Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Live Security Platinum entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.07.2012, 16:52   #1
Centrophobia
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Hallo Trojanerboard,
ich habe mir vor wenigen Stunden das fiese Malware-Programm "Live Security Platinum 3.6.1" als einen Drive-by-Download eingefangen. Es spammt mich unablässig zu ("Schick uns deine Kreditkartendaten oder 38 Viren werden deine Seele fressen!"), will sich ums Verrecken nicht schließen lassen und verhindert die Ausführung sämtlicher .exen, sogar den Taskmanager.

Antivir (die Free-Version) versagte kläglich bei dem Versuch, den Virus zu löschen, findet aber Viren (BDS/ZAccess.T und DR/Delphi.Gen) in "C:\Users\***\AppData\Local\Temp". Versuche, besagtes Files zu löschen blieben fruchtlos, da die Dateien in Windeseile erneut auftauchen.

Google erwies sich ebenfalls nicht als sonderlich hilfreich, ich kenne zwar nun die zu löschenden Dateien (dankhxxp://de.pcthreat.com/parasitebyid-23231de.html), kann diese aber (abgesehen von der Verknüpfung) nicht auffinden.

Ich habe meinen PC nun im abgesicherten Modus gestartet und Defogger sowie OTL ausgeführt.

OTL:
Code:
ATTFilter
OTL logfile created on: 20.07.2012 17:24:30 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Games\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,23 Gb Available Physical Memory | 80,85% Memory free
8,16 Gb Paging File | 7,53 Gb Available in Paging File | 92,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 11,43 Gb Free Space | 2,45% Space Free | Partition Type: NTFS
Drive E: | 982,53 Mb Total Space | 26,23 Mb Free Space | 2,67% Space Free | Partition Type: NTFS
 
Computer Name: JONAS | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.20 15:24:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Games\Desktop\OTL.exe
PRC - [2012.07.18 03:37:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.18 03:37:13 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.29 13:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Wireless Security Auditor\Elcomsoft Wireless Security Auditor\ewsaserv64.exe -- (EWSASERV)
SRV:64bit: - [2009.08.14 16:10:25 | 000,010,752 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\tcpsvcs.exe -- (simptcp)
SRV - [2012.07.18 03:37:13 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.19 12:28:14 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.26 08:24:35 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.08 17:07:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 17:07:22 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.02.21 06:26:30 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011.02.02 23:21:34 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2010.11.22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Stopped] -- C:\Programme\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.14 15:49:20 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 02:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.08.29 21:00:00 | 000,065,536 | ---- | M] (CodeGear) [Auto | Stopped] -- C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe -- (BlackfishSQL)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV:64bit: - [2012.05.08 17:07:23 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 17:07:23 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 18:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009.06.17 18:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.11 07:42:21 | 000,140,288 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST) RMCAST (Pgm)
DRV:64bit: - [2009.04.03 19:05:29 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008.10.28 02:01:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2008.10.28 02:01:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2008.08.05 12:53:06 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2008.08.05 12:53:06 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2008.02.14 08:56:14 | 000,160,768 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008.01.21 04:47:27 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2007.10.30 21:55:54 | 000,040,448 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hpnuhub.sys -- (HPNUHUB)
DRV:64bit: - [2007.03.27 05:14:12 | 000,016,384 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hpnuhst.sys -- (hpnuhst)
DRV - [2011.02.05 22:23:40 | 000,012,400 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.01.21 20:30:45 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 03:37:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.15 19:20:38 | 000,000,000 | ---D | M]
 
[2009.01.29 18:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011.02.07 21:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\wxtwv9qk.default\extensions
[2010.01.27 17:50:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\wxtwv9qk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.10 15:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.18 03:37:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.14 15:51:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90FAF4B0-332F-4002-8BC9-05CDD5D81DA4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96DC0879-E800-485F-B20E-ADEADD96E43E}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A866F7F8-F7F5-43B2-A0F5-DF351E39255B}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02830200-5e41-11dd-b583-001fd02e0bdc}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Recycled\ctfmon.exe
O33 - MountPoints2\{02830200-5e41-11dd-b583-001fd02e0bdc}\Shell\Open(&0)\command - "" = E:\Recycled\ctfmon.exe
O33 - MountPoints2\{1fe8a524-e7e7-11dd-a695-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1fe8a524-e7e7-11dd-a695-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{a67396f3-02a2-11de-aaab-001fd02e0bdc}\Shell\AutoRun\command - "" = E:\GMX\GMXMUL~1\MESSENGR.EXE
O33 - MountPoints2\{f94ee21a-d5b5-11dd-ad35-001fd02e0bdc}\Shell - "" = AutoRun
O33 - MountPoints2\{f94ee21a-d5b5-11dd-ad35-001fd02e0bdc}\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.20 03:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CCB2004B0945000864CB2F3B707C
[2012.07.18 16:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
[2012.07.18 16:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Civilization.V.GOTY.incl.Gods.and.Kings
[2012.07.15 17:47:59 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.07.15 17:47:53 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.07.15 17:47:53 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.07.15 17:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.07.14 02:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\GRAW2
[2012.07.11 21:29:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sumotori Full Version
[2012.07.11 21:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sumotori Full Version
[2012.07.11 03:01:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 03:01:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 03:01:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 03:01:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 03:01:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 03:01:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 03:01:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 03:01:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 03:01:03 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 03:01:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 03:01:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 03:01:02 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 03:01:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.10 20:56:30 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.10 15:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.10 15:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.07.09 02:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012.06.28 23:30:25 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.28 23:30:25 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.28 23:30:25 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.28 23:30:03 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.28 23:30:03 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012.06.28 23:30:03 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.28 23:30:03 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012.06.28 23:30:03 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.28 23:30:03 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012.06.28 23:29:48 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.28 23:29:48 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012.06.28 23:29:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.28 23:29:48 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Users\user\AppData\Local\*.tmp files -> C:\Users\user\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.20 17:24:07 | 001,715,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.20 17:24:07 | 000,733,712 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.20 17:24:07 | 000,683,372 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.20 17:24:07 | 000,165,550 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.20 17:24:07 | 000,135,212 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.20 17:19:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 17:17:57 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 17:17:57 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 17:17:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012.07.20 16:45:10 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable
[2012.07.18 16:28:24 | 000,001,129 | ---- | M] () -- C:\Users\user\Desktop\Civilization.V.GOTY.incl.Gods.and.Kings.lnk
[2012.07.15 17:47:23 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.07.15 17:47:23 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.07.15 17:47:23 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.07.15 17:47:23 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.07.15 17:47:23 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.07.11 21:29:35 | 000,000,602 | ---- | M] () -- C:\Users\user\Desktop\sumofull.lnk
[2012.07.11 05:07:21 | 000,261,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.09 23:04:54 | 000,385,024 | ---- | M] () -- C:\Windows\SysNative\Sumotori_Screen_Saver.scr
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Users\user\AppData\Local\*.tmp files -> C:\Users\user\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.20 16:45:10 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable
[2012.07.20 15:23:50 | 000,001,696 | ---- | C] () -- C:\Users\Games\AppData\Local\{b56a311a-400e-4253-39ce-cca9d344d101}\U\00000001.@
[2012.07.20 03:20:14 | 000,016,896 | ---- | C] () -- C:\Users\Games\AppData\Local\{b56a311a-400e-4253-39ce-cca9d344d101}\U\80000000.@
[2012.07.20 03:20:11 | 000,022,528 | ---- | C] () -- C:\Users\Games\AppData\Local\{b56a311a-400e-4253-39ce-cca9d344d101}\U\800000cb.@
[2012.07.18 16:28:23 | 000,001,129 | ---- | C] () -- C:\Users\user\Desktop\Civilization.V.GOTY.incl.Gods.and.Kings.lnk
[2012.07.11 22:06:56 | 000,385,024 | ---- | C] () -- C:\Windows\SysNative\Sumotori_Screen_Saver.scr
[2012.07.11 21:29:35 | 000,000,602 | ---- | C] () -- C:\Users\user\Desktop\sumofull.lnk
[2012.04.05 01:29:00 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.12 23:58:26 | 000,002,048 | -HS- | C] () -- C:\Users\Games\AppData\Local\{b56a311a-400e-4253-39ce-cca9d344d101}\@
[2011.12.21 14:22:44 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2011.10.10 00:29:30 | 001,602,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.21 11:13:51 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.21 11:13:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.03.14 00:33:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\scNKService_s.exe
[2011.03.14 00:32:54 | 000,294,912 | R--- | C] () -- C:\Windows\SysWow64\copydrvUsb.exe
[2011.03.14 00:08:19 | 000,179,331 | ---- | C] () -- C:\Windows\hpoins28.dat
[2011.02.26 13:28:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.02.13 18:34:33 | 000,285,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsio.sys
[2011.02.13 18:34:33 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsreged.sys
[2011.02.05 22:22:52 | 000,000,702 | ---- | C] () -- C:\Windows\eReg.dat
[2010.12.18 19:54:09 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.12.18 19:54:09 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.12.18 19:54:09 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.12.18 19:52:02 | 000,000,252 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.02.20 18:19:06 | 000,281,827 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.20 18:18:38 | 000,281,827 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.18 22:03:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.15 09:55:59 | 000,029,084 | ---- | C] () -- C:\Users\user\AppData\Roaming\OFMissionEditorConfig.xml
[2009.05.05 14:28:02 | 000,000,012 | ---- | C] () -- C:\Users\user\tmpifo.bat
[2009.04.03 17:58:18 | 000,099,840 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.03 10:48:43 | 000,000,058 | ---- | C] () -- C:\Users\user\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009.01.23 20:54:48 | 000,000,680 | RHS- | C] () -- C:\Users\user\ntuser.pol
[2009.01.21 20:20:08 | 000,000,732 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps64.dat
 
