Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.07.2012, 03:48   #1
Killy80
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



Hallo!

Ich hatte heute einen Ransom-Trojaner, der mich weder an den Taskmanager lies, noch in die Eingabeaufforderung.

Ich hab dann OTLPE herausgefunden, welche Datei dafür verantwortlich ist und diese gelöscht. Nun komme ich wieder in den abgesicherten Modus.

Leider sind immernoch Task Manager und alle Dateien auf dem Desktop unzugänglich.

Ich kann das System aus Zeitgründen momentan nicht neu aufsetzen, das muss noch mind. einen Monat halten und ich würde gerne sicher gehen, dass erstmal alles weg ist

MalwareBytes Vollscan läuft gerade, Log kommt dann.



EDIT: Win7 64 Bit

OTL.txt
Code:
ATTFilter
OTL logfile created on: 31.07.2012 09:23:53 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Benni\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 81,43% Memory free
15,97 Gb Paging File | 14,67 Gb Available in Paging File | 91,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 54,77 Gb Free Space | 28,06% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 338,16 Gb Free Space | 45,93% Space Free | Partition Type: NTFS
Drive H: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: BENNI-ITX | User Name: Benni | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.31 09:20:48 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTS.exe
PRC - [2012.07.31 09:16:29 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
PRC - [2012.07.13 01:56:44 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.13 01:56:37 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.10.22 11:16:18 | 000,070,424 | ---- | M] () -- C:\Programme\TortoiseSVN\bin\libsasl32.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.30 21:10:01 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.07.13 01:56:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.07.03 05:09:22 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.19 14:36:32 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.26 19:16:36 | 000,385,376 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012.04.26 19:15:56 | 000,401,760 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012.04.24 20:28:29 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.02.24 23:46:53 | 000,374,272 | ---- | M] (C Tech Development Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\C Tech\CTech.License.Service.exe -- (CTech.License.Service.exe)
SRV - [2012.01.24 11:25:20 | 000,078,336 | ---- | M] (Dassault Systèmes) [On_Demand | Stopped] -- C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.23 15:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Stopped] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011.11.10 22:52:01 | 000,145,408 | ---- | M] (Red Gate Software Ltd.) [On_Demand | Stopped] -- C:\Programme\Red Gate\ANTS Performance Profiler 6\RedGate.Profiler.IISService.exe -- (ANTS Performance Profiler 6 Service)
SRV - [2011.11.10 22:51:58 | 000,174,008 | ---- | M] (Red Gate Software Ltd.) [On_Demand | Stopped] -- C:\Programme\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe -- (ANTS Memory Profiler 7 Service)
SRV - [2011.09.15 00:19:54 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64)
SRV - [2011.09.15 00:19:54 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe -- (mi-raysat_3dsmax2013_32)
SRV - [2011.08.22 18:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.08.22 18:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.08.22 17:34:52 | 011,837,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2011.08.22 16:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.08.22 00:11:28 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.08.07 14:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.06 00:59:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe -- (ArcGIS License Manager)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.12.02 21:59:44 | 000,530,488 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.08.22 18:07:58 | 000,062,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.08.22 18:06:14 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.08.22 16:12:26 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.08.22 16:12:26 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.08.22 00:11:26 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.08.08 15:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.07.04 20:35:59 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.13 13:58:00 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.12.21 17:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2009.12.21 17:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.20 04:27:34 | 000,027,136 | ---- | M] (Realtek                                            ) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.04.28 12:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64)
DRV:64bit: - [2007.12.03 04:20:54 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2007.04.27 07:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2007.04.27 07:40:00 | 000,056,872 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV - [2012.07.31 00:37:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.04.26 19:16:30 | 000,075,104 | ---- | M] (BlueStack Systems) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2011.11.23 15:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2011.07.05 23:49:20 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011.07.01 01:23:33 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010.09.22 16:31:34 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002.07.17 03:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 4F ED 94 75 37 CC 01  [binary data]
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes,DefaultScope = {4221ADAC-8331-47d8-8385-2CB3BB10B17A}
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{4221ADAC-8331-47d8-8385-2CB3BB10B17A}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{A873D727-BDD3-487c-A6C2-920998CF6839}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{BF34AD08-E060-485f-B582-CE2462B0F46C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.http: "77.220.20.196"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.13 01:56:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.23 03:21:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.10.01 21:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions
[2011.10.01 21:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012.07.30 18:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\tdiz7m1v.default\extensions
[2012.01.24 19:49:16 | 000,000,000 | ---D | M] (HNG downloader/starter (live)) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\tdiz7m1v.default\extensions\npretoxlive@live.heroesandgenerals.com
[2012.05.21 23:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.30 18:56:54 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\BENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDIZ7M1V.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.07.13 01:56:45 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.08 23:17:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.08 23:17:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.08 23:17:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.08 23:17:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.08 23:17:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.08 23:17:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.04 05:17:53 | 000,002,077 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1  
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1 
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 15 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Programme\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [Steam] D:\Spiele\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Benni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird - Verknüpfung.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://www.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{907F05D5-4F56-4E56-B226-B36102B34431}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F72A69-FFB5-455F-BDE6-D17CADF887C8}: DhcpNameServer = 130.149.7.7 193.174.75.142
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 14:20:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.07.31 09:20:46 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTS.exe
[2012.07.31 09:16:27 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2012.07.31 09:13:39 | 000,000,000 | ---D | C] -- C:\logs
[2012.07.30 21:19:02 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Roaming
[2012.07.30 21:12:36 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Inventor Server x64 3dsMaxDesign
[2012.07.30 21:12:11 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Inventor Server x64 Direct Connect
[2012.07.30 21:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.07.30 21:04:16 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\3dsMaxDesign
[2012.07.30 21:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2012.07.30 21:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012.07.25 15:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2012.07.25 04:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.07.25 04:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.07.25 04:33:08 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Malwarebytes
[2012.07.25 04:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.25 04:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.25 04:32:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.25 04:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.24 01:25:03 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\inkscape
[2012.07.24 01:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[2012.07.16 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\LucasArts
[2012.07.15 21:53:53 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\SimCity 4
[2012.07.12 07:05:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 07:05:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 07:05:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 07:05:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 07:05:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 07:05:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 07:05:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 07:05:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 07:05:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 07:05:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 07:05:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 07:05:02 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 07:05:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 16:28:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 16:28:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 16:28:41 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 16:28:40 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.11 16:28:40 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.09 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\FLiNGTrainer
[2012.07.09 02:38:56 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\My Cheat Tables
[2012.07.09 02:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2012.07.09 02:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2012.07.08 20:53:12 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Endless Space
[2012.07.08 18:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iceberg Interactive
[2012.07.07 02:49:56 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\client_update1
[2012.07.06 02:42:29 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\DT-Template-R8
[2012.07.02 16:52:05 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\DA_SA-Tex-Vorlage-2010-05-12
[2012.07.02 16:28:35 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\diplomarbeit-vorlage-latex
[2012.07.02 02:02:23 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\xm1
[2012.07.02 00:58:03 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\WinShell
[2012.07.02 00:58:02 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\WinShell
[2012.07.02 00:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinShell
[2012.07.02 00:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinShell
[2012.07.02 00:57:40 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.07.02 00:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.07.02 00:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texmaker
[2012.07.02 00:48:43 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\LyX2.0
[2012.07.02 00:44:23 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\MiKTeX
[2012.07.02 00:43:58 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\MiKTeX
[2012.07.02 00:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[2012.07.02 00:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX
[2012.07.02 00:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiKTeX 2.9
[2012.07.01 23:42:37 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\backups
[2012.07.01 23:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyX20
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.31 09:20:48 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTS.exe
[2012.07.31 09:16:29 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2012.07.31 09:08:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 09:08:08 | 2134,396,927 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 00:37:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012.07.30 21:18:57 | 000,212,335 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\EHeO58kGu.exe
[2012.07.30 21:09:46 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2013 64-bit.lnk
[2012.07.30 15:42:41 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 15:42:41 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 02:00:02 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Quark Updater.job
[2012.07.28 01:05:22 | 000,003,048 | ---- | M] () -- C:\Users\Benni\.recently-used.xbel
[2012.07.27 21:06:08 | 000,002,832 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.07.27 05:19:36 | 000,007,606 | ---- | M] () -- C:\Users\Benni\AppData\Local\Resmon.ResmonCfg
[2012.07.27 00:43:14 | 000,847,210 | ---- | M] () -- C:\Users\Benni\Desktop\ma002.pdf
[2012.07.27 00:31:20 | 000,118,763 | ---- | M] () -- C:\Users\Benni\Desktop\surface-curvature.pdf
[2012.07.26 23:54:14 | 000,108,078 | ---- | M] () -- C:\Users\Benni\Desktop\curvature.pdf
[2012.07.25 15:26:42 | 000,001,602 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2012.07.23 14:54:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.23 14:54:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.21 23:46:04 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.21 23:46:04 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.18 04:28:51 | 001,627,538 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.18 04:28:51 | 000,701,470 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.18 04:28:51 | 000,656,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.18 04:28:51 | 000,150,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.18 04:28:51 | 000,123,146 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.12 22:48:01 | 000,000,382 | ---- | M] () -- C:\Users\Benni\Documents\ChatLog Meet Now 2012_07_12 22_48.rtf
[2012.07.12 16:00:54 | 005,051,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.08 15:56:48 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.07.06 02:42:16 | 000,105,897 | ---- | M] () -- C:\Users\Benni\Desktop\DT-Template-R8.zip
[2012.07.04 23:44:18 | 000,002,199 | ---- | M] () -- C:\Users\Benni\.kdiff3rc
[2012.07.04 16:41:23 | 003,207,754 | ---- | M] () -- C:\Users\Benni\Desktop\Diplomarbeit.pdf
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 05:09:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.07.03 05:04:52 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.07.02 16:51:59 | 004,162,409 | ---- | M] () -- C:\Users\Benni\Desktop\DA_SA-Tex-Vorlage-2010-05-12.zip
[2012.07.02 16:42:46 | 000,001,543 | ---- | M] () -- C:\Users\Benni\Desktop\diploma.tex
[2012.07.02 02:02:00 | 003,042,622 | ---- | M] () -- C:\Users\Benni\Desktop\tanerdiplom.pdf
[2012.07.01 23:25:35 | 000,020,651 | ---- | M] () -- C:\Users\Benni\Desktop\diplomarbeit-vorlage-latex.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.30 21:19:01 | 000,212,335 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\EHeO58kGu.exe
[2012.07.30 21:09:46 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2013 64-bit.lnk
[2012.07.28 01:05:22 | 000,003,048 | ---- | C] () -- C:\Users\Benni\.recently-used.xbel
[2012.07.27 00:43:14 | 000,847,210 | ---- | C] () -- C:\Users\Benni\Desktop\ma002.pdf
[2012.07.27 00:31:20 | 000,118,763 | ---- | C] () -- C:\Users\Benni\Desktop\surface-curvature.pdf
[2012.07.26 23:54:14 | 000,108,078 | ---- | C] () -- C:\Users\Benni\Desktop\curvature.pdf
[2012.07.25 15:26:42 | 000,001,602 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2012.07.24 01:24:36 | 000,001,055 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2012.07.12 22:48:01 | 000,000,382 | ---- | C] () -- C:\Users\Benni\Documents\ChatLog Meet Now 2012_07_12 22_48.rtf
[2012.07.06 02:42:15 | 000,105,897 | ---- | C] () -- C:\Users\Benni\Desktop\DT-Template-R8.zip
[2012.07.04 16:41:16 | 003,207,754 | ---- | C] () -- C:\Users\Benni\Desktop\Diplomarbeit.pdf
[2012.07.03 05:05:50 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.07.02 16:51:56 | 004,162,409 | ---- | C] () -- C:\Users\Benni\Desktop\DA_SA-Tex-Vorlage-2010-05-12.zip
[2012.07.02 16:43:07 | 000,001,543 | ---- | C] () -- C:\Users\Benni\Desktop\diploma.tex
[2012.07.02 02:02:00 | 003,042,622 | ---- | C] () -- C:\Users\Benni\Desktop\tanerdiplom.pdf
[2012.07.01 23:25:35 | 000,020,651 | ---- | C] () -- C:\Users\Benni\Desktop\diplomarbeit-vorlage-latex.zip
[2012.07.01 23:24:34 | 000,001,985 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LyX 2.0.lnk
[2012.05.20 17:24:04 | 003,145,746 | ---- | C] () -- C:\Users\Benni\Depth.tga
[2012.05.14 03:40:06 | 002,275,328 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2012.05.14 03:40:06 | 001,719,808 | ---- | C] () -- C:\Windows\SysWow64\sfml-graphics-d-2.dll
[2012.05.14 03:40:06 | 001,111,040 | ---- | C] () -- C:\Windows\SysWow64\sfml-graphics-2.dll
[2012.05.14 03:40:06 | 000,294,400 | ---- | C] () -- C:\Windows\SysWow64\sfml-network-d-2.dll
[2012.05.14 03:40:06 | 000,186,368 | ---- | C] () -- C:\Windows\SysWow64\sfml-audio-d-2.dll
[2012.05.14 03:40:06 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\sfml-window-d-2.dll
[2012.05.14 03:40:06 | 000,126,464 | ---- | C] () -- C:\Windows\SysWow64\sfml-system-d-2.dll
[2012.05.14 03:40:06 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\sfml-network-2.dll
[2012.05.14 03:40:06 | 000,050,176 | ---- | C] () -- C:\Windows\SysWow64\sfml-window-2.dll
[2012.05.14 03:40:06 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\sfml-audio-2.dll
[2012.05.14 03:40:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\sfml-system-2.dll
[2012.03.29 19:25:09 | 000,000,748 | ---- | C] () -- C:\Users\Benni\.OpenFlipperOpenFlipper.ini
[2012.03.20 20:56:06 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll
[2012.03.18 00:56:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.19 08:12:28 | 000,000,352 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\Network Meter_Settings.ini
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.17 16:50:21 | 000,000,288 | ---- | C] () -- C:\Users\Benni\SciTE.session
[2011.12.17 16:49:57 | 000,015,239 | ---- | C] () -- C:\Users\Benni\abbrev.properties
[2011.12.08 03:02:58 | 000,000,045 | ---- | C] () -- C:\Users\Benni\.gitconfig
[2011.10.17 05:45:29 | 000,034,225 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\gd.db
[2011.10.17 05:45:29 | 000,000,283 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\groovedown.settings
[2011.09.30 00:36:09 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.30 00:36:04 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.16 17:16:05 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.07.29 02:17:51 | 000,060,304 | ---- | C] () -- C:\Users\Benni\g2mdlhlpx.exe
[2011.07.27 00:09:00 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\glew32.dll
[2011.07.22 18:08:40 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.07.14 18:20:05 | 000,011,386 | ---- | C] () -- C:\Users\Benni\gsview32.ini
[2011.07.05 22:36:55 | 000,007,606 | ---- | C] () -- C:\Users\Benni\AppData\Local\Resmon.ResmonCfg
[2011.07.05 02:22:02 | 000,002,199 | ---- | C] () -- C:\Users\Benni\.kdiff3rc
[2011.07.05 01:08:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.04 22:45:50 | 000,000,698 | ---- | C] () -- C:\Users\Benni\Mercurial-kiln.ini
[2011.07.04 22:45:50 | 000,000,170 | ---- | C] () -- C:\Users\Benni\mercurial.ini
[2011.07.04 21:02:15 | 000,002,832 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.07.02 04:01:33 | 000,000,412 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\All CPU Meter_Settings.ini
[2011.07.01 22:25:10 | 001,649,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.01 00:48:26 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.07.01 00:28:56 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.07.01 00:24:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.12.06 15:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 152 bytes -> C:\Program Files (x86)\Common Files\C Tech:{42005500-5100-7200-6F00-650056007100}
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A1EDB939

