928 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2010.08.12 21:00:49 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2010.08.12 21:00:49 | 000,235,688 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[2010.08.11 21:18:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.11 21:00:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.11 20:58:59 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.08.11 20:58:59 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.08.11 20:58:46 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2010.08.11 20:38:13 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.08.11 20:38:13 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.08.11 20:38:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.08.11 20:38:11 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.08.11 20:31:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.08.11 20:31:40 | 000,029,750 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2012.02.29 20:35:29 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\AAV
[2012.07.19 18:15:27 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Ad-Aware Antivirus
[2011.08.07 21:11:41 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\AtomZombieData
[2011.09.09 12:43:32 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Braid
[2012.02.12 22:52:50 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Broken Rules
[2010.08.28 21:40:00 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Canneverbe Limited
[2012.04.18 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\CDisplayEx
[2010.08.12 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\DAEMON Tools Lite
[2012.06.12 21:37:29 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\DAoC Portal
[2012.02.09 14:17:04 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Easeware
[2012.06.12 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Electronic Arts
[2012.07.19 13:56:07 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\FileZilla
[2012.07.12 19:11:45 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\foobar2000
[2010.09.01 12:06:50 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Foxit Software
[2012.05.11 08:55:42 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\HD Tune Pro
[2010.12.08 12:45:37 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\HeidiSQL
[2010.10.30 12:36:30 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Hi-Rez Studios
[2011.06.30 19:19:06 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\IrfanView
[2012.07.19 16:22:03 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\KeePass
[2011.03.07 14:47:55 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\kikin
[2011.01.03 21:58:27 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Leadertech
[2011.04.17 20:08:12 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\LockHunter
[2010.10.11 23:41:48 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\LolClient
[2011.12.14 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\LPECommon
[2012.07.20 02:47:59 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Mumble
[2011.07.02 01:56:38 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Natural Selection 2
[2011.08.19 17:07:05 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Notepad++
[2012.02.08 16:26:05 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\OpenVPN Technologies
[2011.11.01 19:39:57 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Origin
[2012.04.18 02:12:29 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\pdfforge
[2010.09.06 19:19:13 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\QIP
[2011.06.10 12:50:06 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\RIFT
[2010.10.23 17:19:18 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Soldat
[2010.12.10 14:58:02 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Subversion
[2012.07.19 12:45:46 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\TeamViewer
[2012.07.06 12:19:04 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Thunderbird
[2012.07.18 01:55:05 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\TS3Client
[2012.04.02 18:51:16 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Ubisoft
[2012.03.08 16:30:33 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Unity
[2012.06.30 00:14:39 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\uTorrent
[2011.03.04 21:50:16 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Vso
[2011.05.07 04:32:21 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\ZumoDrive
[2012.05.19 18:56:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2010.12.06 22:09:55 | 000,000,000 | ---D | M](C:\Users\Loken\Documents\?? ???) -- C:\Users\Loken\Documents\넥슨 플러그
[2010.12.06 22:09:55 | 000,000,000 | ---D | C](C:\Users\Loken\Documents\?? ???) -- C:\Users\Loken\Documents\넥슨 플러그

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.07.2012 18:04:50 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Loken\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,61% Memory free
15,99 Gb Paging File | 14,21 Gb Available in Paging File | 88,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,32 Gb Total Space | 31,36 Gb Free Space | 29,22% Space Free | Partition Type: NTFS
Drive D: | 1289,84 Gb Total Space | 329,25 Gb Free Space | 25,53% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 202,65 Gb Free Space | 43,51% Space Free | Partition Type: NTFS
 