========== LOP Check ==========
 
[2012.03.14 19:10:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.Nitrous
[2011.02.02 23:12:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Autodesk
[2011.08.10 20:42:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\CodeGear
[2009.04.03 20:42:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools
[2009.04.03 20:46:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2009.04.03 20:42:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Pro
[2009.04.03 10:48:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DonationCoder
[2008.07.27 18:34:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FFSJ
[2010.05.05 12:57:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GrabPro
[2010.12.24 23:05:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2011.10.10 00:27:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2009.06.13 21:16:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2009.01.23 18:02:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2009.02.01 15:26:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2010.05.05 13:05:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Orbit
[2009.10.29 18:12:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Planetside Software
[2011.08.21 11:13:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PunkBuster
[2009.12.29 19:14:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Soldat
[2011.05.11 20:50:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Stardock
[2009.04.09 19:27:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Touchstone
[2011.02.26 13:27:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tunngle
[2009.01.26 15:52:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft
[2009.10.29 18:12:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uk.co.planetside
[2012.07.20 17:17:57 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extra:
Code:
ATTFilter
OTL Extras logfile created on: 20.07.2012 17:24:30 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Games\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,23 Gb Available Physical Memory | 80,85% Memory free
8,16 Gb Paging File | 7,53 Gb Available in Paging File | 92,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 11,43 Gb Free Space | 2,45% Space Free | Partition Type: NTFS
Drive E: | 982,53 Mb Total Space | 26,23 Mb Free Space | 2,67% Space Free | Partition Type: NTFS
 