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 31.07.2012 09:23:53 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Benni\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 81,43% Memory free
15,97 Gb Paging File | 14,67 Gb Available in Paging File | 91,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 54,77 Gb Free Space | 28,06% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 338,16 Gb Free Space | 45,93% Space Free | Partition Type: NTFS
Drive H: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: BENNI-ITX | User Name: Benni | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050F2163-160F-4AF3-B20B-4EC9BF3025C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{08FDD9D8-6DAA-467C-A89D-FAD3966A13AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0DD162E5-BC6F-4CFF-BFF0-FFCAD7281239}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{11082B37-2DC2-404A-99CD-814F9A5176EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{14CFD933-EBC5-453F-978A-0AC3C838EC68}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1C1CF7FD-D683-466C-9C13-3DA8C8881878}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{2813FB1D-1738-43CC-AEAD-F39A1BCDE6F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{377B910A-142A-4E59-968C-CB74990BED2F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3A99CD10-5027-428C-AF88-BEE797FFC715}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{49F203E7-F0A4-4322-A235-37503B165044}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5A941CFA-471D-47E4-8315-4C5D13A94559}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{68AAE5B1-DD6D-42AB-86FC-CC6550A7F145}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6DD2E083-DC89-450A-B9DD-A2C605CF1F0F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{79BDBA5C-567D-49B0-900D-8D60660A51F0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{91C9847E-0E3E-4111-8BBE-9FC02881E631}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9825E634-C037-41B0-A157-E4EEAB1C33F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA043228-67D7-46AA-8FA7-0C5FC5B2E598}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AA10421E-CD33-4E59-AE02-558C2604902F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B549C849-6C34-4072-9A47-CEBAECC0FEF0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BC40388C-2F97-4524-9109-4B42FCCA347D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C41CCED4-1FC2-43A8-AFBD-C0C720A3182F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C45F9C9F-3E41-4FCB-9125-B4CAB63F7589}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D03C7233-B35D-4AD9-9D4F-50382A190B1B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D867927B-0C79-4DC1-93E0-6E2401F6B22A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DB3D5021-7A2D-454C-859F-A498BA8A044F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011ED30E-C81D-4994-849C-97F5DAFD6A82}" = protocol=17 | dir=in | app=d:\spiele\diablo iii\diablo iii.exe | 
"{01BD2F5F-960D-4B97-A04A-65D5D57A272B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{01EFB755-AD6F-406F-BF86-3818B8EFE900}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{01FE1864-A5A3-4186-9A1C-B86CEEB54E3D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{095E2A8D-7793-4C9D-82B2-2F78450DD1F1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{09EA180D-4F4B-4ACB-8E4E-B3BBB68E08B5}" = protocol=17 | dir=in | app=c:\users\benni\desktop\diablo-iii-8370-dede-installer-downloader.exe | 
"{0AB18D2A-81FA-48E9-A07E-19D2E63F13BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0BBA2446-A96E-4282-B4AC-E035A3154917}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0C015C96-5E0E-497D-B363-94C90A030034}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F3FF05B-FC91-4F0F-BF3F-78F0561F13D0}" = protocol=6 | dir=out | app=system | 
"{0F6BBF88-AC67-42C2-882F-7E60652BAAE0}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\solar 2\solar2.exe | 
"{0FD0AB6D-0D36-4BD8-B353-016942B550BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{11762703-CB84-4D57-9D0E-D4E179A007E6}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\just cause 2\justcause2.exe | 
"{12334734-B639-4160-9C7B-7D3E92F70D8D}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{134BBAD1-EDFC-4AFE-98CD-BBA51BAB3A1A}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{141F76A4-69AA-4ABE-8029-849B19C85D02}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"{16161535-F422-401E-A748-9275CCE86E1F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\hard reset demo\hardreset.exe | 
"{18F13C76-E89B-45A5-B74D-B4C840D30937}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{1996FCB8-F96E-444B-A481-1DC88CC579F1}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{1A9D1CD4-8A68-4DC7-BA0D-B2D2767A083A}" = protocol=17 | dir=in | app=c:\users\benni\desktop\gw2\gw2.exe | 
"{1B1BC7D8-864C-4F46-B342-B923DF21D0CE}" = protocol=17 | dir=in | app=d:\development\ctech\mvs\bin\system\evs_mvs.exe | 
"{1B2CB72F-3EB1-4FBE-A99A-46F7AD55CF37}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\3dsmax.exe | 
"{1E7AEAF0-D89F-46EF-91D7-EF8CE397E5A5}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{1EF95541-92F4-4F95-B2E2-DD12AA7D8989}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\x-com terror from the deep\runme.exe | 
"{2015F09B-71C7-4544-9DF2-8580BB19D4D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{203C164C-5AFF-421E-B65F-4873F669FA0E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{20B0666D-5BD0-476D-8B5C-D905876B3C2E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{20D5D4C6-8087-46AF-BCBA-38F1F71D7338}" = protocol=17 | dir=in | app=d:\spiele\might & magic heroes vi\might & magic heroes vi.exe | 
"{2185AA12-3A0E-4437-A0FF-F821E6A3331A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{22866BFA-4821-48BD-B35B-D1463CEA6530}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{23A6DC78-9484-4E17-B986-31A3B130CF4A}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{23C74DD9-CDE6-4FE2-9C4B-021482E0DEF5}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\hard reset demo\hardreset.exe | 
"{24D0775B-B661-42EE-BCDE-E3386253C778}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\rock of ages\binaries\win32\roa.exe | 
"{24D75595-4698-4178-883B-60B38D9358FC}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\xcom apocalypse\dosbox.exe | 
"{250857E2-96B9-44E7-AF23-9622C60BB6E2}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{2559255F-3687-4B46-A233-57B53B768A42}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\brawl busters\bin\pblauncher.exe | 
"{25D92F69-D106-457A-B60D-367A4FFD4D13}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\3dsmax.exe | 
"{270D0568-D02C-48D9-B6B0-C240D6AF87A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2854D0DF-5722-45CC-92CF-DBA487E730E0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{29281D73-26F0-4ABD-886E-D6D596B5C982}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{29E3FD5A-1F47-42D7-9025-3169EE787E7B}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{2D759511-22CA-4DFD-8426-19F8A412F9F0}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\vessel\vessel.exe | 
"{2ED9BCEA-A3F5-4F39-99CB-C11D24C00D32}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{3065AC4F-8A1F-443C-B423-5459469C699D}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\from dust\from_dust.exe | 
"{316C9C61-1B03-4D15-88B2-C198EF83DF90}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{31D16DC6-2F85-431A-85D3-EDBF5789FBA3}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{32D934EE-BC62-4A7C-8B67-58A40FDEB7ED}" = protocol=6 | dir=in | app=d:\spiele\take on helicopters\takeonh.exe | 
"{39017484-A7A1-488B-8F31-D73F69E89AD1}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\rock of ages\binaries\win32\roa.exe | 
"{392782FA-F436-4A2B-AB0A-1DF1D9A5B348}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{3A70744D-9972-4F10-9F59-D0186D59629F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3A982A76-6396-4D19-8EA6-6CA4162D20C0}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\portal 2\portal2.exe | 
"{3DB9483B-FAA7-4FE2-B1BA-CC36690B2FE7}" = protocol=17 | dir=in | app=d:\spiele\tera\tera-launcher.exe | 
"{3EDCAED7-9762-4E87-A4C7-1A1C443E150E}" = protocol=6 | dir=in | app=d:\spiele\anteworld\outerra.exe | 
"{40CFB0B1-2C2C-4F19-B5E5-FE75DA2025D1}" = protocol=6 | dir=in | app=d:\spiele\might & magic heroes vi\might & magic heroes vi.exe | 
"{444EA588-75D0-4B86-84C4-61DB565B21EA}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_32.exe | 
"{45C5C2B0-82A7-414D-8B80-3800F1053413}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | 
"{467820FD-491E-403C-B44A-C44275C24916}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"{468F8E1E-9364-49A7-9795-185C9DC5A20F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{4920FEEB-6C52-43B3-AAA3-C1B505321529}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe | 
"{4969599A-F93D-470B-9BBE-1F2F6A8BF389}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\quimbo\garrysmod\hl2.exe | 
"{4AE2BA88-8A5E-4C57-892E-557AE79CCC3B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{4AE3B9D7-1F77-460E-B14C-18937830AC70}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe | 
"{4BB3195C-E5E3-4E2E-A562-801AEC0C8F8B}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{4BE0CF5E-C927-461C-AD8E-2E16324CD5D2}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\monkey2\monkey2.exe | 
"{4CB60189-011E-4408-8A87-F314FC817094}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\xcom interceptor\interceptor.exe | 
"{4CF02E0A-A22B-448C-BEC6-2235C987C782}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{4DA45800-7CB7-4109-BEC3-7F9DFAA8FEF6}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\spacechem\spacechem.exe | 
"{4E7A0A3E-1214-4F00-BC9B-54F1FAC65987}" = protocol=17 | dir=in | app=c:\program files (x86)\blastshark\hellgate\blastshark.exe | 
"{505BC5FF-3386-4791-9EB1-055317C4E7BB}" = protocol=17 | dir=in | app=d:\spiele\take on helicopters\takeonh.exe | 