Computer Name: LOKEN-PC | User Name: Loken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01140AB6-A848-48F9-AD39-525D127547A3}" = lport=58724 | protocol=6 | dir=in | name=pando media booster | 
"{0446E856-89D6-445A-8C27-B183BFBA5221}" = lport=58424 | protocol=6 | dir=in | name=pando media booster | 
"{074D5215-3C86-4E12-87FD-3A7B6573B48D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{14AD89F2-B14C-408B-B035-6ACB0CDDAE8B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{15502801-F426-4F58-B643-25EB50FFBDC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{19177D0E-A285-4919-9CAB-15D242F16CCD}" = lport=58424 | protocol=17 | dir=in | name=pando media booster | 
"{1B5303DF-B244-4588-B00B-6D4BA639242B}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{1E8C6A89-955F-4FF8-9932-424FC831FCB7}" = lport=6901 | protocol=17 | dir=in | name=league of legends launcher | 
"{1F2FE733-9647-4CD2-A7D1-63A189F46ED2}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface | 
"{1F6F2DF8-9EBB-4AAF-AA01-5B632076223A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2D2D75AE-819F-4198-B240-1D6186064EA5}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{3FC0BB43-97DB-4714-A8C6-5BA2CEE05A45}" = lport=58724 | protocol=17 | dir=in | name=pando media booster | 
"{4AA4DA25-E8EA-4C47-BB35-052DB17F5C5F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5568EFBB-CF2F-4BA2-A6F4-17935606FD5A}" = lport=58424 | protocol=6 | dir=in | name=pando media booster | 
"{597A7544-7D25-488C-8B44-A8531440D05E}" = lport=58424 | protocol=17 | dir=in | name=pando media booster | 
"{5C22FC0C-E493-46CE-B45A-0EB68FC5BD7B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5CF07662-9CD9-4062-B2CF-27325BE6AC65}" = lport=58724 | protocol=6 | dir=in | name=pando media booster | 
"{68392D43-80E7-4620-882A-464EE6953888}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6CA6EA62-32FF-4096-870A-A9568B9E4CEC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7049E6D5-3627-4E22-AECE-45BEEBE61BBF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{720E8703-DFFD-49AA-A670-0538D823EEC5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{727763AC-2D05-4DC2-A292-A1C520A78892}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7B783E36-7762-49BA-A146-840AD924B580}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7DD3462E-524D-46B4-A30E-DBCA5C750316}" = rport=137 | protocol=17 | dir=out | app=system | 
"{83BAAC37-C714-4397-B2F3-A853BE1A2449}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{89460508-AA2E-4A43-9EDF-C07F37674572}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9098C87D-DB64-4353-9EAF-D7F66FD31396}" = lport=138 | protocol=17 | dir=in | app=system | 
"{99DF824E-1A3E-4302-8CBF-6BED9F5B8145}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher | 
"{9F8C218B-BEE0-47D5-9B73-764EB5B9EFC3}" = lport=6901 | protocol=6 | dir=in | name=league of legends launcher | 
"{A935CB5D-CAFE-4AA7-B48F-F8A93CA27752}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C3B7CFA6-EBE9-4599-86FF-6AD3CC026A40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C8D6ADBA-8522-4424-8E91-8A3BA5CD4F72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D81039D3-E14A-4D6D-B9D5-365990ACB35C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E9D33BFA-09E9-46BA-82BD-01BF061748DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ECE3FDA0-3020-4CA7-98C2-8ACF3A0D8F1A}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher | 
"{F35690A1-B663-4D86-A8B5-57B9ED18CF37}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F5B7958B-1780-4EE6-B885-55721E3D8855}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{FAE6FB9A-AFB1-48BD-B5AF-A56003625835}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FCAFE499-6DF4-4903-9A09-B3F5C709B55C}" = lport=58724 | protocol=17 | dir=in | name=pando media booster | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02538D10-4D19-4202-AE18-39F0B725BF73}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{02AF522B-CC2A-4142-8328-A688CAF7D762}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{03242253-3DDE-44AD-B211-ADD95A74ECB3}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\steelstorm.exe | 
"{03816C0D-DA6E-4929-89BE-3A00BF6655C9}" = protocol=6 | dir=in | app=d:\games\crysis 2 demo\bin32\crysis2launcher.exe | 
"{05D63CC8-20BC-468E-9D92-CFF6CBE868FF}" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base19679\sc2.exe | 
"{064185CF-9ED0-4C54-BF91-0DF5D18DE535}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{071803FB-04ED-4D23-9D71-51D64B512D41}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{089F2651-D357-4185-BCC3-87FD89BC8E54}" = dir=out | app=e:\games\max payne 3\maxpayne3.exe | 
"{0A3EA8C8-FF8D-4E5D-95DF-8600C2835BB9}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dota 2 beta\dota.exe | 
"{0BC3EC74-FE1D-4AD7-A252-9C3067218A3A}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\counter-strike\hl.exe | 
"{0BFD8D26-DBAB-4813-AAC9-E065C3BF3167}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\steelstorm-dedicated.exe | 
"{0C2F35C0-6351-49E7-BBEC-BFE3B7B14C20}" = dir=in | app=c:\program files (x86)\zecter\zumodrive\zumodrive.exe | 
"{0CA17338-07D0-4CFC-B601-404B130AB5E7}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{0D6D11A9-88EE-425B-87CE-8AFB13D6777B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0F16DEE3-E31B-4B3F-9EF2-CA28C886F64D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{10299D78-DB67-4D48-83AA-050F40E7E78D}" = protocol=6 | dir=in | app=e:\games\steam\steam.exe | 
"{10C428F0-7126-4003-9004-73F77F5C9456}" = protocol=6 | dir=in | app=d:\games\sacrifice\sacrifice.exe | 
"{136C0A4F-29FC-41B8-966E-DB883F149F16}" = protocol=6 | dir=in | app=d:\coding\aptana studio 3\aptanastudio3.exe | 
"{15EE173B-2869-4AE0-847F-2434470F34D4}" = dir=out | app=e:\games\max payne 3\playmaxpayne3.exe | 
"{1672C937-0D35-4DC3-97A4-3C66B6689DD9}" = protocol=17 | dir=in | app=e:\games\max payne 3\playmaxpayne3.exe | 
"{17406FBE-0555-4E68-BA22-C3666FA7FB4B}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\launchpad.exe | 
"{1776754F-2040-410C-BC24-2BFB0D601AAD}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{1834C3F3-CEC8-4F62-AB4C-B1F345D0244C}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{1A050891-89DA-4D28-9A84-FA038B75A4A3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1A8BCE62-8693-4098-9633-DD7A5361643C}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\gratuitous space battles\gsb.exe | 
"{1C1424D0-8812-48A7-B159-90EBAB3A21BA}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe | 
"{1C59894E-A885-4814-85E0-C1BA49D5C72A}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\steelstorm.exe | 
"{1CB2C279-DA01-444E-89E7-50A42F4FCC85}" = protocol=17 | dir=in | app=d:\games\league of legends\game\league of legends.exe | 
"{1CDCE677-6E50-4739-BDCF-EAFA63EBD68E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1F0EAAFE-50EC-44DC-AFA3-B962DDCB7101}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{2126B5BB-805C-44EE-A734-3F4E6037EB76}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\brink\brink.exe | 
"{218DC853-EFA3-49F8-BC70-B3EB903B54BF}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{21E22070-E0C5-41AC-9B1C-ECD3430193EE}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{221119B6-3211-4CBE-AC89-3C5615668E84}" = protocol=6 | dir=in | app=d:\games\sacrifice\sacpro.exe | 
"{24CB9748-1670-4DAB-A4D1-A52637D4030D}" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"{276AC2DF-0EE1-4133-AB0A-92CB47F03804}" = protocol=6 | dir=in | app=d:\coding\mongodb-win32-x86_64-2.0.1\bin\mongod.exe | 
"{284437A4-1B30-490B-A7FB-F2F40A8FE58D}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{2B4A6699-B625-4BF8-BC67-53933CF25040}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2BC61FBA-E6D4-4962-8E5C-E9CCE168813F}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | 
"{2C5C86FD-BD05-4672-86F7-10DAEE1E7442}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\ns2.exe | 
"{2DCDFCBC-EBE0-4FA4-A69F-1B64E6F5DA7F}" = protocol=6 | dir=in | app=d:\games\tera\tera-launcher.exe | 
"{2EB9F991-0207-4366-AD1F-FA9F97E8C2E4}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{2FC6C210-557B-45F4-A0E2-15BD8015B8EE}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{30762514-1C19-409D-AC3F-FA1DE505CCFF}" = protocol=6 | dir=in | app=d:\games\diablo iii beta\diablo iii.exe | 
"{319AA293-C79E-43FE-8924-AD4D8FF1D8E8}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\counter-strike source\hl2.exe | 
"{31A16E8D-38D1-40CD-A937-F532D98A7B90}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{31BEDFD3-C3D2-4FE0-A24A-F84B43658B88}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{32E04451-3D77-4707-BC7F-15F3BC5C9CDA}" = protocol=6 | dir=in | app=d:\downloads\openlierox\openlierox\openlierox.exe | 
"{3303F571-59B4-4011-90D0-986B42EDBECB}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\wiselinkpro.exe | 
"{3446B497-B488-44BA-82B6-96AB8CB595CD}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dota 2 test\dota.exe | 
"{365058BD-EE37-460A-8FDE-921DC1E6C5D7}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\counter-strike\hl.exe | 
"{38608552-2776-47EC-AE15-85E5E8B07F98}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{3880D7E9-E2FB-4860-9767-44D26BC3BF89}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{3924ABE7-B0A2-4217-B4E7-857439DB0D8C}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\brink\brink.exe | 
"{39AB9C45-0847-4E94-B089-A9932B2D141D}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\from dust\from_dust.exe | 
"{39BE6EE3-D01C-4472-8118-4B70274C2DD2}" = protocol=17 | dir=in | app=d:\games\tera\tera-launcher.exe | 
"{3C3CF90F-EE96-4477-8755-28A32F30CB61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3E409E17-19B9-4C49-945A-5AC09E3943AE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{3E427088-36BD-4B11-B7CD-C147B9394E0E}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{3E590DC9-AFAB-4B88-B334-BDA1B6DBF377}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{3ED231B3-94E0-4622-B9DC-8C3756073BED}" = protocol=6 | dir=in | app=e:\games\max payne 3\playmaxpayne3.exe | 