Computer Name: JONAS | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = FE DD 12 DC 27 B2 CA 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056ED0D8-FD73-4317-B3C0-62A78C5E73D1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{07542F40-E519-4C21-B4BC-23A3A6CF1165}" = lport=445 | protocol=6 | dir=in | app=system | 
"{09699613-0D4A-4211-B1B5-B5A902F57C79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{208ADDE7-C100-4C18-A31E-CBA0BF32C327}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{31899051-73EB-4E92-A8BE-48B371AB9040}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3871B629-FB65-4C8D-834A-D09D1DD92708}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{41EB3058-3858-4690-B1C3-8BFC768B7B88}" = rport=139 | protocol=6 | dir=out | app=system | 
"{42DA595F-25F4-4EF9-A8C8-5B4F7E78BBD5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6612B158-5D76-4C62-B018-34EC54A33148}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8D614117-7446-4A49-B5D2-AB8DF3133F43}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{92B16D96-E9CF-4E46-B1D1-6ABA8093CF78}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{94CFCEB0-0F41-46C8-AE75-45D6F1756F13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{979FA7C0-0107-4909-83A6-5CE91C6E88CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9845955C-FF5A-4E9E-9EEF-52BA877795F9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9930845D-4B6E-4AE9-A0A6-B5160F10BFA3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9CC85969-6F41-4BBE-AB82-E737C03621F8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A07D1B1E-CA54-441D-B0B5-B48BA1CD103E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{AC94BD1E-2004-4D6E-9C5E-E2FBB6C7A4AB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B4E23B89-B2AE-4729-8F37-B06BE9344CB6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BD01227E-FD03-44CC-BF84-0D10BC3250A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BD5DC6BD-4CC7-47EA-BBC2-8D0145548E0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CEF632B5-CF40-4040-88EB-04144A28845E}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{D0E36180-617C-459C-A879-808C89AAB866}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D7C73290-D5C8-49B1-BAF7-909FB0B995F2}" = lport=28960 | protocol=17 | dir=in | name=cod | 
"{E09FBB1A-14A9-4CCB-9590-709B175A11DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E255D808-ACFB-48D6-91D3-2BE5E07B19F2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F84BB34A-B66E-43CF-9CB8-D77DF2F3FA3D}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03378204-FAE1-4EE9-BA2E-EBDDBB27334D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{03771787-2880-4FF7-B38A-C8C582D9CF25}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0B1D85B0-684D-4343-A5C2-0B9C049FBC0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ghost recon advanced warfighter 2\graw2.exe | 
"{12445A4B-7D2B-4DBB-A3FF-23250940E26D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{13DED2F9-EA29-4C24-AACD-5D7A1155C12D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{154490DA-07EF-4317-B99F-D21C7401682B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{162EAEE1-4952-48D4-A9DF-A1AD5A44927E}" = protocol=6 | dir=in | app=c:\programme (x86)\autodesk\backburner\monitor.exe | 
"{1A2B3898-330F-4A2A-92EB-60F94DB563C4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1B904CCA-0A3C-43FB-9FB0-488CF5ADC872}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | 
"{217F72DF-BE8F-484D-8B5F-82417CD76C04}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{23203F2A-8225-43C3-92C9-2B8988E945ED}" = protocol=6 | dir=in | app=c:\program files\spiele\starcraft ii\starcraft ii.exe | 
"{23EBF4D7-7066-4A96-9F85-CB280141ED67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{27B2B86A-CC99-4C40-99FE-D5646D8D0CBD}" = protocol=17 | dir=in | app=c:\program files\spiele\splinter cell conviction\src\system\conviction_game.exe | 
"{295DE906-24E2-4962-8C54-B05580C48AEB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{2961AE90-B76C-4BB4-9E76-CEF72934F17E}" = protocol=6 | dir=in | app=c:\program files\spiele\splinter cell conviction\src\system\gu.exe | 
"{2C826441-B29D-45D1-9DB5-D0389607952C}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{2D0D4B52-F30C-4118-BA08-D0BB46B3FC17}" = protocol=17 | dir=in | app=c:\program files (x86)\hp wireless printer adapter\connectmgr.exe | 
"{308B4291-94FA-458A-9995-D207DE97B80E}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{31B9D8D1-47E3-4904-BB11-91FB89C3F230}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{31F63E8B-4A15-454A-9726-971983CD1835}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{32725DB5-B1CB-4FC7-8F5D-D5F954F2FBE5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{328BE7F4-DF9D-433F-8FAA-4C0909907505}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | 
"{33442435-DD94-4E4E-9E64-7A3E19B0BBD0}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{33E25D94-23C7-4986-B943-52A4B65DCCE8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3DE56852-2F3C-4C54-ABAC-37B30F27043D}" = protocol=6 | dir=in | app=c:\programme (x86)\autodesk\backburner\manager.exe | 
"{3E7B2B7F-A614-4DDA-BAE4-1D3D0D936BEB}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{46100956-3C09-43E8-8D5F-5037AD25055E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{464A46D3-DE9F-40BA-A895-B739F1FF673D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{4740BD3B-D95F-4842-9458-88FBB1502CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ghost recon advanced warfighter 2\graw2.exe | 
"{49261A3C-DD2F-4B40-A80D-452DCB3CD42C}" = protocol=17 | dir=in | app=c:\program files\spiele\starcraft ii\starcraft ii.exe | 
"{49506876-9ED5-4CC7-A0A0-42440E7D3F01}" = protocol=6 | dir=in | app=c:\program files (x86)\spiele\bulletstorm\binaries\win32\shippingpc-stormgame.exe | 
"{49649CEE-F93C-415D-95AA-385F9B725D0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{496A1CAE-39AB-4A53-9668-EBB56F8D7D0C}" = protocol=6 | dir=in | app=c:\program files (x86)\hp wireless printer adapter\connectmgr.exe | 
"{4B99E07C-819D-4526-B427-6B9770B1B756}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4D11E792-B4B4-4EDC-A5C1-A03E16980AF1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\bin\sdklauncher.exe | 
"{4E03819D-CD6B-4EC5-A6A0-FF0FE4538B89}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{502D5FAB-A612-49E2-912E-E4EF325DF12F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{59F5DCE7-14A5-4991-B1E3-7FC921731118}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5E8DC4BD-0585-4BD1-BE81-074A660EA838}" = protocol=6 | dir=in | app=c:\program files\spiele\split second\splitsecond.exe | 
"{6088AD93-249C-4FF3-B9FE-6294063CD55C}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{615E10D0-8C7A-437D-A7F0-F99D6A8608AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{62B9F575-32C2-42CD-9F54-E3FE9A2033F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{6525565B-C702-45E2-9B15-FC159EF20C6C}" = protocol=6 | dir=in | app=c:\programme (x86)\autodesk\backburner\server.exe | 
"{67903703-DBCB-449B-9970-90D6E5F76132}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{67C5042C-3116-4A6B-A31F-A7857D94F80E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{68D9820B-D1B2-43A1-8660-71E57AAC7775}" = protocol=17 | dir=in | app=c:\program files\spiele\ assassin's creed brotherhood\acbmp.exe | 
"{6A7E7741-7110-4BA8-9285-CC949C5841EA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7597393A-D52F-45EB-A357-87C74BDCA92C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{7AB7AC62-47EB-40D2-A1F4-CD90697292C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7D7F114B-5B0F-4600-A79F-295164B385EA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7F0E6EFF-02B3-42AB-B46B-85A043040FFE}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{7F147A13-C763-44DC-A7F2-10DD6ADC6301}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{84D1F170-1565-41E4-9030-211A19A72179}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{863A5556-F760-4DFC-8DFE-53A4ED34FCAF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{88223877-BA93-4C77-B515-DF6C3AB9B26B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{8AE80CB9-AF45-4339-9BF4-F4E97690EC9B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8CFAB7E8-1240-49BC-AEB3-12BF0C42A869}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{8EC6572A-8897-42FA-8F85-514CFCDF78D0}" = protocol=17 | dir=in | app=c:\programme (x86)\autodesk\backburner\server.exe | 
"{909A1C2D-0483-410C-A86C-0F34A635BF55}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{91D43E3F-D676-4E4A-858E-08A00820AFA8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{92908C44-EEBE-4584-A795-EF7E4E39DF97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{9C95D3B5-DA85-45FE-BDB2-11E3992559D6}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | 
"{A1A5F232-A1C7-48E5-9797-F757462CF587}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A3D5AD20-3A2C-4855-A0C6-F3AA811CCE50}" = protocol=17 | dir=in | app=c:\program files (x86)\hp wireless printer adapter\selectprinter.exe | 
"{A5809CF2-EFEE-4331-ACA3-8DAB27CC6295}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A5A55574-DA13-47F0-8810-FFE86EF9C821}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A651776C-6CA3-4FBA-8F89-AD00AA12BE53}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{AB37BEED-921E-402D-A50D-4EDA01D9B10B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{AF3DCF63-3DEF-4C05-980B-683FADDCA1E3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B0D1491D-E355-4066-A2D1-23B6201AD0DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{B4D6A4AD-69F8-4D78-87A5-558EA461B50B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B77BDC47-4BE4-44F4-9D1A-B6A8CAD28476}" = protocol=17 | dir=in | app=c:\programme (x86)\autodesk\backburner\manager.exe | 