"{50E8E98F-1E4B-4315-AA50-DBB8A7CCFE9A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{518C7C73-0B2E-47E2-8F40-8241A4A41988}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{51C98D94-E330-4F7F-AA90-26F022D3576A}" = protocol=6 | dir=in | app=c:\users\benni\appdata\roaming\dropbox\bin\dropbox.exe | 
"{549AF823-5543-47C9-A862-FC1E2653E5A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{54A4114A-AC81-4D32-9BC7-2E1C227EC453}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\xcom interceptor\interceptor.exe | 
"{55DCA8BB-FAFD-4F3E-B229-82D0A89BBD8D}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{574B710C-4ECF-4DDE-8F75-EE8925B8BAC0}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\stacking\stack.exe | 
"{5788C111-A9F3-4194-840C-74BED6CD5AC3}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\xcom ufo defense\dosbox.exe | 
"{57A3EB8E-2985-4A29-80F3-13373E015CA4}" = protocol=6 | dir=in | app=d:\development\ctech\mvs\bin\system\evs_mvs.exe | 
"{59B12EA0-725E-4DA6-BC4F-29AEFF554D80}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\rock of ages\binaries\win32\roa.exe | 
"{5B0C1214-9584-4674-A13F-18CE9E9D1101}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{5B47FC99-080F-4F42-8E5A-C2875CAF449C}" = protocol=17 | dir=in | app=c:\users\benni\appdata\local\temp\hng\live\hng.exe | 
"{5DDDD6F1-57CC-41B5-8656-7E624C068449}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe | 
"{60D1A767-B05E-4798-87E5-84BA6F72C81A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{61AF87F8-FCBC-4276-8AD1-8736934D1802}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{6263F033-E069-427A-8016-F1F6DD5ADEFE}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\solar 2\solar2.exe | 
"{62F59407-6EEB-420D-A4EF-2EA3A49D2A65}" = protocol=6 | dir=in | app=c:\users\benni\desktop\diablo-iii-8370-dede-installer-downloader.exe | 
"{65531AE6-445F-4C5B-841D-B5306E285D83}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{65AB7630-578C-44D9-A597-A7C388069007}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{66C9572C-FC01-4DA1-9A58-07428EAFF2FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{66C98F11-F5EA-4A03-BFE7-350A78353FDD}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{66D3FF3D-5F1B-4430-BC04-27C5AD79CDB4}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{67E668A0-82E5-4C7A-99CE-3E6C895EBF26}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe | 
"{6AF9EB01-77E3-4522-A262-3D2B50A18703}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{6B486C71-D61F-4E41-A334-C1372DE86D85}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_32server.exe | 
"{6D5AC7E6-54E3-4B2E-9EFE-E030F26CEA7F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\quimbo\garrysmod\hl2.exe | 
"{71CCFA9B-011B-493C-A495-C10E33F4E60F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\spacechem\spacechem.exe | 
"{721B7388-F558-4040-804B-65DFFBD78184}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7271A317-2AAA-4750-AE28-B17B5E392CE6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{740360BE-CFE2-4297-B76E-B712BC715DD8}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{745A5F6B-F280-4F68-95D9-C5F42620D395}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe | 
"{74C8361D-D21B-4C19-8E4B-94FCB464089C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{768359E1-A234-457F-BD7B-F0EDB4A6EA7E}" = protocol=6 | dir=in | app=d:\spiele\diablo iii beta\diablo iii.exe | 
"{781914A2-C5BA-403F-B2C3-968205EAB066}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{794BA827-D876-4812-8452-62EEE1D101A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7A5F43CE-807E-4EAC-9729-53E96220FB24}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{7AC8343A-0A67-4D91-9F2B-EAF75EC1BEA2}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe | 
"{7BE09309-A105-4CA1-8689-CB4FDBD69E75}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\resonance\resonance.exe | 
"{7C9634CE-6505-4C40-895C-DE5818EB6944}" = protocol=17 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win64\udk.exe | 
"{7E4893F8-0396-49AD-9C80-7900F83B3AC3}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{7FF5BF7B-08A0-4E38-B7CA-E0AC80AA3EA1}" = protocol=6 | dir=in | app=c:\users\benni\desktop\gw2\gw2.exe | 
"{8190FAD8-BB95-447C-A869-EE3014FF6A56}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{83413A41-AA63-46BD-A90E-57D9BA608D70}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{8592542D-0CAF-41B6-B6C5-66E4957B0D93}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe | 
"{87843BF7-4AA3-4D74-8CCD-35DE31F3EB56}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dino d-day\srcds.exe | 
"{88FDC1CA-1C6E-46B5-A0BB-E6247AFEEDC3}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\just cause 2\justcause2.exe | 
"{8BD349AB-0147-49DB-B304-B6C19E3BCBD0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{8C598C64-0FE2-44CB-A3A2-1791CEA0F073}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe | 
"{8D040E41-EDA7-430F-A0B1-84C4FE15E2A4}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\nation red\nationred.exe | 
"{8D4B2AAB-88BB-449C-9EC7-5D5AF9BB4F35}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\portal 2\portal2.exe | 
"{8D5E74F6-5237-40CD-99E6-95DFE8CE0882}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{8DDE6043-FCD2-462A-9411-866F59DE3121}" = protocol=6 | dir=in | app=c:\users\benni\desktop\xm360v2.0d\server\xm360server.exe | 
"{8E19F18C-91EF-43F9-BE01-F310CBE6E947}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{8ECE1995-D219-4D90-8FF9-AB11104362F5}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{8EDE27DF-3BE8-4B2A-BDE2-87AFCD6DA5FF}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\x-com terror from the deep\runme.exe | 
"{8F8BC370-C27C-49DF-A7ED-AB4EC25DE9FD}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\portal 2\portal2.exe | 
"{90542FAD-5A34-4378-80CE-02671EDF3E14}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dc universe online\launchpad.exe | 
"{91774FAB-6059-49D4-B446-6F9830B5955A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{91DCC942-0598-499C-A4C9-7A9569E4E998}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{923BEFB0-6490-495F-8A51-EA904415C100}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\brawl busters\bin\pblauncher.exe | 
"{9306BE3A-F85E-4AFC-ACC1-9BF8806EAD1F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{95B53944-C9C8-441A-9C1A-C9CB677DBC37}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\rock of ages\binaries\win32\roa.exe | 
"{95D0EFA4-6DAD-489A-AF8B-972CFEFF44D9}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\solar 2\solar2.exe | 
"{961383A2-646D-4641-9EEC-AD0D20290A68}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{980640FA-A2B3-4906-A29A-C83864A3F942}" = protocol=6 | dir=in | app=d:\spiele\diablo iii\diablo iii.exe | 
"{985F7A24-A74B-4299-98CC-E88A736EB2FB}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{98A31391-6BF1-4FAD-9A53-B1CAC25D1161}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{98CAC06B-B31D-4DE1-B353-FCB1770BF669}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\xcom enforcer\system\xcom.exe | 
"{99E4BBC8-D244-4813-BAD6-05D39E4B9A3F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9A192550-F95F-47C2-855B-1DC9DC15AF1F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\monkey2\monkey2.exe | 
"{9BD901EA-27C3-434B-BEBB-00A32FE6440D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{9C03AB5E-E25F-4C12-82F4-DB9B8B95B975}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{9C99F074-812C-40F4-B0CB-6DD9A8925CDB}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{9DCD12E4-92D9-49DC-8A37-01EAB07F6EC2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9F6EFBD2-94E0-4BD0-937E-CF0188F1CDCA}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | 
"{A0D8D9CD-B360-4236-8F36-033E0244B64C}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{A0E5D81F-40D0-4E21-8EDA-F0A2A9D7E296}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{A0F6B44B-313C-4873-B547-B22384E77E23}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_32server.exe | 
"{A3E58293-F9E1-4A12-A256-0BD5A8B1E853}" = protocol=6 | dir=in | app=c:\program files (x86)\blastshark\hellgate\blastshark.exe | 
"{A7B6D18C-F6CA-4677-8FD6-F52199B5D026}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe | 
"{A8F11652-CC46-43E5-BCCA-D8579C00C576}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{AA5BABDC-1761-40CC-B282-C34932BC14DF}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{AB503115-005E-455C-9A1F-CAD67756C3AD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{ABA5CED3-799A-458B-92CC-61F76B31F80F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\tinyandbig\tinyandbig.exe | 
"{AD48549D-F0D1-4F71-B109-23D83C43691F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\tinyandbig\tinyandbig.exe | 
"{ADE3B1CB-CDEC-4D41-B60D-FE124D8F0B5B}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe | 
"{AFAD2F91-381A-438E-BC37-B606CD94783B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{B09DA7BF-D4FC-48D1-B0E5-1A2B957FCB80}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{B481DA7B-E2C4-4BBA-983A-32ACB46E7721}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\solar 2\solar2.exe | 
"{B4862717-381C-4D28-9211-E8BCEA0BAC14}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{B49D6A6D-B713-4D3C-AD01-5C35E493E226}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{B5A85ADD-9D68-435C-A779-EEF184673A01}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{B7512BD4-6424-44E0-BB9D-4F5326CD1317}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B96B4B5E-B781-4C30-863D-894B4217A82D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA374926-DA6F-466C-A561-F8BD407B3246}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{BA757EFF-B103-442E-9664-22D77237BE4C}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\chime\chime.exe | 
"{BAF3FC27-C9A9-4CA7-83FF-242F944C3CC2}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\xcom ufo defense\dosbox.exe | 