"{3F7F85C7-CF0D-4CB8-A4E7-0046017D7BD4}" = protocol=6 | dir=in | app=d:\games\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe | 
"{404A09E6-057A-4C93-952F-8F953A251378}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_25\bin\java.exe | 
"{41FA05D0-78C1-4F3D-B6D7-CEFE51524F44}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{44FE1EC0-7A30-4E1B-B7A6-32A184E6919D}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | 
"{44FE6E75-B432-40CA-854A-19BD2B8B8470}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\steelstorm.exe | 
"{481EE9E5-E3CD-4C3E-A708-54DDE5AC5C31}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\from dust\from_dust.exe | 
"{483C4593-E59B-488B-A567-F4CB311BA5C7}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{48D34201-D9DC-4406-824D-5B8E807211D2}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{4A49E1B6-4861-4C05-ADC7-50FA4C322D5D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4BD09722-804A-4DE3-A319-88F4B6CB237F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4CDB60AE-1630-4C93-A65C-155C629F976A}" = dir=in | app=e:\games\max payne 3\maxpayne3.exe | 
"{505DA603-6F1F-45B7-BFC3-8C9527F28A02}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{5181515E-1736-430B-87AB-A0EA185FB018}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe | 
"{5231A819-38C1-41E2-B70D-CF5BC999E8C9}" = protocol=17 | dir=in | app=d:\coding\eclipse\eclipse.exe | 
"{53A3997C-C458-4F71-8EA0-A59E9C337B3F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{54375636-F24D-4B39-97EE-8DA4BD69D8F4}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dota 2 beta\dota.exe | 
"{544AA53C-0803-4A5D-B909-C4F004BCA763}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{54DF07D1-E8B2-42C5-AF33-B762806D2CC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{552485C0-6785-4FE9-9512-546CE189F4AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{55C7D1C0-0132-446F-8BC6-73EA0EFE04FE}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\half-life\hl.exe | 
"{577B93A0-1250-4785-9B6A-BB6A9D8EF0E5}" = protocol=17 | dir=in | app=d:\coding\mongodb-win32-x86_64-1.8.1\bin\mongod.exe | 
"{58A36D0F-B400-4392-A987-C19F4668D639}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{592322E3-224D-42CC-9A6B-C7BDA1B5286A}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\cogs\cogs.exe | 
"{598AFA36-0BDB-418D-B695-194A45C8C4F2}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{59B49068-89C4-4B9E-9D2D-003AEF577389}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{59FD964E-4419-440C-8130-19932590B8DD}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | 
"{5A5F890B-B4AD-403B-9B55-CC25D25376D1}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{5AC66C52-C234-49C8-8205-ED90F0F7EC56}" = protocol=6 | dir=in | app=d:\games\assassin's creed ii\assassinscreediigame.exe | 
"{5B948742-B951-4148-BD86-C96E6F8C6819}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\srcds.exe | 
"{5F079A22-F6BD-4318-B507-51122C60E6AF}" = protocol=17 | dir=in | app=d:\games\assassin's creed ii\uplaybrowser.exe | 
"{602B0AAC-37A4-438F-975E-B06015CE6032}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\swarm.exe | 
"{60DC683C-FDF7-4274-A03D-5AA3EF3C3490}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\swarm.exe | 
"{62906C70-0915-4997-9336-063EDCF5B2ED}" = protocol=17 | dir=in | app=d:\games\diablo iii beta\diablo iii.exe | 
"{63C9FBFD-94E9-431C-A3A8-B18D35CAFB19}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{63E766C4-360A-4BA9-ACDF-E09558237470}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\srcds.exe | 
"{646E9779-7AFB-43A7-ADB4-0391CD61EC2C}" = dir=out | app=c:\program files (x86)\zecter\zumodrive\zumodrive.exe | 
"{65867C1E-59BF-401E-9A8B-D65E5E9D647B}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\ns2.exe | 
"{66806F7E-3901-4673-8BDC-67455D64F1DA}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\from dust\from_dust.exe | 
"{66F9C13F-3017-4236-A9F1-0F40F936D9D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{66FF120B-26AB-486B-A747-527E604CCB5E}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{671E5612-93C1-4B95-9304-188D28454B40}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\from dust\from_dust.exe | 
"{69EC02CA-FEAB-4740-A15F-6467A2FB49BB}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | 
"{6A1C2C7E-597B-4F42-AD7C-B9FA8B299AC2}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\gratuitous space battles\gsb.exe | 
"{6A80287B-A418-47BD-8C0B-3AAC0E16CA1C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6C072347-AB71-4664-85EE-FF203B6CBC25}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\half-life\hl.exe | 
"{6CA7FC71-B37E-4FB5-BB70-CC937E7FFA1E}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{6DDDF192-A1B6-46EE-A5A2-2AFDB517F7D6}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe | 
"{6E768904-B9EC-451B-A192-9599B13939A5}" = protocol=6 | dir=in | app=d:\games\the secret world\clientpatcher.exe | 
"{70363F54-68E1-40B4-908E-799D1F44A2BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{71BDD049-18E6-4A66-8414-E9BB5F33DCF8}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\osmos\osmos.exe | 
"{71D0AEEB-40D4-43A4-82BD-0B5DDA9745CC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7342B605-669A-44D3-B071-FD90BBE197ED}" = protocol=17 | dir=in | app=d:\games\sacrifice\sacpro.exe | 
"{739988F9-0A21-4114-BA0F-7A0CB04C49AE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{74A83D69-9FA0-4316-B6F6-F4C39B4DE2C3}" = protocol=17 | dir=in | app=d:\games\assassin's creed ii\assassinscreediigame.exe | 
"{76857968-8261-4D54-BB5F-2ABCFA65D64E}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{76DB0BD3-362A-42D2-8F96-9B1E986397BA}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{7739CC30-6B8E-4BE1-B9EB-FD051BCC05E4}" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base19679\sc2.exe | 
"{77B4105E-CC6B-4E8A-9CBD-695AD42D89C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{77F16B05-B74C-48E4-9B23-7E0289F3CBB7}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{78FD9B8D-501D-42BA-9923-AB8AB3CD22E8}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{790EA419-85FF-44D1-B8BB-50E030CEAD59}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | 
"{7B71DB83-B74D-4268-BCC8-9FB42313569B}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{7E3E193D-A85D-4AEC-94CC-0ADE9CE37325}" = protocol=17 | dir=in | app=d:\games\crysis 2 demo\bin32\crysis2launcher.exe | 
"{7F5C5CB8-E829-4574-A58B-9BEE6F574359}" = protocol=6 | dir=in | app=d:\games\league of legends\game\league of legends.exe | 
"{800126F1-82C3-4646-8B81-16CDF0EB8C99}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{805FD052-04BA-4A3F-A31A-E5B5B3E864A5}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{80D86821-252D-4020-8A8D-5A8F429359A8}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{810BBF4D-DC0B-479C-821D-96B4C95497DF}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{821C082E-54C5-4CE2-B53F-503DAF41522B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{8227B77C-D11C-4B92-A80B-7631C1715265}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{83025A0E-8479-46FB-ADF3-6175487F7CC1}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\launchpad.exe | 
"{860D9542-175B-49AA-8D96-97002BF623D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8635233D-F007-45E0-804E-BFC41DED716B}" = protocol=6 | dir=in | app=d:\games\maniaplanet\maniaplanet.exe | 
"{863ABF60-E8DF-4852-A0C8-CCD8CC3B5922}" = protocol=6 | dir=in | app=d:\games\assassin's creed ii\assassinscreedii.exe | 
"{8677C972-6835-41E6-ABDF-9DDD464E1B24}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\brink\brink.exe | 
"{89460D60-244B-4CB8-9FCD-C69E42BA3A27}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{8A4E5A19-AFFB-4FF7-9FDC-18160C660C6B}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\launchpad.exe | 
"{8A558F2C-B355-4F5F-84D0-D4D28DA5D198}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{8CD27473-9693-474A-A2EA-BE038D7590C1}" = protocol=17 | dir=in | app=d:\games\league of legends\air\lolclient.exe | 
"{8DFED289-68C3-4C2D-B6C3-4EC7437258C3}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | 
"{8E2A3B85-724F-4DEE-9F8E-D77CA0D38164}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8E5FE767-0076-47AA-B50B-53777C66B9A4}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\srcds.exe | 
"{8E93F14E-AA87-40EE-939D-F240AE70A2C7}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{906DB811-9577-443C-8D78-9C79512233ED}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{90FCAE85-0606-4FF1-93F0-B12AB1CE97DA}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{910F96C4-4652-43D6-A473-4D41667DEDE1}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\launchpad.exe | 
"{9163E4B6-0A23-450B-8AB0-8135877F5FCE}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{935DD952-E381-4405-AB08-19601E53E583}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{94100EA2-2534-4521-A6A6-83192F6AACBB}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\brink\brink.exe | 
"{945A92D6-532E-4657-A267-0B898B3EC588}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9534C520-6BE5-4047-81B6-2C1ECF9B2B2E}" = dir=in | app=e:\games\max payne 3\playmaxpayne3.exe | 
"{95D909D1-7855-4BE5-9BBD-9C272533F863}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | 
"{965AE42F-134A-44DE-ABC3-2CDD8886AD58}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{971C3ED5-F218-4066-8E8E-A39D9BBD0CA0}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{97DA5A27-6B2F-43B8-B448-BB4BF89A00D5}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\shank\bin\shank.exe | 