"{B91BB8A3-4C6E-44D7-88C4-AB6B4593FBC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\bin\sdklauncher.exe | 
"{BE507C20-4BF2-4684-BF51-E181ADA61167}" = protocol=6 | dir=in | app=c:\program files\spiele\ assassin's creed brotherhood\acbmp.exe | 
"{C08253E9-C687-4C7F-9A50-6F86BFF89D0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{C236DAF8-165D-4B20-A76D-5875E6C935FA}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe | 
"{C249951B-E2D9-4045-B14D-7B1AECFF44CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{C307F70B-B9D4-4E0D-9ECC-91FC0BF0E723}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C8DBF455-39AC-4B85-8C39-2AE6AC7BC663}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{CE28DEEB-DEB3-4F6C-BEB9-2D88C2D6D4BD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D13BD84A-0418-4721-ADB7-A8386A7D36CE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D5B5467E-A1F2-4946-BCED-0C4889B3EF8C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D6751EE9-1782-4A0A-86BD-D3FBC1D92A4F}" = protocol=6 | dir=in | app=c:\program files (x86)\hp wireless printer adapter\selectprinter.exe | 
"{D71231E6-FB17-4AAF-96E0-E1E718CD11EB}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | 
"{DA9F781B-4A96-40CE-B55D-442EFE4FA127}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{DB241B34-B961-4AA5-AC11-1CD62CD0A4D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{DE5AC50D-A31F-41B4-BE06-E925C87B1C47}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E147A20C-FBC4-40A5-8D67-931CD91CF72F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E39A37B1-014A-4D75-8E38-C3A6B53675EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{E4FF3BD9-1136-4DB0-AE75-754B5BA7BCBC}" = protocol=17 | dir=in | app=c:\program files (x86)\spiele\bulletstorm\binaries\win32\shippingpc-stormgame.exe | 
"{E952BCBD-355A-4C78-AE1E-D75233A431E8}" = protocol=17 | dir=in | app=c:\programme (x86)\autodesk\backburner\monitor.exe | 
"{EB889964-80BF-4F43-9160-ED9912A80BDE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{EB901692-B186-44A2-B43C-7F6127390824}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{EBD95F7A-DAC9-4E71-8FE3-5BC09A932C05}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{ED6D47A1-2C09-4000-A781-52D7F6FB9F84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F5AB1047-B107-4E8D-AA43-6E98FE2B2340}" = protocol=17 | dir=in | app=c:\program files\spiele\split second\splitsecond.exe | 
"{F75A50DD-47D6-494B-96A3-1F8D2C4FDFCA}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{F770643B-E18B-476F-9784-8012E8972E3F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{F9607EBA-394F-42F5-AF18-8F56771CCDFD}" = protocol=6 | dir=in | app=c:\program files\spiele\splinter cell conviction\src\system\conviction_game.exe | 
"{FBD42074-D3B9-4EC3-99E1-1922745C4EFA}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{FBE83A51-6874-498C-B5C8-16DDA8B39ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{FDF23B2C-078C-45C4-8A89-CD05C25D4A58}" = protocol=17 | dir=in | app=c:\program files\spiele\splinter cell conviction\src\system\gu.exe | 
"{FF3FB5F7-59B7-4E7D-A61C-BAEBDE98466F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{039F862C-DB73-418C-92A4-7B659EBB6CA3}C:\program files (x86)\touchstone\turok\binaries\turokgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\touchstone\turok\binaries\turokgame.exe | 
"TCP Query User{069FEBC3-9F57-4463-B4AD-8857BD3863B2}C:\program files\spiele\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files\spiele\the witcher 2\bin\witcher2.exe | 
"TCP Query User{0C09090A-93E3-44A3-B8C8-98A9B6C8E6EF}C:\program files (x86)\spiele\resident evil\re5dx10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spiele\resident evil\re5dx10.exe | 
"TCP Query User{0C49BBCD-0BAF-4AFE-8E20-2F055F587D45}C:\program files\spiele\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\program files\spiele\empire earth\empire earth.exe | 
"TCP Query User{1103926B-FDBA-47F8-99F5-D5B032F37E10}C:\program files\spiele\rainbow six vegas 2\rainbowsix vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=6 | dir=in | app=c:\program files\spiele\rainbow six vegas 2\rainbowsix vegas 2\binaries\rainbowsixvegas2_sads.exe | 
"TCP Query User{1A2702D4-EF38-4F9F-BF61-0951F2425390}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"TCP Query User{1D0E6B87-7479-439E-ABE9-6852B8E0383F}C:\program files\spiele\far cry 2\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\spiele\far cry 2\far cry 2\bin\farcry2.exe | 
"TCP Query User{1DB38DB7-AC47-4E30-AD01-B8247D838EC4}C:\program files\spiele\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\program files\spiele\dead island\deadislandgame.exe | 
"TCP Query User{217311EF-DFBC-456D-B871-A82D44B53EB8}C:\program files\spiele\assassins creed revelations\acrsp.exe" = protocol=6 | dir=in | app=c:\program files\spiele\assassins creed revelations\acrsp.exe | 
"TCP Query User{23789B20-4B2F-4C16-959B-03AF74001931}C:\program files\spiele\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\program files\spiele\dead island\deadislandgame.exe | 
"TCP Query User{24EE57B5-5B6E-425B-80A1-915CADB1F50F}C:\program files\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\spiele\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{2636DA96-6C4E-4643-874F-D228016B923E}C:\program files\spiele\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\spiele\left 4 dead 2\left4dead2.exe | 
"TCP Query User{282CF27D-8759-419E-B556-D7B5FCC9383A}C:\program files\spiele\warp\binaries\win32\warp.exe" = protocol=6 | dir=in | app=c:\program files\spiele\warp\binaries\win32\warp.exe | 
"TCP Query User{2F0565CB-BA4D-4672-B5B7-663C1D1F23FF}C:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe | 
"TCP Query User{3002D38E-029F-4A3D-8EAD-8D029A299154}C:\program files\spiele\dungeon siege\dungeonsiege.exe" = protocol=6 | dir=in | app=c:\program files\spiele\dungeon siege\dungeonsiege.exe | 
"TCP Query User{32847AF8-B22A-40B2-A3D7-FADE45511267}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{341531AD-48C7-4351-A2BC-37C65B342D41}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{34EC60A7-8026-4CB3-BFBF-DE5A1CFE9205}C:\users\games\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\users\games\appdata\roaming\icq\application\icq7.2\icq.exe | 
"TCP Query User{362923ED-F12C-4900-91B3-62C09C5E1550}C:\program files\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{36C899ED-179B-41C8-80E9-5BB0BA7DD600}C:\program files\spiele\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\program files\spiele\league of legends\lol.launcher.exe | 
"TCP Query User{37F21EE8-FAE0-4C2B-A5AF-63C62D6E274A}C:\program files\spiele\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\spiele\far cry 2\bin\farcry2.exe | 
"TCP Query User{38E9647A-636C-468D-BBB9-17200935ECBF}C:\program files\spiele\frontlines-fuel of war\binaries\ffow.exe" = protocol=6 | dir=in | app=c:\program files\spiele\frontlines-fuel of war\binaries\ffow.exe | 
"TCP Query User{393BA76F-1E01-42AF-A23C-FF86BB5CFCEC}C:\program files\spiele\touchstone\turok\binaries\turokgame.exe" = protocol=6 | dir=in | app=c:\program files\spiele\touchstone\turok\binaries\turokgame.exe | 
"TCP Query User{3C01EDF6-6B2D-4BEC-A03F-A2142B1737C0}C:\program files\spiele\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\program files\spiele\saints row the third\saintsrowthethird_dx11.exe | 
"TCP Query User{3E295ADB-0B73-4DBE-903E-865E99F4B9D2}C:\program files\spiele\teeworlds-b50-rfa2cd823-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\program files\spiele\teeworlds-b50-rfa2cd823-win32\teeworlds_srv.exe | 
"TCP Query User{3FA1430B-A439-4226-8A41-2FC813196E4D}C:\program files\spiele\grid\grid.exe" = protocol=6 | dir=in | app=c:\program files\spiele\grid\grid.exe | 
"TCP Query User{40FCC8ED-B290-4334-8125-103E77273B10}C:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | 
"TCP Query User{44E3F871-49BD-4690-B570-2EACA0225C12}C:\program files\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\spiele\dead space\dead space.exe | 
"TCP Query User{46A2F23F-B06F-4E44-B626-46E95695AF59}C:\program files\spiele\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\spiele\far cry 2\bin\farcry2.exe | 
"TCP Query User{4852570D-7292-497D-9231-D4AEB8FA3730}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{4CF0BD71-8323-4258-99FD-2D67B8D4B31D}E:\games\call of duty - world at war\codwaw lanfixed.exe" = protocol=6 | dir=in | app=e:\games\call of duty - world at war\codwaw lanfixed.exe | 
"TCP Query User{4CFE1721-2901-4EE5-A2F9-0344AB261583}C:\users\public\heroes of might and magic 5\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\users\public\heroes of might and magic 5\heroes of might and magic v - tribes of the east\bin\h5_game.exe | 
"TCP Query User{4D5E6045-7C73-48DA-883A-9106FE5446BF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{5454D2B3-E654-4901-93F5-99E2CD663DC0}C:\users\games\desktop\call of duty 1\codmp.exe" = protocol=6 | dir=in | app=c:\users\games\desktop\call of duty 1\codmp.exe | 
"TCP Query User{579C8155-3354-4A83-B840-0EC1BAEE9D34}C:\program files\spiele\tribes ascend\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files\spiele\tribes ascend\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
"TCP Query User{62F4002F-77D3-4960-9178-4588CE063EDF}C:\users\games\desktop\hl we\hl15we.exe" = protocol=6 | dir=in | app=c:\users\games\desktop\hl we\hl15we.exe | 