"{BB4C7510-D573-4521-8E49-F174913E6699}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{BE496571-EB25-4BC7-9406-D18BE3CB6945}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\chime\chime.exe | 
"{C1577DB6-6A63-4A6C-9EB9-4A8EC6B72700}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe | 
"{C1AB5972-0300-47E2-AD38-C586A0B1DF85}" = protocol=17 | dir=in | app=c:\users\benni\desktop\xm360v2.0d\server\xm360server.exe | 
"{C2CFF3C3-7552-4361-B978-5885219A510E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{C321DB4E-8366-4520-8148-0B638CD16D7F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C39867CE-8DE9-4406-BCAF-7489200CC339}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.516\agent.exe | 
"{C52AE110-D7CD-4BF0-B6FD-B96C879CABED}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe | 
"{C553840D-5BFE-4118-A2D5-52D231EFA4E7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C96006FE-0F08-440E-A2CF-2DCA5D8974DB}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dc universe online\launchpad.exe | 
"{C9C122D1-02ED-46AA-A981-B90DD157028D}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{CA486A36-02D2-49DD-85D9-3DE9E2283552}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\xcom apocalypse\dosbox.exe | 
"{CA9AAC05-604F-4E5E-A985-972A5D200E47}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\stacking\stack.exe | 
"{CD6BE47D-59EA-412D-888D-635B9088532C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF9E1B58-A362-45A6-AF07-DAA3F65F1D2F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe | 
"{D03D00CA-1C08-41E4-920A-EF5C7B42A50B}" = protocol=6 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win64\udk.exe | 
"{D0D1E9DB-7D96-49B6-9624-0E0146AACC58}" = protocol=17 | dir=in | app=d:\spiele\anteworld\outerra.exe | 
"{D12CFFAE-5858-4C12-9409-CD82F0A759DD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D23CC160-93C5-40B7-8905-B50BD0FD97BB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D305C843-F474-479F-8B82-586C638CE43E}" = protocol=6 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win32\udk.exe | 
"{D3D364C2-C60E-4BCA-92FA-E68B2C89EF94}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{D46EBD78-4DCC-4D35-8793-A661F80A6474}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{D6367022-F574-4967-82E5-2933FE3CFB14}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{D659A274-D29E-4B23-A1A1-0637DFE91B0B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D704D557-BFC8-4FA9-BE26-6D0A7DE6725E}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe | 
"{D80509AE-6EB0-4F0B-969C-7E3D21213549}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_32.exe | 
"{DB16EE6C-6EE0-464E-AED0-5C4BBA128F5D}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\portal 2\portal2.exe | 
"{DFB8A760-251D-462A-8A7F-DD05746A94F0}" = protocol=17 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win32\udk.exe | 
"{E049019D-3FE3-4985-8813-AABD814512BB}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{E13BDD3E-A076-480F-8A2C-91B4B9A917BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E17A79DA-6FC7-4352-8DEF-22147BB5ECE5}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{E2E0970D-1F82-44D3-A28B-42C947B156F5}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{E331F668-C17E-4AE5-8A46-D4C2598AD428}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.516\agent.exe | 
"{E3A75527-D792-4FEC-AA6C-BD531D0D716E}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\resonance\resonance.exe | 
"{E4DD63A2-57F0-4E5F-9AF5-237806B88F38}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{E55CDCA0-15E6-4704-889F-A179BCFE6510}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\from dust\from_dust.exe | 
"{E5A402A5-8762-47B1-A055-F161C64E7E7F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{E6053EA5-BA4D-46E8-965D-44BF3C08AFC9}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dino d-day\srcds.exe | 
"{E92CA35F-C710-4124-A819-E192E2D4B70C}" = protocol=17 | dir=in | app=d:\spiele\diablo iii beta\diablo iii.exe | 
"{E96DD1F5-AB46-4F19-AF5C-90BE2E7493C8}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\xcom enforcer\system\xcom.exe | 
"{E9A2D3CD-5DCD-4E9E-A47A-137E809629ED}" = protocol=17 | dir=in | app=c:\users\benni\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EBA4E534-BF5E-4E26-9B1D-BBA2A576A709}" = protocol=6 | dir=in | app=c:\users\benni\appdata\local\temp\hng\live\hng.exe | 
"{EC8D46ED-5CA8-45E3-8201-D7AFDFCF5FC4}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe | 
"{F098ADB3-C661-483E-97A0-532A9848919F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\nation red\nationred.exe | 
"{F215ACD7-3D95-4434-BBD7-A44B6F53A4DE}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\brawl busters\bin\pbclient.exe | 
"{F2E66C80-55A6-4ED1-8A4E-C2B3A90B2AAF}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe | 
"{F434456C-AAF7-4BB1-8D03-08DC8F95B6A2}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\brawl busters\bin\pbclient.exe | 
"{F46552E2-127C-407F-8BCB-2667A73FDF1D}" = protocol=6 | dir=in | app=d:\spiele\tera\tera-launcher.exe | 
"{F91FBADE-4E8E-40A1-BFF6-29DC23B7CB82}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\vessel\vessel.exe | 
"{FA8F5E22-9ADF-414F-9C27-E6D3B92E2B09}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{FC1123A8-946D-4354-96D9-876C250B4148}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"TCP Query User{051C1659-1328-4B91-A3EF-970C65E97F19}D:\spiele\kag\kag.exe" = protocol=6 | dir=in | app=d:\spiele\kag\kag.exe | 
"TCP Query User{09E5208F-99F0-46BF-81B6-960161797823}D:\spiele\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=d:\spiele\age of conan\conanpatcher.exe | 
"TCP Query User{0A2908B2-0596-4568-A25A-308E9E1CA130}D:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{0FDE44D2-EC94-43FE-90E9-487977C97286}C:\users\benni\desktop\gw2\gw2.exe" = protocol=6 | dir=in | app=c:\users\benni\desktop\gw2\gw2.exe | 
"TCP Query User{1533989C-A69D-43AC-A30B-C3A26F0F2846}D:\spiele\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\spiele\tera\tera-launcher.exe | 
"TCP Query User{1D4EC543-D76A-49A9-B6CF-B3A171F309A3}D:\development\privat\tools\udk\udk-2011-11\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win32\udk.exe | 
"TCP Query User{228F16F1-BB03-414A-BA65-8795ADEFB8F3}D:\spiele\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"TCP Query User{2687FB81-9F5C-4E0D-BCF7-9229D835FC27}D:\spiele\steam\steamapps\quimbo\garrysmod\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\quimbo\garrysmod\hl2.exe | 
"TCP Query User{2B2CAB70-555E-4803-A845-65AC7EFCB6C4}D:\development\privat\tools\udk\udk-2011-11\binaries\win64\udk.exe" = protocol=6 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win64\udk.exe | 
"TCP Query User{3B323CE8-A204-4E45-87EE-2ED75322CABA}D:\spiele\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=d:\spiele\saints row the third\saintsrowthethird_dx11.exe | 
"TCP Query User{3C71487A-9299-4556-BE41-6A1F60DBBC4F}C:\users\benni\desktop\coccinella_messenger-0.96.20win\coccinella messenger-0.96.20win\coccinella messenger-0.96.20.exe" = protocol=6 | dir=in | app=c:\users\benni\desktop\coccinella_messenger-0.96.20win\coccinella messenger-0.96.20win\coccinella messenger-0.96.20.exe | 
"TCP Query User{451D2986-633F-45EE-80CF-316A25A899E9}D:\spiele\steam\steamapps\common\altitude\altitude.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\altitude\altitude.exe | 
"TCP Query User{482B9C17-7FB2-45C3-AFD5-9466B817E1A0}D:\spiele\anteworld\outerra.exe" = protocol=6 | dir=in | app=d:\spiele\anteworld\outerra.exe | 
"TCP Query User{503813C1-6049-4398-BE0A-7C482C3B89FC}D:\spiele\steam\steam.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe | 
"TCP Query User{55573922-833B-422C-B25C-A64D6A2175BC}C:\users\benni\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\benni\desktop\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{5A802B1F-7AC5-4BD0-B095-62EC30847941}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe | 
"TCP Query User{5E1EF5FA-A127-434D-B3E5-BED57E8FADAF}C:\program files (x86)\spark\spark.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spark\spark.exe | 
"TCP Query User{5FBF84EE-8E06-4574-A43F-0C13EFC7BF61}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{67D5A4FF-DB2A-4BF5-81FB-87BCC6AEC49A}D:\spiele\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=d:\spiele\stronghold 3\bin\win32_release\stronghold3.exe | 
"TCP Query User{6DB17523-9813-43CB-AAD2-05AD42AC86F7}D:\spiele\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=d:\spiele\orcs must die!\build\release\orcsmustdie.exe | 
"TCP Query User{822672E2-A1E4-4993-8DE1-7AAB5D4C9BC6}D:\spiele\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=d:\spiele\star wars-the old republic\betatest\retailclient\swtor.exe | 
"TCP Query User{82FF820D-51A8-47AA-9659-A54E64D84298}D:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{88552672-32FF-4F24-A4E7-EBDB9970CF33}D:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"TCP Query User{93442E51-BB63-46B6-B088-D5504394EB02}D:\spiele\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{A49B292D-E751-4565-B1C6-BE799F994AB8}D:\spiele\steam\steamapps\common\crimecraft\binaries\crimecraft.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\crimecraft\binaries\crimecraft.exe | 
"TCP Query User{A7F24C25-6159-49BC-AA71-AA5FB4AA4A1E}C:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe | 
"TCP Query User{A911797D-387F-4741-BBFC-BB05E1135AE2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{ABD6CE65-4F23-4163-A209-E71C9ED7DADC}D:\spiele\tribes ascend beta\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=d:\spiele\tribes ascend beta\games\tribes alpha\binaries\win32\tribesascend.exe | 
"TCP Query User{B53B5503-FD39-4640-890A-66CD0818D486}C:\program files (x86)\spark\spark.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spark\spark.exe | 
"TCP Query User{B6FAB781-E9D2-4C30-919A-E3E23F938E18}D:\spiele\steam\steamapps\common\dino d-day\dinodday.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dino d-day\dinodday.exe | 
"TCP Query User{BD2ED279-D8D8-486A-8FA7-B7E8E0363A39}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | 