"{98118977-70D7-43A9-BA7B-86455A6E3724}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B29710B-523F-4094-90FD-AD7954B0E617}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{9BA952B6-1352-42A2-A3B7-FB5046064774}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\steelstorm-dedicated.exe | 
"{9E4E9F5E-35B9-4704-B953-2BB5C1CB2301}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\osmos\osmos.exe | 
"{9F052551-DE98-4AF4-8DDB-69D65E0082F6}" = protocol=6 | dir=in | app=d:\games\might & magic heroes vi - public closed beta\might & magic heroes vi.exe | 
"{A11F72FB-8A03-4E34-974B-1F17D44B5C01}" = protocol=17 | dir=in | app=d:\games\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe | 
"{A336B055-11C8-4FDB-BA6D-5603A1375AFD}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe | 
"{A40DB6A0-440E-4B01-AAC0-C967ABC1EFA2}" = protocol=17 | dir=in | app=d:\coding\mongodb-win32-x86_64-2.0.1\bin\mongod.exe | 
"{A55D17A1-4C8D-41DA-9478-B90225924A10}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\counter-strike\hl.exe | 
"{A599FA69-809C-4DBA-8FCD-0C789B2A4BE0}" = protocol=6 | dir=in | app=d:\games\battlefield bad company 2\bfbc2updater.exe | 
"{A629AB71-D9E0-4EB1-841F-447E6674E695}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{A63D4E53-A1E3-498F-850B-5CA5D901E6ED}" = protocol=6 | dir=in | app=d:\coding\mongodb-win32-x86_64-1.8.1\bin\mongod.exe | 
"{A64A0AAA-354C-4F3E-B104-18FC06B7A5D6}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\half-life\hl.exe | 
"{A7163A2C-9091-4A09-BC10-E8D6E9D90946}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{A7961CA1-7A8D-4486-8EF9-6C82A56716B8}" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"{A9E3C1C7-E86C-4706-BFBC-1B4CADCE1682}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\wiselinkpro.exe | 
"{AC5D8FAA-0152-42DC-90DC-F226A53500E4}" = protocol=6 | dir=in | app=d:\games\assassin's creed ii\uplaybrowser.exe | 
"{AC94B1EC-CE5C-49FA-8A61-3304DE08D6BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD1F6E36-F59C-4914-9A8C-DE88F7A0D3A2}" = protocol=17 | dir=in | app=d:\coding\aptana studio 3\aptanastudio3.exe | 
"{ADF606C1-82AB-43B1-886F-689D15E37F86}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\machinarium\machinarium.exe | 
"{AE0766C0-A6F2-4940-9122-BD85AA9CD467}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{AE452443-622D-4775-8E0E-0B53977D60A5}" = protocol=17 | dir=in | app=d:\downloads\openlierox\openlierox\openlierox.exe | 
"{B0AE12EF-B172-4E29-B3BA-198016C747F4}" = protocol=17 | dir=in | app=d:\games\the secret world\clientpatcher.exe | 
"{B0C741A6-5748-456E-A50F-4CFCD5B9B598}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{B3021AE1-8316-4926-8335-36C1CF25F11A}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\ns2.exe | 
"{B3A135B5-30D7-4161-901D-EFFD2E846FF3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B41B17B0-70A0-4848-85CD-02E5C3BBEB4C}" = protocol=17 | dir=in | app=d:\games\sacrifice\sacrifice.exe | 
"{B524B600-9555-488F-8C76-569C40D7B690}" = protocol=6 | dir=in | app=d:\games\league of legends\air\lolclient.exe | 
"{B63B73CE-EBD8-4474-8E63-53C1E2B3E979}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dota 2 test\dota.exe | 
"{B657C087-D0AA-4E89-803C-285E8F2C09EA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B70F4A99-89E8-443F-B2F7-474BEDEAA7F2}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\swarm.exe | 
"{B99EB0C7-FD27-4CA4-8FE8-784438FCB532}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\netradiant_win32\radiant.exe | 
"{BA9D9EFA-C1C0-43C0-8505-4852690FAA19}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BB7CB6E4-BE14-43A1-B391-76FBB16759FB}" = protocol=6 | dir=out | app=system | 
"{BC49F983-794B-492F-99BF-A087D5EC118E}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\cogs\cogs.exe | 
"{BFFAC7B9-73B4-4AE6-AAF5-70384B179746}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe | 
"{C2A08AE6-85C8-4922-866A-D5FF603D270C}" = protocol=17 | dir=in | app=d:\games\assassin's creed ii\assassinscreedii.exe | 
"{C3771204-D3E5-4411-9E45-C03AE62B249B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{C72F99DF-9E38-450F-9923-78D1A27ECDF9}" = protocol=17 | dir=in | app=e:\games\steam\steam.exe | 
"{C85CD130-B05E-4802-89A3-1F5ECE0519AE}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{CA3605BA-0CDD-4CEA-83C4-70FBF3CFCBE0}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{CA4C6ABF-913D-44CA-AECF-2BB10229E164}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\steelstorm.exe | 
"{D0DDCA49-0AD5-4BE0-A0F4-A15DA763194A}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\srcds.exe | 
"{D29500CC-0D90-4DAA-9782-EAFF3AD7230C}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe | 
"{D2B6E0C7-61CE-4E07-A480-0237AE5459DD}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\shank\bin\shank.exe | 
"{D494F98B-7C56-4CAE-83F9-8037283030C2}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\netradiant_win32\radiant.exe | 
"{D935CE7F-043F-42EB-B1FC-AD900A38F194}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{DB6CE2FA-27EB-450B-A298-42C7E3927BBE}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{DC80928D-FB89-47E3-95D4-AAFF197EB2E6}" = protocol=17 | dir=in | app=d:\games\battlefield bad company 2\bfbc2updater.exe | 
"{DD14D57D-BD54-4EDE-9803-C2DDD731E6DB}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{DF200A6D-989E-499D-AF68-11E62233FB31}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\half-life\hl.exe | 
"{E1DD98E7-0908-4B1E-AC56-E267AD59A907}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\swarm.exe | 
"{E3079A38-1790-434A-80B5-1DEDCAB41D0E}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_25\bin\java.exe | 
"{E332382C-8806-42D6-88CA-6D173DFBBB50}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\cogs\cogs.exe | 
"{E54C7659-547B-4953-AD70-51C7F80E342E}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{E5550310-307B-40EF-BB07-CEC2C78F21B4}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\ns2.exe | 
"{E626F377-682B-4411-A8AD-1E268023B7B1}" = protocol=6 | dir=in | app=d:\coding\eclipse\eclipse.exe | 
"{E9756B91-1486-4AE4-9F3B-E4264A29001E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{EC35BC12-95E5-4270-8C2C-B7EBC2406082}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\counter-strike\hl.exe | 
"{ED0EACC7-C9B3-4713-9295-1E59E0D406B0}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{EEE04416-C6EA-4E24-90FF-3AD300F60276}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | 
"{EF2B887B-93E1-4D1D-BF35-296B22F5093A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{F1027DD5-2FBD-4522-9207-618CAC3E1475}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\cogs\cogs.exe | 
"{F1D1E671-A3FC-49EE-BB61-51AD7ED3418E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F25BC10D-360D-4D6A-9DFE-47381CD5E718}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F387DB4B-065A-4248-A590-0ED7143E1DC0}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | 
"{F3AC8BCD-799A-41C0-B259-18B7E175DC6D}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\machinarium\machinarium.exe | 
"{F4F6777A-3B71-4D0F-923B-80DA9F6BA660}" = protocol=17 | dir=in | app=d:\games\maniaplanet\maniaplanet.exe | 
"{F60362E8-B3BA-47C7-9CE7-A3FF40CE4E10}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe | 
"{F65634FB-3788-49EC-B068-D2E976B40EDB}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{F7845306-19F4-4534-B524-29C095C24412}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{F8E6EBEC-B162-47F1-8B6A-94721B0F2C6E}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe | 
"{F913725D-F665-48EC-A4E9-004DB75FD7AF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{FB8CD308-D71D-4DB1-A297-234DFC4FA0CD}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | 
"{FC761459-468A-4E9B-B8F3-030820F60EE6}" = protocol=17 | dir=in | app=d:\games\might & magic heroes vi - public closed beta\might & magic heroes vi.exe | 
"{FD050AF4-17A8-421D-A016-DFB954CEB24D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{FFC1B0DE-D38E-4B84-A847-C495F4CCC4B5}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\counter-strike source\hl2.exe | 
"TCP Query User{013339BC-F7F8-4CE4-AB78-4AC8B420226A}D:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{0F63EBD8-636F-476A-8037-BBDE03EF2381}D:\games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\games\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{11A7B548-976A-4B93-9B28-AA962E03B1CA}C:\users\loken\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\loken\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{19181477-3BA6-4326-91A5-39FFD6D32C2C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{1F922A05-353F-4E74-B9A7-EE7AD6DF175D}D:\games\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\games\borderlands\binaries\borderlands.exe | 
"TCP Query User{2273B53D-3563-495E-9A83-45A734AAC597}D:\games\lost planet 2\lp2dx11.exe" = protocol=6 | dir=in | app=d:\games\lost planet 2\lp2dx11.exe | 
"TCP Query User{294D2051-E584-42DE-BDC7-CB80FD2B8495}D:\downloads\downloader_diablo2_lord_of_destruction_engb.exe" = protocol=6 | dir=in | app=d:\downloads\downloader_diablo2_lord_of_destruction_engb.exe | 
"TCP Query User{2BA0AFD2-72FA-417B-B472-007548DA9325}D:\downloads\downloader_warcraft3_reign_of_chaos_engb.exe" = protocol=6 | dir=in | app=d:\downloads\downloader_warcraft3_reign_of_chaos_engb.exe | 
"TCP Query User{2E6DB3FD-A1C5-4F33-B3FE-16496773A624}D:\games\hunted the demons forge\binaries\win32\p4dftre.dll" = protocol=6 | dir=in | app=d:\games\hunted the demons forge\binaries\win32\p4dftre.dll | 
"TCP Query User{30030A19-0505-4A95-9049-51E637CC35B8}D:\games\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=d:\games\maniaplanet\maniaplanet.exe | 
"TCP Query User{314B0585-A8FC-434B-BF0D-8F4ACD8C3629}D:\downloads\downloader_diablo2_engb.exe" = protocol=6 | dir=in | app=d:\downloads\downloader_diablo2_engb.exe | 
"TCP Query User{356627FE-AAB3-4003-9AB1-A8BA03CE9C96}D:\games\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\games\crysis 2\bin32\crysis2.exe | 