"TCP Query User{64432F0C-CA08-44F0-A508-964ABE208C61}C:\program files\spiele\dungeon siege\dsloa.exe" = protocol=6 | dir=in | app=c:\program files\spiele\dungeon siege\dsloa.exe | 
"TCP Query User{647CB235-7473-4CAA-9991-30BF2EE2CFB3}C:\program files\spiele\garry's mod\hl2.exe" = protocol=6 | dir=in | app=c:\program files\spiele\garry's mod\hl2.exe | 
"TCP Query User{6631A8E2-155A-4CD9-BDB7-1305D50E7675}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"TCP Query User{66D9DD20-C6D5-4FBB-9298-3AEE9DAF01A6}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe | 
"TCP Query User{680383A2-6EAB-40B8-9E41-970026553B51}C:\program files\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{6B90E26B-7BD9-414E-970E-FDAE44FEB416}C:\program files\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\spiele\tmnationsforever\tmforever.exe | 
"TCP Query User{6E2494A2-3193-4770-9539-230347F8E308}C:\program files (x86)\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{6F69FBF1-2B6A-4959-B81D-4BBC21ED0B2F}C:\users\public\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\users\public\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{7538F06C-95E7-4B6A-A7CF-34E10F479494}E:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 
"TCP Query User{767B164E-0D63-4FE0-8999-DDC178CF3F45}C:\program files\spiele\far cry 2\far cry 2\bin\fc2editor.exe" = protocol=6 | dir=in | app=c:\program files\spiele\far cry 2\far cry 2\bin\fc2editor.exe | 
"TCP Query User{7BDAEA97-1065-41C0-802F-8BE6B2595E00}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"TCP Query User{7CCA9C4E-ADF5-48CD-8179-DAB9A6F45BE3}C:\program files\spiele\cod4   2\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\spiele\cod4   2\iw3mp.exe | 
"TCP Query User{7DE43637-8C50-4B4F-81BC-006F79A52F34}C:\program files\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\spiele\gta iv\grand theft auto iv\gtaiv.exe | 
"TCP Query User{7E16A3B6-F25B-4EE9-98F8-05F294B5B743}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{7E4CECA1-2ECA-40D7-A410-658245BA61E8}C:\program files\spiele\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=c:\program files\spiele\saints row the third\saintsrowthethird.exe | 
"TCP Query User{7E7CC725-5F1D-4846-8CC0-9E353AE0AC69}C:\users\games\desktop\rune\system\rune.exe" = protocol=6 | dir=in | app=c:\users\games\desktop\rune\system\rune.exe | 
"TCP Query User{857F8266-9D87-4BBC-910E-50AE5A2388EE}C:\program files\spiele\rune\system\rune.exe" = protocol=6 | dir=in | app=c:\program files\spiele\rune\system\rune.exe | 
"TCP Query User{85F8C617-2E69-48B9-8064-586E90195987}C:\program files\spiele\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\spiele\battlefield 1942\bf1942.exe | 
"TCP Query User{8688BED0-157D-4469-B1FF-FDDBABAD91E7}C:\program files\spiele\warcraft 3\war3.exe" = protocol=6 | dir=in | app=c:\program files\spiele\warcraft 3\war3.exe | 
"TCP Query User{87232936-BD50-4AF8-8328-DA3560BDDF6D}C:\program files\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\spiele\gta iv\grand theft auto iv\gtaiv.exe | 
"TCP Query User{897B2650-FCAA-4B96-8A29-72F8916F45DA}C:\program files\spiele\rainbow six vegas 2\rainbowsix vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\program files\spiele\rainbow six vegas 2\rainbowsix vegas 2\binaries\r6vegas2_game.exe | 
"TCP Query User{8AA8C9A4-2170-46F1-90AE-8F9725B1FA85}C:\program files\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\spiele\tmnationsforever\tmforever.exe | 
"TCP Query User{8F23A553-A279-4E18-9F00-151941604EFE}C:\program files\spiele\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\program files\spiele\league of legends\lol.launcher.exe | 
"TCP Query User{9079C752-B55C-4A7B-A4E0-065F05E73863}C:\program files\spiele\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\spiele\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{96643E89-5BAB-4409-A12A-C46E3CFECFF9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{9A276ABB-FE72-46F2-BAD8-594552F0E58F}E:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\tmnationsforever\tmforever.exe | 
"TCP Query User{9DE67671-DC18-4765-BB8F-9072BF1D74CD}C:\program files\spiele\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\spiele\battlefield 2\bf2.exe | 
"TCP Query User{A08E18FC-32BF-4062-B0D4-34918F49A02E}C:\program files\spiele\split second\splitsecond.exe" = protocol=6 | dir=in | app=c:\program files\spiele\split second\splitsecond.exe | 
"TCP Query User{A19C5FD2-E2E1-413C-B5BD-A6100CB2F244}C:\program files\spiele\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\spiele\company of heroes\reliccoh.exe | 
"TCP Query User{AC3738F1-C1AB-42EA-8B68-BE7004FAC100}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{B356A218-8AC3-413A-8851-BF636BC77C65}C:\program files\spiele\spec ops the line\binaries\win32\specopstheline.exe" = protocol=6 | dir=in | app=c:\program files\spiele\spec ops the line\binaries\win32\specopstheline.exe | 
"TCP Query User{B3B53D0C-C1F0-4A9D-9BF8-2EFE17579933}C:\users\games\appdata\roaming\abibg\duyb.exe" = protocol=6 | dir=in | app=c:\users\games\appdata\roaming\abibg\duyb.exe | 
"TCP Query User{B5D18C2B-4642-445D-9859-E479B054D4CC}C:\users\games\desktop\hl we\hl15we.exe" = protocol=6 | dir=in | app=c:\users\games\desktop\hl we\hl15we.exe | 
"TCP Query User{B845D3E1-A274-47B2-A327-312B511CE51A}C:\program files\spiele\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\program files\spiele\soldat\soldat.exe | 
"TCP Query User{BE86014F-7645-452B-80E6-253A807ED600}C:\program files\spiele\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\spiele\left 4 dead 2\left4dead2.exe | 
"TCP Query User{C29C687F-8DCB-435E-A683-CA571CBC1C4B}C:\program files\spiele\far cry 2\far cry 2\bin\fc2editor.exe" = protocol=6 | dir=in | app=c:\program files\spiele\far cry 2\far cry 2\bin\fc2editor.exe | 
"TCP Query User{C2FE9801-E2A2-4052-A987-6C7F1AF6EE70}C:\program files\spiele\rune\system\rune.exe" = protocol=6 | dir=in | app=c:\program files\spiele\rune\system\rune.exe | 
"TCP Query User{C324B868-6E58-42B5-A559-4CC09BCB52AB}C:\users\games\appdata\roaming\icq\application\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\users\games\appdata\roaming\icq\application\icq7.0\icq.exe | 
"TCP Query User{C7796969-CDA9-47C2-A2A2-EB091B9593AB}C:\program files (x86)\spiele\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spiele\dead space 2\deadspace2.exe | 
"TCP Query User{CAFEE093-2677-492A-8988-85B71929936A}C:\program files (x86)\steam\steamapps\bloodyexitus\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\bloodyexitus\team fortress 2\hl2.exe | 
"TCP Query User{CFC1414B-84D3-4E96-922C-6E5068F39F16}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{D10E28BB-A9F3-4599-BC4F-AFDA1C046B97}C:\users\games\appdata\roaming\icq\application\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\users\games\appdata\roaming\icq\application\icq7.6\icq.exe | 
"TCP Query User{DC0FA651-BF01-4296-8927-C7C624A5F6CE}C:\users\public\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\public\left 4 dead 2\left4dead2.exe | 
"TCP Query User{DFE071D4-0F52-4942-AE00-5C866DA06F2E}C:\program files\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\spiele\dead space\dead space.exe | 
"TCP Query User{E0E4B384-AA77-4446-A98C-3BD4B3551EC8}C:\program files\spiele\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\program files\spiele\soldat\soldat.exe | 
"TCP Query User{E51EC89F-2D54-4CE1-A4DA-7B42F7737850}E:\programme\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=e:\programme\spiele\dead space\dead space.exe | 
"TCP Query User{E53354FE-988F-4948-B993-6CEF009AAB69}C:\users\games\appdata\roaming\icq\application\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\users\games\appdata\roaming\icq\application\icq7.0\icq.exe | 
"TCP Query User{E6625CA7-D737-44E6-89B0-DC0D3943992F}C:\program files\spiele\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\program files\spiele\saints row the third\saintsrowthethird_dx11.exe | 
"TCP Query User{EF3DC66C-B3CB-4234-AD3C-2A4331AF3C59}C:\program files\spiele\cod4\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\spiele\cod4\iw3mp.exe | 
"TCP Query User{F06B7D94-8407-4BF9-97DA-41A2369FE769}C:\program files (x86)\steam\steamapps\bloodyexitus\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\bloodyexitus\team fortress 2\hl2.exe | 
"TCP Query User{F2223497-60D2-49C3-BE6A-934C81381F85}C:\users\games\appdata\roaming\icq\application\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\users\games\appdata\roaming\icq\application\icq7.6\icq.exe | 
"TCP Query User{F317750C-1D84-452A-84E5-0510CFA02745}C:\program files\spiele\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files\spiele\portal 2\portal2.exe | 
"TCP Query User{FD782856-6535-4ED4-AFF3-0070F159C423}C:\program files\spiele\far cry 2\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\spiele\far cry 2\far cry 2\bin\farcry2.exe | 
"UDP Query User{0189B1CA-E828-4839-8C54-20EBADA07F4C}E:\programme\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=e:\programme\spiele\dead space\dead space.exe | 
"UDP Query User{01CE1AD6-6ED2-4E9A-8ADF-22D6AC33827B}C:\program files\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\spiele\tmnationsforever\tmforever.exe | 
"UDP Query User{0742AB86-6F3D-4BD3-991E-9F1FFD8F8675}C:\program files\spiele\far cry 2\far cry 2\bin\fc2editor.exe" = protocol=17 | dir=in | app=c:\program files\spiele\far cry 2\far cry 2\bin\fc2editor.exe | 
"UDP Query User{08726B26-16F0-42FF-904B-93B7D24519EE}C:\users\games\desktop\hl we\hl15we.exe" = protocol=17 | dir=in | app=c:\users\games\desktop\hl we\hl15we.exe | 