"TCP Query User{BD5D10F8-FE92-4178-A997-A38356B86AED}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{D0194839-9709-4448-8AB8-85A514E766AC}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe | 
"TCP Query User{D03784DD-F712-4849-893D-AA601C52D948}D:\spiele\kagtest\kag.exe" = protocol=6 | dir=in | app=d:\spiele\kagtest\kag.exe | 
"TCP Query User{D9E80352-9F47-4E59-9F2E-867D89855548}D:\development\ctech\mvs\bin\system\evs_mvs.exe" = protocol=6 | dir=in | app=d:\development\ctech\mvs\bin\system\evs_mvs.exe | 
"TCP Query User{DD757D92-39F0-413F-BBFB-F6E84FA4846E}D:\spiele\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=d:\spiele\dead island\deadislandgame.exe | 
"TCP Query User{DDC40C51-9863-4A78-8697-951165474EE1}C:\users\benni\appdata\local\temp\dsoclient\app.n3app" = protocol=6 | dir=in | app=c:\users\benni\appdata\local\temp\dsoclient\app.n3app | 
"TCP Query User{EF4E3224-8FA5-4126-AF63-17902D565095}C:\users\benni\desktop\xm360v2.0d\server\xm360server.exe" = protocol=6 | dir=in | app=c:\users\benni\desktop\xm360v2.0d\server\xm360server.exe | 
"TCP Query User{F2D9E335-EF3C-459B-822F-4C68E8A67A3F}D:\development\ctech\bin\system\evs_mvs.exe" = protocol=6 | dir=in | app=d:\development\ctech\bin\system\evs_mvs.exe | 
"TCP Query User{F54642E8-B55F-49CF-8280-C8F9BD0453B0}C:\users\benni\appdata\local\temp\hng\live\hng.exe" = protocol=6 | dir=in | app=c:\users\benni\appdata\local\temp\hng\live\hng.exe | 
"TCP Query User{FA73F4D8-370F-4DE3-88B7-81E9AFC987EB}D:\spiele\age of conan\ageofconandx10.exe" = protocol=6 | dir=in | app=d:\spiele\age of conan\ageofconandx10.exe | 
"TCP Query User{FD31CEF4-A0D3-4DC1-B160-98B7AFFD169F}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | 
"UDP Query User{0825BF85-3B18-4D28-978D-1C27C1CFED13}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe | 
"UDP Query User{0A30CF24-ABC9-47B7-B22C-523E0488716C}C:\users\benni\appdata\local\temp\hng\live\hng.exe" = protocol=17 | dir=in | app=c:\users\benni\appdata\local\temp\hng\live\hng.exe | 
"UDP Query User{0B946A16-AFED-4BBF-8766-E2870474918A}D:\spiele\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=d:\spiele\star wars-the old republic\betatest\retailclient\swtor.exe | 
"UDP Query User{0C3B1E14-D1EE-4BFC-BB2E-26294598B72C}C:\users\benni\desktop\gw2\gw2.exe" = protocol=17 | dir=in | app=c:\users\benni\desktop\gw2\gw2.exe | 
"UDP Query User{12ADB369-E1BF-4EB8-B86B-3D052D2AED8D}C:\users\benni\appdata\local\temp\dsoclient\app.n3app" = protocol=17 | dir=in | app=c:\users\benni\appdata\local\temp\dsoclient\app.n3app | 
"UDP Query User{1531D1EB-C18A-4B3A-AC9E-70444A7BDE38}C:\users\benni\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\benni\desktop\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{21DB8703-898C-4C51-9257-8AD9936D5455}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | 
"UDP Query User{2E86551D-93A6-4819-8406-94DAE9D1E718}C:\program files (x86)\spark\spark.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spark\spark.exe | 
"UDP Query User{2FCC7AB3-996C-485E-992F-3CD2E0E1196D}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | 
"UDP Query User{3E6E8BF1-E49C-45EE-A314-E077ECBA953B}D:\spiele\steam\steam.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe | 
"UDP Query User{42B3FA22-5DAF-4FBE-ADF0-7702C66DDAF7}D:\spiele\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=d:\spiele\stronghold 3\bin\win32_release\stronghold3.exe | 
"UDP Query User{464E0D04-461C-40D8-A1ED-5C8249A082FF}D:\spiele\tribes ascend beta\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=d:\spiele\tribes ascend beta\games\tribes alpha\binaries\win32\tribesascend.exe | 
"UDP Query User{4879A9F7-79F4-4670-A81E-4573C4E4ACBA}D:\spiele\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=d:\spiele\orcs must die!\build\release\orcsmustdie.exe | 
"UDP Query User{4D342385-3F3F-4713-B48E-143753EA03CF}C:\users\benni\desktop\coccinella_messenger-0.96.20win\coccinella messenger-0.96.20win\coccinella messenger-0.96.20.exe" = protocol=17 | dir=in | app=c:\users\benni\desktop\coccinella_messenger-0.96.20win\coccinella messenger-0.96.20win\coccinella messenger-0.96.20.exe | 
"UDP Query User{4EFB09A7-7227-46A8-8B6D-72C8A5FC1F58}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe | 
"UDP Query User{57BF8A03-275E-4D49-8927-B0F1E905DDD7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{5BD80E15-B0D1-4AA2-885B-9752728612B5}D:\spiele\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\spiele\tera\tera-launcher.exe | 
"UDP Query User{5FC7BB1A-2631-44CC-BE5D-79719A890D34}D:\spiele\steam\steamapps\quimbo\garrysmod\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\quimbo\garrysmod\hl2.exe | 
"UDP Query User{681B44C0-511E-4F01-9963-AD1BBAF03B8D}D:\spiele\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=d:\spiele\age of conan\conanpatcher.exe | 
"UDP Query User{701974C1-9FF8-478F-9169-BD4423217054}C:\users\benni\desktop\xm360v2.0d\server\xm360server.exe" = protocol=17 | dir=in | app=c:\users\benni\desktop\xm360v2.0d\server\xm360server.exe | 
"UDP Query User{708B9BB3-6854-4FEE-B7EC-B23E5A8BDF1A}C:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe | 
"UDP Query User{7908DE28-236A-415E-8423-80268D5A8DD6}D:\spiele\anteworld\outerra.exe" = protocol=17 | dir=in | app=d:\spiele\anteworld\outerra.exe | 
"UDP Query User{7CB54EEF-0ED3-4E68-A06C-C40F95ACAF29}D:\spiele\age of conan\ageofconandx10.exe" = protocol=17 | dir=in | app=d:\spiele\age of conan\ageofconandx10.exe | 
"UDP Query User{81E461D1-1F4A-4787-9AA0-5DDBA9A2D936}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{8D738B8B-F45E-42D4-A35C-2F21F1AA1A87}D:\spiele\steam\steamapps\common\altitude\altitude.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\altitude\altitude.exe | 
"UDP Query User{91D45B74-8955-4CCB-98D2-3DDA7F750ECD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{A947E0EA-3A36-46F2-A869-CDC20114935F}D:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{AFE1F158-D667-4147-B1E5-2EEE7326D71D}D:\spiele\steam\steamapps\common\crimecraft\binaries\crimecraft.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\crimecraft\binaries\crimecraft.exe | 
"UDP Query User{B24DB0DA-EABA-4DE6-B47A-6F4EBD9A33B9}D:\spiele\kagtest\kag.exe" = protocol=17 | dir=in | app=d:\spiele\kagtest\kag.exe | 
"UDP Query User{B2ED5692-7494-422D-ACEF-293B6D7CC26B}D:\spiele\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{CC7A06FD-07BD-4015-9876-B441EE3DFDA6}C:\program files (x86)\spark\spark.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spark\spark.exe | 
"UDP Query User{CDBAD26A-6921-4969-9262-EF6DC96BA2B6}D:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"UDP Query User{D8AB5FE2-B5F4-4C45-9F62-296B4E1C282F}D:\spiele\steam\steamapps\common\dino d-day\dinodday.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dino d-day\dinodday.exe | 
"UDP Query User{DF220C34-E6D1-4B8A-84D6-394F0B98A0A5}D:\spiele\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=d:\spiele\dead island\deadislandgame.exe | 
"UDP Query User{E88E72CC-B6E8-4E60-AA3C-C39E7F2DC3BF}D:\development\ctech\bin\system\evs_mvs.exe" = protocol=17 | dir=in | app=d:\development\ctech\bin\system\evs_mvs.exe | 
"UDP Query User{EB63AB75-6001-429A-B79F-15C9E21CCF0E}D:\development\privat\tools\udk\udk-2011-11\binaries\win64\udk.exe" = protocol=17 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win64\udk.exe | 
"UDP Query User{EC7EAC00-C927-4CB1-BF60-4A2E4111D8CA}D:\development\privat\tools\udk\udk-2011-11\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win32\udk.exe | 
"UDP Query User{ECD03BB1-69DB-402E-B01F-AB1867F41CC5}D:\development\ctech\mvs\bin\system\evs_mvs.exe" = protocol=17 | dir=in | app=d:\development\ctech\mvs\bin\system\evs_mvs.exe | 
"UDP Query User{F3280AC7-756E-4770-9169-E39C2BCCEB08}D:\spiele\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"UDP Query User{F5285A2D-4947-44B5-87DE-1C5FA64F013D}D:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{F787A6F5-3A5C-4E2D-81FC-613B8EEA84AB}D:\spiele\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=d:\spiele\saints row the third\saintsrowthethird_dx11.exe | 
"UDP Query User{F87FA1DB-5E4A-4D92-9671-0720E6E3777A}D:\spiele\kag\kag.exe" = protocol=17 | dir=in | app=d:\spiele\kag\kag.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{251481E4-723F-492F-F5C1-3424FB2EF44E}" = AMD Drag and Drop Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{2d3a814a-84d8-4551-8744-0713ff38084c}.sdb" = Ausnahmen
"{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{3C5380EC-1D8B-45D2-B38A-4544DD0036D9}" = TortoiseSVN 1.7.1.22161 (64 bit)
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{502EAA3C-5887-4B62-83BC-7FCE593A8A89}" = ANTS Performance Profiler 6
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{528E2373-AE49-4802-B4A8-326BBFDAD6A0}" = VmciSockets
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5E87F2AC-AD65-41AA-A4BD-7690A1197063}" = Extreme Optimization Numerical Libraries for .NET 4.1
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62CBE596-1BB8-4D7B-A056-103287BAD1C4}" = Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{745C765E-D512-4CC7-89C1-6D0467A43698}" = AMD gDEBugger
"{7D65612F-53B4-0409-85AA-21DF5A8E9455}" = Autodesk 3ds Max Design 2013 64-bit
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{88BCE644-077B-457D-8F38-AAA16EF838C8}" = TortoiseHg 2.1.2 (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.VISIOR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.VISIOR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.VISIOR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.VISIOR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-1000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-1000-0000000FF1CE}_Office14.VISIOR_{1F29ED16-958F-4278-B8DD-5F421E1166DA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.VISIOR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{94A320D4-3535-4E43-8F42-AF0714120A4B}" = ANTS Memory Profiler 7