"TCP Query User{3705862B-C9C3-4348-A3D4-AAE459A42DF0}C:\users\loken\appdata\local\temp\dsoclient\app.n3app" = protocol=6 | dir=in | app=c:\users\loken\appdata\local\temp\dsoclient\app.n3app | 
"TCP Query User{39CBED72-321F-4772-9A50-2CE5DBBF33C2}D:\games\vindictus\en-us\nmservice.exe" = protocol=6 | dir=in | app=d:\games\vindictus\en-us\nmservice.exe | 
"TCP Query User{3BF8F489-EFF8-4C34-ADB3-18D6ED1CEB1D}E:\games\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | 
"TCP Query User{3D1167B0-D554-4282-A1CE-B5B557323F8E}C:\program files\java\jdk1.6.0_25\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_25\bin\javaw.exe | 
"TCP Query User{3EB41B75-F516-45B7-9E82-05F6529F306F}D:\games\hon\hon.exe" = protocol=6 | dir=in | app=d:\games\hon\hon.exe | 
"TCP Query User{4D4BEA9E-E46D-4ABE-8551-BC4C5A413F2F}D:\coding\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\coding\eclipse\eclipse.exe | 
"TCP Query User{53425D78-8066-492D-9001-A73AA7BA55BA}D:\games\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=d:\games\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe | 
"TCP Query User{552CEEF3-38EC-440D-8609-85340403BECE}D:\games\front mission evolved\frontmissionevolved.exe" = protocol=6 | dir=in | app=d:\games\front mission evolved\frontmissionevolved.exe | 
"TCP Query User{5DE5C34C-F0F0-446D-925E-9F46FEA0ACD7}D:\coding\mongodb-win32-x86_64-2.0.1\bin\mongod.exe" = protocol=6 | dir=in | app=d:\coding\mongodb-win32-x86_64-2.0.1\bin\mongod.exe | 
"TCP Query User{614E8855-A3C3-40D0-A2A2-1BB925FFA68A}D:\games\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\games\the witcher 2\bin\witcher2.exe | 
"TCP Query User{6204093E-8A7E-4E64-A14B-2531BFC90C39}D:\games\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{78673474-1DC5-4E95-9849-2AD2D7A2108C}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | 
"TCP Query User{7BEEE351-9729-46E8-BEAE-74DFB285B841}D:\games\mortal online\mortal online launcher.exe" = protocol=6 | dir=in | app=d:\games\mortal online\mortal online launcher.exe | 
"TCP Query User{7F92FC75-CC56-4546-8DFC-931A9C764BFF}D:\games\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\games\soldat\soldat.exe | 
"TCP Query User{81F60E9F-5923-4539-BAD1-7734C89CF042}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{8216A721-F04A-4A9E-9CAB-1503F26F746C}D:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{83CE7BDE-BE4A-4A53-B5C7-9B6B5AF7CC89}D:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\war3.exe | 
"TCP Query User{896501C9-C7BC-4EA6-BB47-E25B0077C05D}D:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{8D292B67-FF9A-410B-8140-3CE80C44AD4F}E:\games\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe | 
"TCP Query User{961BF505-2284-49D4-8BD5-F671FF512DEA}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{9FCD3E7E-2A85-4047-B4C1-F9870CCF8EB0}D:\coding\mongodb-win32-x86_64-1.8.1\bin\mongod.exe" = protocol=6 | dir=in | app=d:\coding\mongodb-win32-x86_64-1.8.1\bin\mongod.exe | 
"TCP Query User{A32197D6-1CE9-4410-87C4-673D86CBB7F2}D:\games\squareenix\final fantasy xiv beta version\ffxivboot.exe" = protocol=6 | dir=in | app=d:\games\squareenix\final fantasy xiv beta version\ffxivboot.exe | 
"TCP Query User{A985C51F-9C5B-478D-B8A0-E105B745684A}D:\games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=d:\games\league of legends\lol.launcher.exe | 
"TCP Query User{AB8C9696-3822-43CC-8D1E-143D29995600}D:\games\sacrifice\sacrifice.exe" = protocol=6 | dir=in | app=d:\games\sacrifice\sacrifice.exe | 
"TCP Query User{B78B9675-D94B-41BB-AE65-D723EAF415E2}D:\games\crysis 2 demo\bin32\crysis2demo.exe" = protocol=6 | dir=in | app=d:\games\crysis 2 demo\bin32\crysis2demo.exe | 
"TCP Query User{C062DD20-2B57-4867-B720-B43F4A091749}D:\coding\aptana studio 3\aptanastudio3.exe" = protocol=6 | dir=in | app=d:\coding\aptana studio 3\aptanastudio3.exe | 
"TCP Query User{C46B2A90-1CB1-40D8-BD6B-C204CAB2946D}D:\coding\eclipseseam\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\coding\eclipseseam\eclipse\eclipse.exe | 
"TCP Query User{C782D710-6216-49C6-9D3C-ABF719845643}E:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | 
"TCP Query User{C7959C5B-AF63-4E34-A21D-1FBFC77AF21E}D:\games\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=6 | dir=in | app=d:\games\bloodline champions beta\binary\bloodlinechampionsloader.exe | 
"TCP Query User{CA29E3C1-39A7-4300-8FE2-18BC0BCF4E5C}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"TCP Query User{CC008960-00FD-4CC6-92F3-63836BC8972F}D:\coding\eclipseseam\jdk1.6.0_22_32bit\bin\javaw.exe" = protocol=6 | dir=in | app=d:\coding\eclipseseam\jdk1.6.0_22_32bit\bin\javaw.exe | 
"TCP Query User{CEC1C65E-1894-4EEC-86D5-29652F19E914}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{D65A88F5-73B9-4BF3-B0D2-211AB46DD79C}D:\downloads\openlierox\openlierox\openlierox.exe" = protocol=6 | dir=in | app=d:\downloads\openlierox\openlierox\openlierox.exe | 
"TCP Query User{DCB01605-C840-4199-A545-D7075C7D91C2}C:\program files\java\jdk1.6.0_25\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_25\bin\java.exe | 
"TCP Query User{E429E59F-9ACE-4224-8B65-6D12574A3863}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{EA8771CD-1C4D-4DEC-9525-EFCBBB1ADCAD}D:\games\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\games\tera\tera-launcher.exe | 
"TCP Query User{EE9FB2E1-151B-411D-A770-B99E7886CC09}D:\downloads\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=d:\downloads\starcraft_2_eu_en-gb.exe | 
"TCP Query User{F043913B-A034-45DE-9479-CFEFF2F87B4A}D:\games\sacrifice\sacpro.exe" = protocol=6 | dir=in | app=d:\games\sacrifice\sacpro.exe | 
"TCP Query User{F14C7EA9-3DE8-486B-81B7-9F6564C767B5}C:\program files (x86)\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip 2010\qip.exe | 
"TCP Query User{F52A0C92-7FCC-4B65-9237-9300F0CFFF29}D:\games\mortal online\mortalonline\unrealengine3\binaries\win32\mortalonline.exe" = protocol=6 | dir=in | app=d:\games\mortal online\mortalonline\unrealengine3\binaries\win32\mortalonline.exe | 
"TCP Query User{F80A31F9-07A6-4E82-A35E-A3A09D8F8A15}D:\games\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=d:\games\orcs must die!\build\release\orcsmustdie.exe | 
"TCP Query User{FF89F680-EB72-4AC8-BA68-D9E1AA4A8C0B}D:\downloads\downloader_warcraft3_the_frozen_throne_engb.exe" = protocol=6 | dir=in | app=d:\downloads\downloader_warcraft3_the_frozen_throne_engb.exe | 
"UDP Query User{198ED09A-F3E0-462D-92E3-9A5DEBCCF3F7}D:\games\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=d:\games\maniaplanet\maniaplanet.exe | 
"UDP Query User{1B389EB3-5947-4B4B-B621-6BC51BB9720D}D:\games\front mission evolved\frontmissionevolved.exe" = protocol=17 | dir=in | app=d:\games\front mission evolved\frontmissionevolved.exe | 
"UDP Query User{1C045350-01E1-4C65-8076-83A426DC088A}D:\coding\aptana studio 3\aptanastudio3.exe" = protocol=17 | dir=in | app=d:\coding\aptana studio 3\aptanastudio3.exe | 
"UDP Query User{25C2F7D9-0519-47C5-8DF0-8D9A8F5B7ED6}D:\games\vindictus\en-us\nmservice.exe" = protocol=17 | dir=in | app=d:\games\vindictus\en-us\nmservice.exe | 
"UDP Query User{270D290B-AFA0-43D4-AF0E-5E4810DBF6E0}D:\games\hunted the demons forge\binaries\win32\p4dftre.dll" = protocol=17 | dir=in | app=d:\games\hunted the demons forge\binaries\win32\p4dftre.dll | 
"UDP Query User{2E5FA2BB-EC72-44D3-8C68-74F376C1B4A8}D:\games\squareenix\final fantasy xiv beta version\ffxivboot.exe" = protocol=17 | dir=in | app=d:\games\squareenix\final fantasy xiv beta version\ffxivboot.exe | 
"UDP Query User{311B7059-0571-4FB8-B5DC-4D6DD3D6F344}D:\games\lost planet 2\lp2dx11.exe" = protocol=17 | dir=in | app=d:\games\lost planet 2\lp2dx11.exe | 
"UDP Query User{31930926-832F-433E-B9DC-815CA97B0CA8}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{3714CADF-E59D-42C0-8412-BBD72FDB5A95}D:\games\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{3BAC0325-4112-4289-B484-9FFA9B8AF218}D:\coding\mongodb-win32-x86_64-2.0.1\bin\mongod.exe" = protocol=17 | dir=in | app=d:\coding\mongodb-win32-x86_64-2.0.1\bin\mongod.exe | 
"UDP Query User{45661AEA-257B-4E50-AB15-5FCF297CD130}D:\games\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=17 | dir=in | app=d:\games\bloodline champions beta\binary\bloodlinechampionsloader.exe | 
"UDP Query User{46C720C3-B021-4A67-9610-7EE2FF32B6FC}E:\games\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe | 
"UDP Query User{474DDA0F-D259-4E91-B406-8AB813BA8E86}E:\games\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | 
"UDP Query User{4E0B46E5-1546-443E-B1DB-54DD7A0079E6}D:\games\hon\hon.exe" = protocol=17 | dir=in | app=d:\games\hon\hon.exe | 
"UDP Query User{4F30FE56-6701-4C49-B542-176652A9211A}D:\downloads\downloader_warcraft3_reign_of_chaos_engb.exe" = protocol=17 | dir=in | app=d:\downloads\downloader_warcraft3_reign_of_chaos_engb.exe | 
"UDP Query User{54092864-EF7C-4012-9971-79BF81C8ED7A}D:\games\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\games\borderlands\binaries\borderlands.exe | 
"UDP Query User{5E37F377-BA31-4E42-A9BD-B1D42F384DFA}D:\games\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\games\the witcher 2\bin\witcher2.exe | 
"UDP Query User{6129EE90-5E77-4B91-8E11-3B6B9B47299A}D:\downloads\downloader_diablo2_engb.exe" = protocol=17 | dir=in | app=d:\downloads\downloader_diablo2_engb.exe | 
"UDP Query User{61C35726-06A8-4710-B16F-C14FB06782F8}D:\coding\mongodb-win32-x86_64-1.8.1\bin\mongod.exe" = protocol=17 | dir=in | app=d:\coding\mongodb-win32-x86_64-1.8.1\bin\mongod.exe | 
"UDP Query User{65BB4002-D673-457B-ABE4-653D4412C19F}D:\downloads\downloader_warcraft3_the_frozen_throne_engb.exe" = protocol=17 | dir=in | app=d:\downloads\downloader_warcraft3_the_frozen_throne_engb.exe | 
"UDP Query User{6E686BFC-CB93-4DAC-982C-C981DE0E01FF}D:\games\crysis 2 demo\bin32\crysis2demo.exe" = protocol=17 | dir=in | app=d:\games\crysis 2 demo\bin32\crysis2demo.exe | 