"UDP Query User{0B7211D9-5D02-4EF2-AD68-365E0DE6FD86}C:\program files (x86)\steam\steamapps\bloodyexitus\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\bloodyexitus\team fortress 2\hl2.exe | 
"UDP Query User{0BA0FEC3-852C-4205-9B61-8E6F6DE70C98}C:\program files\spiele\dungeon siege\dsloa.exe" = protocol=17 | dir=in | app=c:\program files\spiele\dungeon siege\dsloa.exe | 
"UDP Query User{0C510327-A62D-414C-9F43-7E1F5BD0846C}C:\program files\spiele\tribes ascend\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files\spiele\tribes ascend\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
"UDP Query User{0E835DD7-2504-4250-AC86-D2E98C9DBA61}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{101BD9E3-AEE4-4DCD-B2AA-9A1DBE1AB2A6}C:\program files\spiele\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\program files\spiele\soldat\soldat.exe | 
"UDP Query User{145ABCB5-251B-4B80-B42A-7307D86BE838}C:\program files\spiele\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\program files\spiele\league of legends\lol.launcher.exe | 
"UDP Query User{1AE1A6DB-A9E4-43C6-A32A-AF42D882694D}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{1BA3D75B-4823-4DFF-B9F0-F4484CFB4758}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{1C866123-5073-4C0A-9090-C7ACF3F0B5DA}C:\program files\spiele\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\spiele\left 4 dead 2\left4dead2.exe | 
"UDP Query User{1EB5AEFF-BA25-4079-A660-E5D3CBB88938}C:\program files\spiele\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\program files\spiele\saints row the third\saintsrowthethird_dx11.exe | 
"UDP Query User{20CABE61-C47A-4652-9E0D-CC2BC464A1E5}C:\program files\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\spiele\tmnationsforever\tmforever.exe | 
"UDP Query User{21AE8C62-A314-46C7-9ADE-DFFBC03C488F}C:\program files\spiele\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\spiele\far cry 2\bin\farcry2.exe | 
"UDP Query User{2480DBCB-1E87-4AD1-B27F-9FD078D46B11}C:\program files\spiele\far cry 2\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\spiele\far cry 2\far cry 2\bin\farcry2.exe | 
"UDP Query User{25B22F83-8301-48CE-A88D-7DBA7BB11CD2}C:\program files\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\spiele\gta iv\grand theft auto iv\gtaiv.exe | 
"UDP Query User{261E0E2F-7963-4659-816B-8BEE0267FC5D}C:\program files\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\spiele\gta iv\grand theft auto iv\gtaiv.exe | 
"UDP Query User{26F52F5D-60FF-4B3E-983A-A1D3D2DDF563}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"UDP Query User{281BF31B-43B4-485F-B346-ECD2A3AE17C0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{287DBF00-4E79-490A-9D5D-7749A4064231}C:\program files\spiele\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=c:\program files\spiele\saints row the third\saintsrowthethird.exe | 
"UDP Query User{2A6CDE95-0362-44E3-B8DF-92E324E4E3E6}C:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe | 
"UDP Query User{2A7D3105-3321-44E9-80AE-0E01E71A4CC8}C:\users\games\desktop\rune\system\rune.exe" = protocol=17 | dir=in | app=c:\users\games\desktop\rune\system\rune.exe | 
"UDP Query User{2E773C93-33EB-42E1-B20A-B12989A02900}C:\program files\spiele\rune\system\rune.exe" = protocol=17 | dir=in | app=c:\program files\spiele\rune\system\rune.exe | 
"UDP Query User{3B7A2B47-0123-42C9-A9BC-00D219C5E937}C:\program files\spiele\teeworlds-b50-rfa2cd823-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\program files\spiele\teeworlds-b50-rfa2cd823-win32\teeworlds_srv.exe | 
"UDP Query User{3EA3E544-9598-4913-AF3D-A40CFCDBC4EA}C:\users\public\heroes of might and magic 5\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\users\public\heroes of might and magic 5\heroes of might and magic v - tribes of the east\bin\h5_game.exe | 
"UDP Query User{438E3FED-8A2F-40D1-8704-C828EFEC0C8B}C:\program files\spiele\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\spiele\far cry 2\bin\farcry2.exe | 
"UDP Query User{4452AFC2-7795-46D8-9518-2808211ECB3A}C:\program files\spiele\warcraft 3\war3.exe" = protocol=17 | dir=in | app=c:\program files\spiele\warcraft 3\war3.exe | 
"UDP Query User{4772AB16-4C73-4A73-AEDA-88AEE72CD36B}C:\program files\spiele\touchstone\turok\binaries\turokgame.exe" = protocol=17 | dir=in | app=c:\program files\spiele\touchstone\turok\binaries\turokgame.exe | 
"UDP Query User{4802E9C5-05B5-4BE7-BD8E-B2B939DDCD8B}C:\users\games\appdata\roaming\icq\application\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\users\games\appdata\roaming\icq\application\icq7.0\icq.exe | 
"UDP Query User{49225831-7A0C-4EEA-AC85-A673096FB9B3}E:\games\call of duty - world at war\codwaw lanfixed.exe" = protocol=17 | dir=in | app=e:\games\call of duty - world at war\codwaw lanfixed.exe | 
"UDP Query User{4A698EDE-A5AB-4D4B-8382-D30797B24F0D}C:\program files\spiele\split second\splitsecond.exe" = protocol=17 | dir=in | app=c:\program files\spiele\split second\splitsecond.exe | 
"UDP Query User{5090791F-75E0-446B-9397-12FE590E5739}C:\program files\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{51559E6A-1A56-4F00-844E-AE2E9D131BB8}C:\program files\spiele\warp\binaries\win32\warp.exe" = protocol=17 | dir=in | app=c:\program files\spiele\warp\binaries\win32\warp.exe | 
"UDP Query User{528B9DB8-DD44-409A-BE24-9703F1D6A281}C:\program files\spiele\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\spiele\company of heroes\reliccoh.exe | 
"UDP Query User{5673C187-28C3-449A-B760-8600AD725E3D}C:\program files\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\spiele\dead space\dead space.exe | 
"UDP Query User{5BE604E9-2159-4B44-93FF-A9426B85BF6F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{5C55C23D-9698-4816-922D-8EC2E8D3AEDD}C:\program files\spiele\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\spiele\left 4 dead 2\left4dead2.exe | 
"UDP Query User{6C0DBEC1-5B1C-4E82-8C16-3D381686880B}C:\program files (x86)\spiele\resident evil\re5dx10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spiele\resident evil\re5dx10.exe | 
"UDP Query User{710D920A-3B31-4C9B-9D41-A95BB65C1936}C:\program files\spiele\far cry 2\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\spiele\far cry 2\far cry 2\bin\farcry2.exe | 
"UDP Query User{72664B7A-4169-404B-800E-067054014956}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{745AADEF-58F1-40AC-8103-F52F409EF87B}C:\program files\spiele\frontlines-fuel of war\binaries\ffow.exe" = protocol=17 | dir=in | app=c:\program files\spiele\frontlines-fuel of war\binaries\ffow.exe | 
"UDP Query User{76ED8460-7A5F-4105-A1F0-1E9BC7316E1F}C:\program files (x86)\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{7A2D82FF-0C3D-4029-9245-C51E061FFB5D}C:\program files\spiele\rune\system\rune.exe" = protocol=17 | dir=in | app=c:\program files\spiele\rune\system\rune.exe | 
"UDP Query User{7AAF178E-6DF3-4BF0-B638-2BEA646C86CA}C:\program files\spiele\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\program files\spiele\dead island\deadislandgame.exe | 
"UDP Query User{7B08D8C5-FAC8-419A-95CB-DE03D299D358}C:\program files\spiele\rainbow six vegas 2\rainbowsix vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=17 | dir=in | app=c:\program files\spiele\rainbow six vegas 2\rainbowsix vegas 2\binaries\rainbowsixvegas2_sads.exe | 
"UDP Query User{7F52A1C7-A4D0-44A0-84BD-B76A36905A31}C:\program files\spiele\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files\spiele\the witcher 2\bin\witcher2.exe | 
"UDP Query User{81EA0093-7F46-446F-A502-A681FD7075A1}C:\program files\spiele\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\spiele\battlefield 1942\bf1942.exe | 
"UDP Query User{82C90A0B-B996-4063-BBFA-5FF8980718C5}E:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\tmnationsforever\tmforever.exe | 
"UDP Query User{83BC254C-9328-4D4F-B238-4C6816F16DD2}C:\program files (x86)\spiele\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spiele\dead space 2\deadspace2.exe | 
"UDP Query User{88990635-0C89-4B6C-A420-5F714B48E457}C:\program files\spiele\rainbow six vegas 2\rainbowsix vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\program files\spiele\rainbow six vegas 2\rainbowsix vegas 2\binaries\r6vegas2_game.exe | 
"UDP Query User{8A65E3C3-088F-40FA-A539-4A6FCBBE1448}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{8B31AD55-A39B-458A-9BED-2A39455A804E}C:\users\games\appdata\roaming\icq\application\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\users\games\appdata\roaming\icq\application\icq7.6\icq.exe | 
"UDP Query User{8DFB892F-E49C-4593-A9FD-14D06B9828C6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{90FFE0E0-13EE-46F0-BF88-4D4216355AFF}C:\program files\spiele\grid\grid.exe" = protocol=17 | dir=in | app=c:\program files\spiele\grid\grid.exe | 
"UDP Query User{918E36B8-5F37-4CC1-B87A-296C126F91AD}C:\program files\spiele\dungeon siege\dungeonsiege.exe" = protocol=17 | dir=in | app=c:\program files\spiele\dungeon siege\dungeonsiege.exe | 
"UDP Query User{9214FD53-13BF-49DB-ABE3-839F89E9466D}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"UDP Query User{9A312AC3-1BE3-481F-887F-13E5543621D8}C:\program files\spiele\garry's mod\hl2.exe" = protocol=17 | dir=in | app=c:\program files\spiele\garry's mod\hl2.exe | 
"UDP Query User{9A9DA092-67B9-4F69-A5FB-6D2DADD55C96}C:\program files\spiele\cod4   2\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\spiele\cod4   2\iw3mp.exe | 
"UDP Query User{9F5E8C79-B90E-4EDE-AB67-3DD9D29511C4}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"UDP Query User{A06D9691-BE99-4A05-92DB-21584405FC88}C:\program files\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{A48DFE1F-064F-4F08-B085-33E13FE76590}E:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 