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B7D0C3BC-CB39-3CA1-9295-A23A93994893}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BC66B242-DF13-1664-851B-00123612ED98}" = Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AD7AB2629F8514508E17FEDAF4E26A36107ECC2D" = Windows-Treiberpaket - PrimeSense (psdrv3) PrimeSense  (02/16/2011 3.1.2.0)
"Autodesk 3ds Max Design 2013 64-bit" = Autodesk 3ds Max Design 2013 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit
"Blender" = Blender
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"DriverAgent" = DriverAgent Plugin for Netscape by eSupport.com
"HardlinkShellExt" = Link Shell Extension
"LockHunter_is1" = LockHunter 2.0 beta 2, 64 bit
"MatlabR2011a" = MATLAB R2011a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Premium 2010
"R for Windows 2.13.1_is1" = R for Windows 2.13.1
"Sandboxie" = Sandboxie 3.62 (64-bit)
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Secret World_is1" = The Secret World
"UDK-1c0b2f4b-0a2b-4597-9605-c7a038e67278" = Unreal Development Kit: 2011-11
"Very Sleepy_is1" = Very Sleepy version 0.82
"WinRAR archiver" = WinRAR 4.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{03190AA6-34C6-455F-8B60-7678DA7F39B4}" = Telerik RadControls for WPF Q2 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0548CCF2-2AED-4A66-81B3-FB3B5F89013D}" = Telerik RadControls for WPF Q3 2011
"{055FD05B-BF37-4DA8-9504-88E46552CF43}" = QuickTime SDK
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{134A5765-D59B-4160-8C70-B84BF9F53DF9}" = GhostDoc
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1DD1D1E9-FC96-4B17-BE0A-A5481F8B0D67}" = ArcGIS License Manager 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{39FC5346-05D2-44C0-B350-CC01A00ED9B4}" = AutoMe
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8
"{3BDB3C8A-536D-423A-BE27-0CEF2A0819D3}" = Subversion
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1216.1
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{5061ACBA-7A0A-42FE-93FF-403B2099D200}" = Autodesk Essential Skills Movies for 3ds Max 2013 32-bit
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{52291FC0-33D3-4A18-9587-5115225545D8}_is1" = ThunderFix 1.0.0.2
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{59F8CFA2-FFCB-4B3F-A086-E02888932DF5}" = OpenNI 1.3.2.1 for Windows
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5F560088-E62D-4099-924D-ED7F241045E7}" = Mindscape WPF Elements
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{62B74257-2E1B-48FB-843C-0FBA43FE1327}" = Sentinel System Driver Installer 7.4.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{696BB53C-28E6-1632-974E-D42FFF5B8E04}" = Autodesk Inventor Server Engine for 3ds Max 2013 32-bit
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{79130390-599A-0409-93EB-B6A759E2ABB0}" = Autodesk 3ds Max 2013 32-bit
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{816C1C1A-59E3-4F81-A99C-A21BCB0A2D8E}" = VisualHG 1.1.5
"{81ABC4A0-DE63-11DE-8A39-0800200C9A66}" = FreeCAD 0.11
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84A0E102-00FD-4E84-A40A-F02E9A7FEBD6}" = BlueStacks (beta-1)
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{879E1A85-4B17-48CF-8D73-6CC09F46497E}_is1" = Connon Fodder 3 version 1.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{90C5C0B5-923C-4BE0-9A0C-98266CA6E170}" = Path of Exile
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{92203FA0-7C43-429F-857C-0AE197D8199C}" = Composite 2013
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{96B09983-73D9-4E4B-BCDE-67A1EDC6FD5C}" = Telerik RadControls for WPF Q1 2011 SP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{ABFD2603-877A-474E-B595-339D900B4E60}" = ArcObjects SDK for the Microsoft .NET Framework
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.4-alpha-1
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C018B886-B05B-4B13-B750-AC5956465548}" = nFringe 1.1 (1.1.34.193)
"{C08257CE-4608-43FE-AFB9-241E6AD252D1}" = JetBrains ReSharper 6.1
"{C1EF1AC4-F1D1-40CD-B9FB-29F954AE23AC}" = EnterVol License Server
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{C7D890CF-B8BC-41CD-8BCB-D86E1653CB54}" = EnterVol
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D82F4E66-B3F6-4482-879E-AAC745CCFE0F}" = DraftSight
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E7959656-855A-4414-BEFE-4E79D37D927C}" = AnkhSVN 2.3.10838.1211
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EBF0AFAA-F07B-4279-9EAF-652788B9CF6D}" = Draft IT
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A04242-C4E7-414C-9E57-C0351DAA87D3}" = StyleCop 4.7.30.0
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}" = Autodesk Civil View for 3ds Max Design 2013
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1489-3350-5074-6281" = JDownloader 0.9
"abgx360" = abgx360 v1.0.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"AMD GPU Clock Tool" = AMD GPU Clock Tool
"ArcGIS Desktop 10" = ArcGIS Desktop 10
"ArcGIS Desktop 10 SP2" = ArcGIS Desktop 10 Service Pack 2
"ArcGIS License Manager 10" = ArcGIS License Manager 10
"ArcObjects SDK for the Microsoft .NET Framework" = ArcObjects SDK for the Microsoft .NET Framework
"ArcObjects SDK for the Microsoft .NET Framework SP2" = ArcObjects SDK for the Microsoft .NET Framework 10 Service Pack 2
"Autodesk 3ds Max 2013 32-bit" = Autodesk 3ds Max 2013 32-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max 2013" = Autodesk FBX Plug-in 2013.1 - 3ds Max 2013
"AutoItv3" = AutoIt v3.3.6.1
"boost_1_44" = Boost C++ Libraries 1.44
"boost_1_46_1" = Boost C++ Libraries 1.46.1
"boost_1_47" = Boost C++ Libraries 1.47
"Botanicula_is1" = Botanicula
"C Tech Software 9.64" = C Tech Software, Version 9.64
"CGAL-3.8" = CGAL-3.8 -- Computational Geometry Algorithms Library, version 3.8
"CGAL-3.9" = CGAL-3.9 -- Computational Geometry Algorithms Library, version 3.9
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Cluster_is1" = Cluster 3.0
"CMake 2.8.8" = CMake 2.8, a cross-platform, open-source build system
"CMINPACK" = CMINPACK 1.1.3
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CorsixTH" = CorsixTH Beta 8
"DAEMON Tools Lite" = DAEMON Tools Lite
"Deponia" = Deponia
"Diablo III" = Diablo III
"DjVuLibre+DjView" = DjVuLibre+DjView
"doxygen_is1" = doxygen 1.7.4
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Eigen" = Eigen 3.0.0
"Endless Space_is1" = Endless Space
"EnterVol 1.5.0" = EnterVol
"EnterVol License Server 1.4.0" = EnterVol License Server
"ESN Sonar-0.70.0" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.5.3
"flann" = flann 1.6.9
"FLV Player" = FLV Player 2.0 (build 25)
"FogBugz for Visual Studio_is1" = FogBugz for Visual Studio 3.0
"Git_is1" = Git version 1.7.7-preview20111014
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Graphing Calculator 3D_is1" = Graphing Calculator 3D 3.2
"GSview 4.9" = GSview 4.9
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.48.2
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1216.1
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"Jagged Alliance - Back in Action_is1" = Jagged Alliance - Back in Action
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.19
"KilnClient_is1" = Kiln Client (2.7.4.0)
"King Arthur's Gold (Alpha)_is1" = KAG 0.9A TEST
"KProbe" = KProbe 2.5.2
"LEd_is1" = LEd Beta 0.53
"LyX20" = LyX 2.0.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaMonkey_is1" = MediaMonkey 4.0
"MeshLab" = MeshLab 1.3.0
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.50
"Notepad++" = Notepad++
"ntfslink_is1" = NTFS Link 2.1
"OpenAL" = OpenAL
"OpenMesh" = OpenMesh v2.1.1
"Opera 12.00.1467" = Opera 12.00
"Origin" = Origin
"Outerra Anteworld" = Outerra - Anteworld - Outerra Anteworld Demo
"ParaView" = ParaView-3.10.1 a cross-platform, open-source visualization system
"PCL" = PCL-1.2.0
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"Qt Visual Studio Add-in 1.1.10 - C:_Program Files (x86)_Nokia_Qt4VSAddin" = Qt Visual Studio Add-in 1.1.10
"Sapphire TRIXX" = Sapphire TRIXX
"SciTE4AutoIt3" = SciTE4AutoIt3 7/3/2011
"Spark 2.6.3.12555" = Spark 2.6.3.12555
"Steam App 102600" = Orcs Must Die!
"Steam App 104700" = Super MNC Invitational
"Steam App 105600" = Terraria
"Steam App 108500" = Vessel
"Steam App 115110" = Stacking
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 200210" = Realm of the Mad God
"Steam App 205910" = Tiny and Big: Grandpa's Leftovers
"Steam App 205929" = Tiny and Big Preorder
"Steam App 207170" = Legend of Grimrock
"Steam App 209080" = Guns of Icarus Online
"Steam App 209870" = Blacklight: Retribution
"Steam App 211" = Source SDK
"Steam App 212050" = Resonance
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 22230" = Rock of Ages
"Steam App 24200" = DC Universe Online
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 32460" = Monkey Island 2: Special Edition
"Steam App 33460" = From Dust
"Steam App 35130" = Lara Croft and the Guardian of Light
"Steam App 39800" = Nation Red
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 620" = Portal 2
"Steam App 62100" = Chime
"Steam App 65800" = Dungeon Defenders
"Steam App 7760" = X-COM: UFO Defense
"Steam App 7770" = X-COM: Enforcer
"Steam App 8190" = Just Cause 2
"Steam App 92800" = SpaceChem
"Steam App 97000" = Solar 2
"Steam App 99900" = Spiral Knights
"SystemRequirementsLab" = System Requirements Lab
"Take On Helicopters" = Take On Helicopters
"TDM-GCC" = TDM-GCC
"Texmaker" = Texmaker
"TrueCrypt" = TrueCrypt
"Vessel_is1" = Vessel
"VLC media player" = VLC media player 1.1.11
"VMware_Workstation" = VMware Workstation
"VTK" = VTK 5.6
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinMerge_is1" = WinMerge 2.12.4
"WinPcapInst" = WinPcap 4.1.2
"WinShell_is1" = WinShell
"Wireshark" = Wireshark 1.6.8 (64-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.1.0.880
"Qt SDK" = Qt SDK
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 31.07.2012 03:17:41 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 03:17:41 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 03:22:11 | Computer Name = Benni-ITX | Source = DCOM | ID = 10005
Description = 
 