"UDP Query User{73AB3E65-4CF2-4F35-ACF6-29E99D51727F}D:\games\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=d:\games\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe | 
"UDP Query User{751BE26D-70F6-4C96-9F39-FCD28B8B8861}D:\coding\eclipseseam\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\coding\eclipseseam\eclipse\eclipse.exe | 
"UDP Query User{752007F8-4BD9-45B6-A15E-0A1D1E49A626}D:\coding\eclipseseam\jdk1.6.0_22_32bit\bin\javaw.exe" = protocol=17 | dir=in | app=d:\coding\eclipseseam\jdk1.6.0_22_32bit\bin\javaw.exe | 
"UDP Query User{7C97F23E-98A6-4610-9B9C-B7EF7B0B8B61}D:\coding\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\coding\eclipse\eclipse.exe | 
"UDP Query User{7FD64A98-F14D-4650-A2A3-82328F27F35D}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | 
"UDP Query User{8338FA5C-F223-4DE1-94F4-5833B82E4251}D:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{849DFA84-5432-4582-8EC2-25125301645C}D:\games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=d:\games\league of legends\lol.launcher.exe | 
"UDP Query User{8741742E-1088-4669-86E3-B84FA8241C0E}D:\downloads\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=d:\downloads\starcraft_2_eu_en-gb.exe | 
"UDP Query User{935207B0-36AF-42D3-8E4A-7F81DADE359B}C:\program files (x86)\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip 2010\qip.exe | 
"UDP Query User{9EACC4DE-3909-47BF-AAD5-9910AD63147C}D:\games\mortal online\mortalonline\unrealengine3\binaries\win32\mortalonline.exe" = protocol=17 | dir=in | app=d:\games\mortal online\mortalonline\unrealengine3\binaries\win32\mortalonline.exe | 
"UDP Query User{A238CEAE-3209-444F-B6E7-2E271094D35C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{A2D0ED4D-E17C-46B1-BE58-7406BDE23366}D:\downloads\downloader_diablo2_lord_of_destruction_engb.exe" = protocol=17 | dir=in | app=d:\downloads\downloader_diablo2_lord_of_destruction_engb.exe | 
"UDP Query User{A55A172E-F796-404C-AB2E-80DC9F40CEA2}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{AA631CE5-E6BF-4425-9CDC-5E093D6B9C41}D:\games\sacrifice\sacpro.exe" = protocol=17 | dir=in | app=d:\games\sacrifice\sacpro.exe | 
"UDP Query User{AB29208F-3DD7-4289-9CEC-B3D356097122}C:\users\loken\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\loken\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{AFA98850-2751-492E-B8EB-5CCA2B258533}E:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | 
"UDP Query User{B3B3FE6C-BDFB-4D52-9F31-2059A427275D}C:\users\loken\appdata\local\temp\dsoclient\app.n3app" = protocol=17 | dir=in | app=c:\users\loken\appdata\local\temp\dsoclient\app.n3app | 
"UDP Query User{B4303567-3A16-467D-8DEB-D35D1FEF56DF}C:\program files\java\jdk1.6.0_25\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_25\bin\java.exe | 
"UDP Query User{B617320E-5197-499F-8157-562175808E4D}D:\games\sacrifice\sacrifice.exe" = protocol=17 | dir=in | app=d:\games\sacrifice\sacrifice.exe | 
"UDP Query User{B6AE0348-6498-4B72-AA3D-556DC63E0106}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{C5655CED-49CC-443A-8170-9104EBD393C3}D:\games\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\games\tera\tera-launcher.exe | 
"UDP Query User{CE9B9F14-0570-429A-8002-B61FA3C30D05}D:\games\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\games\crysis 2\bin32\crysis2.exe | 
"UDP Query User{CF040B27-8A36-4513-94A8-6C83E8DA73BF}D:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\war3.exe | 
"UDP Query User{D02C10E6-47B1-4AAB-9E8F-B896A61D9D8F}D:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{D70AEAD7-9830-484F-907A-79E34466C768}D:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{DD65DA4B-5980-4D24-A3B3-E8B8BC80B7BF}D:\games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\games\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{DF26936E-C23D-4BC4-A125-43095194F725}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{E32A5DDA-8286-49A1-AF92-2EC6AD2F5DD8}C:\program files\java\jdk1.6.0_25\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_25\bin\javaw.exe | 
"UDP Query User{F311BF6F-4A2A-411F-997C-569C8A3AB299}D:\games\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\games\soldat\soldat.exe | 
"UDP Query User{FC1A83B4-5EA3-49C9-BC8B-142CC07699DF}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"UDP Query User{FC7CB17A-7E55-41F1-8F81-9EBB8AABB9DE}D:\downloads\openlierox\openlierox\openlierox.exe" = protocol=17 | dir=in | app=d:\downloads\openlierox\openlierox\openlierox.exe | 
"UDP Query User{FE8B8D1C-C42E-4EC1-B1AA-F06066BC0CEE}D:\games\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=d:\games\orcs must die!\build\release\orcsmustdie.exe | 
"UDP Query User{FF83AAB8-F97A-4F7A-93DE-9E10C67EA747}D:\games\mortal online\mortal online launcher.exe" = protocol=17 | dir=in | app=d:\games\mortal online\mortal online launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21D0374C-C358-0748-CAF9-7CBE65EB6FFF}" = AMD Fuel
"{23170F69-40C1-2702-0917-000001000000}" = 7-Zip 9.17 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{5C770DFD-6F38-4915-8FF5-C7C7555039A9}" = MySQL Server 5.5
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java(TM) SE Development Kit 6 Update 25 (64-bit)
"{6DC8FF97-A9CF-02F2-8FC1-F5E1B69A34E3}" = AMD AVIVO64 Codecs
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E1EC311E-EB1A-461E-A0BE-FA796852436D}" = O&O DiskRecovery
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19F59AB5-B1F6-4276-A40B-09472318BCFF}" = Star Wars Galaxies: Complete Online Adventures
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1C78514A-5E5A-E653-1271-DAC1744206E3}" = HydraVision
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = AMD VISION Engine Control Center
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2DDC57D4-594D-4F30-8D81-27FDB2243644}_is1" = Deus EX Human Revolution version v1.1
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{951D4810-1C32-47D1-A5BD-7A1BFB526D94}" = DAoC Portal
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAA11826-70EF-4E44-9E97-8476793E022F}" = Launchpad Enhanced
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C4AE43CF-02E1-4896-B64A-A07E033B8920}" = Atlassian Bonfire Internet Explorer Extension 1.8.5.0
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.3
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"ALchemy" = Creative ALchemy
"Aptana Studio 3" = Aptana Studio 3
"Astaro SSL VPN Client" = Astaro SSL VPN Client 1.7
"AudioCS" = Creative Audio-Systemsteuerung
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"Borderlands Gold_is1" = Borderlands Gold
"CDisplayEx_is1" = CDisplayEx 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Dark Age of Camelot" = Dark Age of Camelot
"Darksiders_is1" = Darksiders
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"Downloader" = Downloader
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.8 (09/12/2011) Qt
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FileZilla Client" = FileZilla Client 3.3.5.1
"foobar2000" = foobar2000 v1.1.1
"Foxit Reader" = Foxit Reader
"Front Mission Evolved_is1" = Front Mission Evolved
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"HD Tune Pro_is1" = HD Tune Pro 5.00
"HeidiSQL_is1" = HeidiSQL 6.0
"hon" = Heroes of Newerth
"Hunted The Demons Forge_is1" = Hunted The Demons Forge
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.17
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.0 (Full)
"LastFM_is1" = Last.fm 1.5.4.27091
"Lexmark X1100 Series" = Lexmark X1100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"ManiaPlanet_is1" = ManiaPlanet
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Orcs Must Die!_is1" = Orcs Must Die!
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Puzzle Quest 2_is1" = Puzzle Quest 2
"RAGE LEAKED PATCH CRASHFIX 1.00" = RAGE LEAKED PATCH CRASHFIX 1.00
"Rockstar Games Social Club" = Rockstar Games Social Club
"Sacrifice_is1" = Sacrifice
"Star Wars The Force Unleashed_is1" = Star Wars The Force Unleashed
"StarCraft II" = StarCraft II
"Steam App 18700" = And Yet It Moves
"Steam App 22350" = Brink
"Steam App 26500" = Cogs
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 29180" = Osmos
"Steam App 33460" = From Dust
"Steam App 35130" = Lara Croft and the Guardian of Light
"Steam App 40700" = Machinarium
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41100" = Hammerfight
"Steam App 41800" = Gratuitous Space Battles
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 4920" = Natural Selection 2
"Steam App 55040" = Atom Zombie Smasher 
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 570" = Dota 2
"Steam App 6120" = Shank
"Steam App 630" = Alien Swarm
"Steam App 6370" = Bloodline Champions
"Steam App 65800" = Dungeon Defenders
"Steam App 70300" = VVVVVV
"Steam App 93200" = Revenge of the Titans
"Steam App 94200" = Jamestown
"Steam App 96200" = Steel Storm: Burning Retribution
"The Secret World_is1" = The Secret World
"Time Doctor_is1" = Time Doctor 1.3.31
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.7
"VMware_Workstation" = VMware Workstation
"Warcraft III" = Warcraft III
"winscp3_is1" = WinSCP 4.3.4
"ZumoDrive" = ZumoDrive
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"JoinMe" = join.me
"QIP 2010" = QIP 2010 10.8.12.4000
"SOE-Vanguard" = Vanguard
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.07.2012 05:18:10 | Computer Name = Loken-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Smite.exe, Version: 0.1.954.0, Zeitstempel:
 0x4ff72be3  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x00000001  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x10e8  Startzeit der fehlerhaften Anwendung: 0x01cd5ce99f11ab91  Pfad der
 fehlerhaften Anwendung: D:\games\Hi-Rez Studios\HiRezGames\smite\binaries\Win32\Smite.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: d5cb4707-c8dd-11e1-9672-005056c00008
 