"UDP Query User{A884EA3C-2B8C-4269-A6BE-F9AACAD09391}C:\program files (x86)\steam\steamapps\bloodyexitus\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\bloodyexitus\team fortress 2\hl2.exe | 
"UDP Query User{ADAC9414-297D-422E-ABE2-FB1A6103C6E9}C:\users\games\appdata\roaming\abibg\duyb.exe" = protocol=17 | dir=in | app=c:\users\games\appdata\roaming\abibg\duyb.exe | 
"UDP Query User{B4BFE54C-67FC-4E96-95B4-311ADFAA4B7D}C:\program files (x86)\touchstone\turok\binaries\turokgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\touchstone\turok\binaries\turokgame.exe | 
"UDP Query User{B5F22969-A3B4-4621-ADB1-0EC4A041F017}C:\users\games\desktop\hl we\hl15we.exe" = protocol=17 | dir=in | app=c:\users\games\desktop\hl we\hl15we.exe | 
"UDP Query User{B97EA0DE-EC64-45BE-A9C3-5CCB57E5D0B7}C:\users\games\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\users\games\appdata\roaming\icq\application\icq7.2\icq.exe | 
"UDP Query User{BAEF0C00-4FB5-4B63-9029-F2D008A46360}C:\users\public\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\public\left 4 dead 2\left4dead2.exe | 
"UDP Query User{BF1BF9F8-A6D6-42BF-A1B1-CC000DA0ECA8}C:\program files\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\spiele\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{BF8C483C-CAC3-4799-8D40-707BA30E50AC}C:\users\public\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\users\public\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{C6F96529-06EF-43DD-9F03-008C871A10ED}C:\program files\spiele\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\program files\spiele\dead island\deadislandgame.exe | 
"UDP Query User{C71591E7-A9FF-486A-8F65-342D22CB000A}C:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | 
"UDP Query User{C98E1BB6-3CA4-47E6-9501-9EC381733E52}C:\program files\spiele\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\program files\spiele\empire earth\empire earth.exe | 
"UDP Query User{C9BC6881-CA0B-43A2-B22A-7824DB181C9B}C:\users\games\appdata\roaming\icq\application\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\users\games\appdata\roaming\icq\application\icq7.0\icq.exe | 
"UDP Query User{CDF5D7FC-E8BB-4798-A3C5-D2A312BB6CB8}C:\program files\spiele\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\program files\spiele\soldat\soldat.exe | 
"UDP Query User{D2E165CD-CA37-46C9-A6C8-99C0B90E97B8}C:\program files\spiele\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\program files\spiele\saints row the third\saintsrowthethird_dx11.exe | 
"UDP Query User{D3420E96-8EA0-4049-9271-FED822E1F9B5}C:\users\games\appdata\roaming\icq\application\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\users\games\appdata\roaming\icq\application\icq7.6\icq.exe | 
"UDP Query User{D5E2BCFC-BD06-49DF-8F33-32FAE7215580}C:\program files\spiele\far cry 2\far cry 2\bin\fc2editor.exe" = protocol=17 | dir=in | app=c:\program files\spiele\far cry 2\far cry 2\bin\fc2editor.exe | 
"UDP Query User{D8E0D7CC-72EF-494D-AB3A-7AF5AA243E8E}C:\program files\spiele\cod4\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\spiele\cod4\iw3mp.exe | 
"UDP Query User{E02B15CE-B0D5-4A10-BC00-3B617FEB72CB}C:\program files\spiele\spec ops the line\binaries\win32\specopstheline.exe" = protocol=17 | dir=in | app=c:\program files\spiele\spec ops the line\binaries\win32\specopstheline.exe | 
"UDP Query User{E7C957A8-33F9-4184-B521-6844DD311993}C:\program files\spiele\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files\spiele\portal 2\portal2.exe | 
"UDP Query User{E83F144B-4496-4593-BF7B-3D6D894ABCC1}C:\program files\spiele\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\program files\spiele\league of legends\lol.launcher.exe | 
"UDP Query User{E85C54A9-9D06-410D-B050-A7B26E0E34B0}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe | 
"UDP Query User{E9B63920-290A-4CAF-96EF-90DD28E6522C}C:\program files\spiele\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\spiele\battlefield 2\bf2.exe | 
"UDP Query User{ECB5D3F7-71EA-4879-9400-B472EC12C7B0}C:\program files\spiele\assassins creed revelations\acrsp.exe" = protocol=17 | dir=in | app=c:\program files\spiele\assassins creed revelations\acrsp.exe | 
"UDP Query User{F41F3AB0-0744-41A5-AC78-AB3E7B17ED42}C:\program files\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\spiele\dead space\dead space.exe | 
"UDP Query User{F87A4100-0425-48AB-81CD-DB669CBDA813}C:\program files\spiele\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\spiele\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{FB444D97-A838-4506-AC8B-D04283A0632C}C:\users\games\desktop\call of duty 1\codmp.exe" = protocol=17 | dir=in | app=c:\users\games\desktop\call of duty 1\codmp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BE91685-1632-47FC-B563-A8A542C6664C}" = Autodesk Network License Manager
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7E5BEF96-0293-442B-B344-62902D302522}" = RawPacketDriver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBF6B4E9-CD43-476A-895D-4D688D41CE63}" = Composite 2011 (64-bit)
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Unlocker" = Unlocker 1.9.1-x64
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1BC3AF44-D80E-4744-A8E1-9BC540424AC9}" = Turok
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{47957648-B46A-4211-85E1-01A15B6A1B45}" = Ace of Spades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{773421E8-AD7B-4DC8-AED1-9300D69E1659}" = Touchstone Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{882C685B-3735-452E-9B77-D562A6A6AFE3}" = inSSIDer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{991C5595-5151-4D70-B6CC-90633AC69076}" = HP Wireless Printer Adapter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A2B58B18-5D04-4006-9713-B6945880746E}" = CodeGear RAD Studio 2009
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD8D42DC-02C9-47D0-99A3-7BF92E809D9C}" = Terragen 2 Free Edition
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E966F0CC-76B3-11D3-945B-00C04FB1760A}" = BDE_ENT
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FD59BB38-9826-4EC0-B09E-A53FFFDC7523}" = CodeGear Delphi and C++Builder 2009 Database Pack
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Archimedes Geo3D_is1" = Archimedes Geo3D 1.2
"Assassins Creed: Revelations Rip_is1" = Assassins Creed Revelations
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlecraft 19422.1" = Battlecraft 1942
"Botanicula" = Botanicula
"Civilization.V.GOTY.incl.Gods.and.Kings_is1" = Civilization.V.GOTY.incl.Gods.and.Kings
"Clonk Planet" = Clonk Planet
"Cobalt" = Cobalt
"CodeGear Delphi and C++Builder 2009 Database Pack" = CodeGear Delphi and C++Builder 2009 Database Pack
"CodeGear RAD Studio 2009" = CodeGear RAD Studio 2009
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Derive 6" = Derive 6
"DesertCombat" = DesertCombat  0.7
"Deus Ex Human Revolution_is1" = Deus Ex Human Revolution
"Dungeon Siege Legends of Aranna 1.0" = Dungeon Siege Legends of Aranna
"Fallout New Vegas_is1" = Fallout New Vegas
"FunkyPlot_is1" = FunkyPlot V1.0.2
"GamersFirst LIVE!" = GamersFirst LIVE!
"Garena" = Garena 2010
"Garrys Mod Final [DiGiTALZONE] 2010 Edition" = Garrys Mod Final [DiGiTALZONE] 2010 Edition
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Gunner 3" = Gunner 3
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"JDownloader" = JDownloader
"JFK Reloaded" = JFK Reloaded 1.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.6 (Standard)
"LastFM_is1" = Last.fm 1.5.4.27091
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ObjectDock Free" = ObjectDock Free
"OpenAL" = OpenAL
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"Rave Reports 7.6.0 BE_is1" = Rave Reports 7.6.0 BE
"Saints Row The Third_is1" = Saints Row The Third
"Sniper Elite V2_is1" = Sniper Elite V2
"Sonic Generations_is1" = Sonic Generations
"Spec Ops The Line_is1" = Spec Ops The Line
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 13510" = Tom Clancy's Ghost Recon: Advanced Warfighter 2
"Steam App 200210" = Realm of the Mad God
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Steamless Half-Life 2 Episode One Stand-Alone" = Steamless Half-Life 2 Episode One Stand-Alone
"Steamless Half-Life 2 Stand-Alone" = Steamless Half-Life 2 Stand-Alone
"Sumotori Full Version" = Sumotori Full Version
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Darkness II_is1" = The Darkness II
"Trine 2_is1" = Trine 2
"Tunngle beta_is1" = Tunngle beta
"Turok 2" = Turok 2: Seeds of Evil
"VLC media player" = VLC media player 2.0.0
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Elcomsoft Wireless Security Auditor" = Elcomsoft Wireless Security Auditor
"f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.05.2011 13:50:40 | Computer Name = Jonas | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 20.05.2011 17:15:52 | Computer Name = Jonas | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.05.2011 04:26:31 | Computer Name = Jonas | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.05.2011 16:01:29 | Computer Name = Jonas | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.05.2011 05:59:13 | Computer Name = Jonas | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.05.2011 06:12:43 | Computer Name = Jonas | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BF1942.exe, Version 0.0.0.0, Zeitstempel 0x417564c4,
 fehlerhaftes Modul nvd3dum.dll, Version 8.17.11.9621, Zeitstempel 0x4b4c0aca, Ausnahmecode
 0xc0000005, Fehleroffset 0x00283cc5,  Prozess-ID 0x7a4, Anwendungsstartzeit 01cc1867f68fc5b2.
 