Error - 31.07.2012 03:22:11 | Computer Name = Benni-ITX | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.131.956.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%852     Quellpfad: Default URL     Signaturtyp: %%800     Aktualisierungstyp: %%803     Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8601.0     Fehlercode:
 0x8007043c     Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet
 werden. 
 
Error - 31.07.2012 03:22:39 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 03:22:39 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 03:22:39 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 03:24:49 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 03:24:49 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 03:24:49 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
Hier das Malwarebytes Log:

Die Dateien EHeO58kG.exe hatte ich manuell in EHeO58kGu.exe umbenannt, danach konnte ich erst den abgesicherten Modus booten (hatte im Eingangspost fälschlicherweise behauptet, die gelöscht zu haben).

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Benni :: BENNI-ITX [Administrator]

31.07.2012 10:00:04
mbam-log-2012-07-31 (12-26-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1287508
Laufzeit: 2 Stunde(n), 26 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Administrator\AppData\Roaming\EHeO58kGu.exe (Exploit.Drop.COD) -> Keine Aktion durchgeführt.
C:\Users\Benni\AppData\Local\Temp\deo0_sar.exe (Exploit.Drop.COD) -> Keine Aktion durchgeführt.
C:\Users\Benni\AppData\Roaming\EHeO58kGu.exe (Exploit.Drop.COD) -> Keine Aktion durchgeführt.