Error - 08.07.2012 05:18:15 | Computer Name = Loken-PC | Source = Application Hang | ID = 1002
Description = Programm Smite.exe, Version 0.1.954.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 10e8    Startzeit:
 01cd5ce99f11ab91    Endzeit: 360    Anwendungspfad: D:\games\Hi-Rez Studios\HiRezGames\smite\binaries\Win32\Smite.exe

Berichts-ID:
   
 
Error - 10.07.2012 12:13:50 | Computer Name = Loken-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.250.6 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1824    Startzeit:
 01cd5e8086ed5d0b    Endzeit: 44    Anwendungspfad: C:\Program Files\Java\jre6\bin\javaw.exe

Berichts-ID:
   
 
Error - 10.07.2012 15:12:49 | Computer Name = Loken-PC | Source = Application Hang | ID = 1002
Description = Programm TheSecretWorldDX11.exe, Version 1.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1774    Startzeit: 01cd5eb72195a5e5    Endzeit: 1537    Anwendungspfad:
 D:\games\The Secret World\TheSecretWorldDX11.exe    Berichts-ID:   
 
Error - 13.07.2012 08:44:55 | Computer Name = Loken-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 17.07.2012 11:54:55 | Computer Name = Loken-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 17.07.2012 12:45:47 | Computer Name = Loken-PC | Source = Application Hang | ID = 1002
Description = Programm taskmgr.exe, Version 6.1.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: bfc    Startzeit: 01cd643b7fa6f242    Endzeit: 4    Anwendungspfad: C:\Windows\system32\taskmgr.exe

Berichts-ID:
 d785ddbf-d02e-11e1-a0d4-005056c00008  
 
Error - 17.07.2012 19:41:07 | Computer Name = Loken-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MaxPayne3.exe, Version: 1.0.0.17,
 Zeitstempel: 0x4fc81bbe  Name des fehlerhaften Moduls: MaxPayne3.exe, Version: 1.0.0.17,
 Zeitstempel: 0x4fc81bbe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00ae65cb  ID des fehlerhaften
 Prozesses: 0x218c  Startzeit der fehlerhaften Anwendung: 0x01cd645fe483fd12  Pfad der
 fehlerhaften Anwendung: E:\Games\Max Payne 3\MaxPayne3.exe  Pfad des fehlerhaften
 Moduls: E:\Games\Max Payne 3\MaxPayne3.exe  Berichtskennung: e0d5ce8e-d068-11e1-a0d4-005056c00008
 
Error - 19.07.2012 07:47:19 | Computer Name = Loken-PC | Source = Application Hang | ID = 1002
Description = Programm WinSCP.exe, Version 4.3.4.1428 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1ca0    Startzeit:
 01cd65a3e34dd36b    Endzeit: 3    Anwendungspfad: C:\Program Files (x86)\WinSCP\WinSCP.exe

Berichts-ID:
 7c405437-d197-11e1-b46f-005056c00008  
 
Error - 19.07.2012 12:27:28 | Computer Name = Loken-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.54.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17a4    Startzeit:
 01cd65c9dd782b57    Endzeit: 2    Anwendungspfad: C:\Users\Loken\Desktop\OTL.exe    Berichts-ID:
 9ee2959f-d1be-11e1-8f94-005056c00008  
 
[ System Events ]
Error - 12.07.2012 12:31:16 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 12.07.2012 12:31:23 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 13.07.2012 03:44:24 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 15.07.2012 13:54:39 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 16.07.2012 16:11:37 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 17.07.2012 03:21:09 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 19.07.2012 02:04:06 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 19.07.2012 05:42:39 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 19.07.2012 10:33:04 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 20.07.2012 12:01:04 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
--- --- ---


Grüße Chris
__________________

Alt 25.07.2012, 19:59   #4
markusg
/// Malware-holic
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



sorry für die wartezeit
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.07.2012, 14:32   #5
chris84
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



hey, gar kein problem! hier die logfile von combofix!

[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-27.01 - Loken 26.07.2012  15:22:09.1.6 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8190.6301 [GMT 2:00]
ausgeführt von:: c:\users\Loken\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\kikin
c:\program files (x86)\kikin\default_settings.xml
c:\program files (x86)\kikin\file_list.txt
c:\program files (x86)\kikin\ie_kikin.dll
c:\program files (x86)\kikin\KikinBroker.exe
c:\program files (x86)\kikin\KikinCrashReporter.exe
c:\program files (x86)\kikin\uninst.exe
c:\users\Loken\ace_uninstaller.exe
c:\users\Loken\AppData\Roaming\inst.exe
c:\users\Loken\AppData\Roaming\kikin
c:\users\Loken\AppData\Roaming\kikin\ff_configuration.xml
c:\users\Loken\AppData\Roaming\kikin\ff_kkes.xml
c:\users\Loken\AppData\Roaming\kikin\ff_settings.xml
c:\users\Loken\AppData\Roaming\kikin\ie_configuration.xml
c:\users\Loken\AppData\Roaming\kikin\ie_kkes.xml
c:\users\Loken\AppData\Roaming\kikin\ie_settings.xml
c:\users\Loken\AppData\Roaming\kikin\kikin_updater_2.4.15.exe
c:\users\Loken\AppData\Roaming\kikin\kikin_updater_2.9.1.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-26 bis 2012-07-26  ))))))))))))))))))))))))))))))
.
.
2012-07-26 13:27 . 2012-07-26 13:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-25 20:37 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C8F0597-64EF-4543-92B2-B56CE8F7EBB0}\mpengine.dll
2012-07-24 08:23 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-23 16:42 . 2012-07-23 16:42	--------	d-----w-	c:\users\Loken\AppData\Local\FalloutNV
2012-07-21 11:03 . 2012-07-21 11:03	--------	d-----w-	c:\programdata\ATI
2012-07-21 11:00 . 2012-07-21 11:00	--------	d-----w-	c:\program files (x86)\AMD AVT
2012-07-21 11:00 . 2012-07-21 11:00	--------	d-----w-	c:\program files (x86)\AMD APP
2012-07-21 11:00 . 2012-07-21 11:00	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2012-07-21 11:00 . 2012-07-21 11:00	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2012-07-21 10:57 . 2012-07-21 10:57	--------	d-----w-	c:\program files (x86)\ATI Technologies
2012-07-21 10:57 . 2012-07-21 10:57	--------	d-----w-	c:\program files\ATI
2012-07-21 00:48 . 2012-07-21 00:48	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-07-19 15:22 . 2012-07-19 15:22	--------	d-----w-	c:\users\Loken\AppData\Roaming\Malwarebytes
2012-07-19 15:21 . 2012-07-19 15:21	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-19 15:21 . 2012-07-19 15:22	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-19 15:21 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-19 14:49 . 2012-07-19 15:25	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-07-19 14:49 . 2012-07-19 15:23	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-07-19 13:36 . 2012-07-19 13:36	--------	d-----w-	c:\users\Loken\AppData\Local\Apps
2012-07-19 09:38 . 2011-12-19 10:44	60536	----a-w-	c:\windows\system32\drivers\sbhips.sys
2012-07-19 09:38 . 2011-12-19 11:21	45936	----a-w-	c:\windows\system32\sbbd.exe
2012-07-19 09:38 . 2011-10-26 12:23	57976	----a-w-	c:\windows\system32\drivers\sbredrv.sys
2012-07-19 09:38 . 2012-07-19 09:38	--------	d-----w-	c:\programdata\Lavasoft
2012-07-19 09:37 . 2012-07-19 09:43	--------	d-----w-	c:\program files (x86)\Ad-Aware Antivirus
2012-07-19 09:37 . 2012-07-19 09:37	--------	d-----w-	c:\users\Loken\AppData\Local\adawarebp
2012-07-19 09:34 . 2012-07-19 16:15	--------	d-----w-	c:\users\Loken\AppData\Roaming\Ad-Aware Antivirus
2012-07-17 20:24 . 2012-07-17 20:24	--------	d-----w-	c:\programdata\Rockstar Games
2012-07-12 00:56 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 17:16 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-06 10:19 . 2012-07-19 06:11	--------	d-----w-	c:\users\Loken\AppData\Local\Thunderbird
2012-07-06 10:19 . 2012-07-06 10:19	--------	d-----w-	c:\users\Loken\AppData\Roaming\Thunderbird
2012-07-06 10:18 . 2012-07-19 11:39	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2012-07-05 15:57 . 2012-07-05 15:57	--------	d-----w-	c:\program files (x86)\Oracle
2012-07-03 20:50 . 2012-02-11 09:37	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D6FDC9AF-B7F6-46E3-B2E4-087CA3DF3DC0}\gapaengine.dll
2012-07-03 10:12 . 2012-07-03 10:12	--------	d-----w-	c:\users\Loken\AppData\Local\Funcom
2012-07-03 10:12 . 2012-07-03 10:12	--------	d-----w-	c:\programdata\media center programs
2012-06-28 12:59 . 2012-07-19 09:23	--------	d-----w-	c:\users\Loken\AppData\Local\Spoon
2012-06-28 12:59 . 2012-06-28 12:59	--------	d-----w-	c:\users\Loken\AppData\Local\Xenocode
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 00:53 . 2010-08-14 16:56	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-12 18:09 . 2012-06-12 18:09	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 18:09 . 2011-05-21 14:46	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-11 18:59 . 2012-06-11 18:59	10248192	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35	70144	----a-w-	c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29	24826368	----a-w-	c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00	20467712	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-06-11 17:24	924160	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-10-12 20:13	1090560	----a-w-	c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19	532992	----a-w-	c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:16	6301696	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-10-12 19:54	6914560	----a-w-	c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51	4246528	----a-w-	c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45	5480448	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45	15703040	----a-w-	c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43	4729344	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40	13277696	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36	6605824	----a-w-	c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27	539136	----a-w-	c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26	368640	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26	367616	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2010-07-07 01:15	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-06-11 16:25	42496	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25	45056	----a-w-	c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:24	32768	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23	56320	----a-w-	c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23	56320	----a-w-	c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50	75264	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50	65024	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50	16457728	----a-w-	c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49	13008896	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-06-02 22:19 . 2012-06-24 11:55	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 11:55	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 11:55	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 11:55	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 11:55	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 11:55	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 11:55	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-24 11:55	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-24 11:55	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-10 14:35 . 2012-05-10 14:35	43520	----a-w-	c:\windows\system32\kdbsdk64.dll
2012-05-10 14:35 . 2012-05-10 14:35	29184	----a-w-	c:\windows\SysWow64\kdbsdk32.dll
2012-05-04 17:29 . 2012-05-31 18:09	772504	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-05-04 17:29 . 2010-08-15 13:34	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-13 23:59	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 23:59	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 23:59	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 19:52 . 2010-10-05 13:10	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-05-01 19:52 . 2010-10-05 13:05	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-05-01 19:52 . 2010-10-05 13:05	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-05-01 05:40 . 2012-06-13 23:59	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-13 23:59	1112064	----a-w-	c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-13 23:59	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9ab12757-bdaf-4f9a-8de8-413c3615590c}]
2010-11-05 01:58	297808	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Loken\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-04-07 9919104]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-10-19 1807360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-11-13 103536]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 136176]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-11 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-11 79360]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 202840]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 94808]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 94808]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 MySQL5;MySQL5;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.5\my.ini MySQL5 [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-03-04 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-11-13 11839488]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-12 834544]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs64.sys [2010-09-08 191960]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-05-11 20968]
S2 lxbk_device;lxbk_device;c:\windows\SysWOW64\lxbkcoms.exe [2008-02-19 565928]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 21:21]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 21:21]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1970983249-3038457689-1220004006-1000Core.job
- c:\users\Loken\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 13:15]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1970983249-3038457689-1220004006-1000UA.job
- c:\users\Loken\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 13:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-08 03:16	2210304	----a-w-	c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-08 03:16	2210304	----a-w-	c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-08 03:16	2210304	----a-w-	c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-08 03:16	2210304	----a-w-	c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-08 03:16	2210304	----a-w-	c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 17:02	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 17:02	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 17:02	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 17:02	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Loken\AppData\Roaming\Mozilla\Firefox\Profiles\b7hssp2t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5a7f0fd200000000000000ff0fd4309c
FF - user.js: extensions.BabylonToolbar_i.hardId - 5a7f0fd200000000000000ff0fd4309c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15448
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-RAGE LEAKED PATCH CRASHFIX 1.00 - d:\downloads\RAGE\Rage.LEAKED.GOLD.MASTER-iND\Rage\Uninstall.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL5"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1970983249-3038457689-1220004006-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:99,3c,9a,ca,ef,01,b4,2c,b9,ce,0d,dd,6d,1a,50,09,b5,c0,7e,ae,46,54,58,
   d4,c2,f8,8b,c0,e8,b5,83,fa,27,35,4f,c2,1f,f6,68,23,9d,40,8e,36,bf,39,4f,2e,\
"??"=hex:7d,15,45,7b,78,d6,2a,92,1c,6a,31,7b,ae,12,63,a4
.
[HKEY_USERS\S-1-5-21-1970983249-3038457689-1220004006-1000\Software\SecuROM\License information*]
"datasecu"=hex:53,df,6a,9b,f4,a9,11,0f,86,63,6e,08,e8,2c,71,78,b9,22,29,d3,a2,
   65,94,72,13,17,90,30,cb,14,b7,2d,d3,0b,d6,ba,db,f4,91,2e,3c,08,90,4c,1a,52,\
"rkeysecu"=hex:b2,d4,dd,60,2f,2e,9c,01,fa,09,9e,87,00,69,61,cb
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-26  15:29:25
ComboFix-quarantined-files.txt  2012-07-26 13:29
.
Vor Suchlauf: 18 Verzeichnis(se), 34.954.100.736 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 34.726.756.352 Bytes frei
.
- - End Of File - - C9BCBFC8FD064E7E0DA8EA48A0D3CA10
         