Error - 22.05.2011 07:18:48 | Computer Name = Jonas | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.05.2011 08:10:07 | Computer Name = Jonas | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Fallout3.exe, Version 1.7.0.3, Zeitstempel 0x4a40f18b,
 fehlerhaftes Modul Fallout3.exe, Version 1.7.0.3, Zeitstempel 0x4a40f18b, Ausnahmecode
 0xc0000005, Fehleroffset 0x00227180,  Prozess-ID 0x768, Anwendungsstartzeit 01cc18792340b0a4.
 
Error - 22.05.2011 09:17:28 | Computer Name = Jonas | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.05.2011 11:24:10 | Computer Name = Jonas | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 20.07.2012 11:12:33 | Computer Name = Jonas | Source = DCOM | ID = 10010
Description = 
 
Error - 20.07.2012 11:12:50 | Computer Name = Jonas | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 20.07.2012 11:20:06 | Computer Name = Jonas | Source = DCOM | ID = 10005
Description = 
 
Error - 20.07.2012 11:20:14 | Computer Name = Jonas | Source = DCOM | ID = 10005
Description = 
 
Error - 20.07.2012 11:20:16 | Computer Name = Jonas | Source = DCOM | ID = 10005
Description = 
 
Error - 20.07.2012 11:20:54 | Computer Name = Jonas | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.07.2012 11:20:54 | Computer Name = Jonas | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 20.07.2012 11:20:55 | Computer Name = Jonas | Source = DCOM | ID = 10005
Description = 
 
Error - 20.07.2012 11:21:02 | Computer Name = Jonas | Source = DCOM | ID = 10005
Description = 
 
Error - 20.07.2012 11:21:45 | Computer Name = Jonas | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
Würde mich über jede Hilfe freuen

Alt 23.07.2012, 10:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum entfernen - Standard

Live Security Platinum entfernen



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu Live Security Platinum entfernen
7-zip, avira, bho, bonjour, call of duty, entfernen, error, fiese, firefox, flash player, grand theft auto, helper, hilfreich, home, install.exe, intranet, jdownloader, karte, kreditkarte, league of legends, live security platinum, locker, logfile, malware, monitor.exe, mozilla, nvidia update, plug-in, realtek, registry, rundll, scan, searchscopes, security, software, stick, storm, svchost.exe, teamspeak, viren, virus, vista, world at war




Ähnliche Themen: Live Security Platinum entfernen


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. Live Security Platinum entfernen
    Log-Analyse und Auswertung - 04.10.2012 (31)
  3. Live Security Platinum komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (3)
  4. Live Security Platinum - vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (34)
  5. XP32: Live Security Platinum Infekt auf einem Account über ADMIN zu entfernen?
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (9)
  6. Live Security Platinum - Wie Entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (29)
  7. Entfernen von Live Security Platinum erfolgreich?
    Log-Analyse und Auswertung - 29.07.2012 (11)
  8. Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun?
    Log-Analyse und Auswertung - 27.07.2012 (9)
  9. Live Security Platinum entfernen
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)
  10. Live Security Platinum entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (1)
  11. Live Security Platinum wieder entfernen?
    Log-Analyse und Auswertung - 24.07.2012 (27)
  12. Entfernen von Live Security Platinum erfolgreich? (inkl. Logs)
    Log-Analyse und Auswertung - 22.07.2012 (4)
  13. Live Security Platinum entfernen - hier mein Malwarebytes scan
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  14. Live Security Platinum entfernen
    Mülltonne - 18.07.2012 (0)
  15. Live Security Platinum-Trojaner, Verschlüsselungs-Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  16. Live Security Platinum lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  17. Live Security Platinum entfernen
    Anleitungen, FAQs & Links - 01.06.2012 (2)

Zum Thema Live Security Platinum entfernen - Hallo Trojanerboard, ich habe mir vor wenigen Stunden das fiese Malware-Programm "Live Security Platinum 3.6.1" als einen Drive-by-Download eingefangen. Es spammt mich unablässig zu ("Schick uns deine Kreditkartendaten oder 38 - Live Security Platinum entfernen...
Archiv
Du betrachtest: Live Security Platinum entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.