--- --- ---


lg chris


Alt 26.07.2012, 16:50   #6
markusg
/// Malware-holic
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[resethosts]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________
--> Trojaner der Webseitenaufruf verhindert?

Alt 26.07.2012, 21:25   #7
chris84
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



Hey,

Code:
ATTFilter
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 41620 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Loken
->Flash cache emptied: 5256 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Loken
->Temp folder emptied: 8528199 bytes
->Temporary Internet Files folder emptied: 38614370 bytes
->Java cache emptied: 11600558 bytes
->FireFox cache emptied: 74428319 bytes
->Google Chrome cache emptied: 209342643 bytes
->Apple Safari cache emptied: 20407296 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15891 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 347,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07262012_221804

Files\Folders moved on Reboot...
C:\Users\Loken\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM-2441655442\vmauthd.log moved successfully.
C:\Windows\temp\vmware-SYSTEM-2441655442\vmware-usbarb-SYSTEM-2148.log moved successfully.

PendingFileRenameOperations files...
File C:\Users\Loken\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\vmware-SYSTEM-2441655442\vmauthd.log not found!
File C:\Windows\temp\vmware-SYSTEM-2441655442\vmware-usbarb-SYSTEM-2148.log not found!

Registry entries deleted on Reboot...
         
Grüße chris

Alt 27.07.2012, 21:49   #8
markusg
/// Malware-holic
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



was ist mit dem webseiten aufruf, möglich?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.07.2012, 20:51   #9
chris84
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



hey, ja komme wieder drauf! Danke dir! kann man sagen an was es lag?

lg chris

Alt 30.07.2012, 17:53   #10
chris84
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



Hey,

es ging nur eine gewisse zeit lang. Seite scheint nur sporadisch erreichbar zu sein.

Alt 30.07.2012, 18:24   #11
markusg
/// Malware-holic
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



tritt das problem bei allen browsern auf?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.07.2012, 19:02   #12
chris84
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



jep tut es!

Alt 30.07.2012, 19:37   #13
markusg
/// Malware-holic
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



dann machen wir das teil neu.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.07.2012, 20:21   #14
chris84
 
Trojaner der Webseitenaufruf verhindert? - Standard

Trojaner der Webseitenaufruf verhindert?



Hm habs befürchtet naja trotzdem danke für diene mühen ich werde mir dann aber erst ne SSD zulegen und dann neu aufsetzen

Antwort

Themen zu Trojaner der Webseitenaufruf verhindert?
andere, anderen, antivirus, aufruf, aufrufe, aufrufen, eintrag, firewall, folge, folgendes, hallo zusammen, hosts, mögliche, möglichen, nicht mehr, nichts, seite, seiten, software, troja, trojaner, verhindert, versucht, webseite, win, zusammen



Ähnliche Themen: Trojaner der Webseitenaufruf verhindert?


  1. Trojaner verhindert download von Virenscanner und den Scan selber
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (33)
  2. BKA-Trojaner Version 2.12 verhindert Desktop-Zugriff
    Log-Analyse und Auswertung - 01.12.2013 (17)
  3. Gvu Trojaner verhindert mein Pc start
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (9)
  4. Bei Webseitenaufruf Trojanermeldung - Was tun?
    Alles rund um Windows - 11.11.2012 (2)
  5. Verschlüsselungs-Trojaner unter XP verhindert Normalstart
    Log-Analyse und Auswertung - 19.05.2012 (3)
  6. BKA Trojaner verhindert abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (1)
  7. Trojaner verhindert jegliche Benutzung meines Computers
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (4)
  8. Trojaner verhindert Internetverbindung mit FF und IE
    Plagegeister aller Art und deren Bekämpfung - 28.11.2010 (1)
  9. Unbekannter Trojaner verhindert vollständigen Systemstart
    Plagegeister aller Art und deren Bekämpfung - 23.10.2010 (1)
  10. Trojaner verhindert Internetnutzung (pingen funktioniert)
    Log-Analyse und Auswertung - 11.08.2010 (2)
  11. Virus (wahrscheinlich Trojaner) verhindert hochfahren!!!
    Plagegeister aller Art und deren Bekämpfung - 30.10.2009 (2)
  12. Trojaner verhindert Update von Virenprogrammen
    Plagegeister aller Art und deren Bekämpfung - 07.06.2009 (1)
  13. Trojaner verhindert PC-Benutzung
    Log-Analyse und Auswertung - 06.02.2009 (1)
  14. Trojaner verhindert sicherheitsrelevante Internetseiten und Scans
    Mülltonne - 23.10.2008 (0)
  15. Trojaner verhindert das öffnen der firewall
    Log-Analyse und Auswertung - 03.02.2008 (2)
  16. antivir verhindert trojaner nicht.
    Plagegeister aller Art und deren Bekämpfung - 08.06.2005 (5)
  17. Trojaner verhindert Windows 2000 Start
    Plagegeister aller Art und deren Bekämpfung - 03.02.2005 (3)

Zum Thema Trojaner der Webseitenaufruf verhindert? - Hallo zusammen, ich habe seit 2 Tagen folgendes Problem. Ich kann Facebook.com nicht mehr aufrufen alle möglichen anderen Seiten aber schon. mit meiner Antivirus software von Win 7 habe ich - Trojaner der Webseitenaufruf verhindert?...
Archiv
Du betrachtest: Trojaner der Webseitenaufruf verhindert? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.