(Ende)
         

Geändert von Killy80 (31.07.2012 um 04:28 Uhr)

Alt 31.07.2012, 09:40   #2
t'john
/// Helfer-Team
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes,DefaultScope = {4221ADAC-8331-47d8-8385-2CB3BB10B17A} 
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{4221ADAC-8331-47d8-8385-2CB3BB10B17A}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} 
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{A873D727-BDD3-487c-A6C2-920998CF6839}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV 
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{BF34AD08-E060-485f-B582-CE2462B0F46C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH 
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..network.proxy.http: "77.220.20.196" 
FF - prefs.js..network.proxy.http_port: 80 
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found 
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
[2012.07.31 09:20:46 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTS.exe 

@Alternate Data Stream - 152 bytes -> C:\Program Files (x86)\Common Files\C Tech:{42005500-5100-7200-6F00-650056007100} 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A1EDB939 
[2012.03.08 23:17:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.03.08 23:17:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml 
[2012.03.08 23:17:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml 
[2012.03.08 23:17:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.03.08 23:17:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.03.08 23:17:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml 

:Files
C:\Users\Benni\AppData\Local\Temp\*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 31.07.2012, 11:08   #3
Killy80
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



Anbei das Log vom OTL Fix. Hab immernoch keinen Zugriff auf den Taskmanager und sehe keine Symbole auf dem Desktop (im Abgesicherten).
Kann ich nun erstmal wieder den Normalmodus starten?

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4221ADAC-8331-47d8-8385-2CB3BB10B17A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4221ADAC-8331-47d8-8385-2CB3BB10B17A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A873D727-BDD3-487c-A6C2-920998CF6839}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A873D727-BDD3-487c-A6C2-920998CF6839}\ not found.
Registry key HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BF34AD08-E060-485f-B582-CE2462B0F46C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF34AD08-E060-485f-B582-CE2462B0F46C}\ not found.
HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "77.220.20.196" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Users\Benni\Desktop\OTS.exe moved successfully.
ADS C:\Program Files (x86)\Common Files\C Tech:{42005500-5100-7200-6F00-650056007100} deleted successfully.
ADS C:\ProgramData\TEMP:A1EDB939 deleted successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
========== FILES ==========
C:\Users\Benni\AppData\Local\Temp\.NETFramework,Version=v4.0,Profile=Client.AssemblyAttributes.cs moved successfully.
C:\Users\Benni\AppData\Local\Temp\.NETFramework,Version=v4.0.AssemblyAttributes.cs moved successfully.
C:\Users\Benni\AppData\Local\Temp\0b0677b65bfa43a8860a3320a6dc665d.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\1489AFE4.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\1764e5dcdd2d4abf9c7ff837aa369855.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\1a947e093699414ab70893523ed36922.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\271f3e243ab84852a85ded8dfcc6f837.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\36c9428a0e5543d9ad383cf0351f725e.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\36ea57b079814119a4cc6a477bbcb9de.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\3cdd702e81914c089df8435cf7fb053c.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\3ds Max Design 2013 Setup.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\3tgljru4.gc0 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\3txxxhiz.err moved successfully.
C:\Users\Benni\AppData\Local\Temp\3txxxhiz.out moved successfully.
C:\Users\Benni\AppData\Local\Temp\4102e356626f478fbb80e0ae88bcb5a5.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\43b416913c14478c8e68a37b9b85c39e.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\4ea2c9b4d6f442c8ad7f6944cf28569b.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\5ef12f28a69545f1b7e2e6e47643a202.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\6d3cc5c1439042a39c693efbd938b393.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\759f0470e39d4c8dbc4549869b8ca70e.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\7ddc40692b014abea5751a6fb764c4a1.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\7dVq6qNW.odt.part moved successfully.
C:\Users\Benni\AppData\Local\Temp\8f3046431a9542e19e399c06183f468b.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\9df6672b44ce4980b56a6c01070e529d.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\9e96581986b144a99cd1710513aa769a.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\9f3c5463f54143aeb34f249da94caacb.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\AcDeltree.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\ACIS.ac$ moved successfully.
C:\Users\Benni\AppData\Local\Temp\acro_rd_dir folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\Adobe\Acrobat\10.0 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\Adobe\Acrobat folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\Adobe folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\AdobeARM.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\aecD139.xml moved successfully.
C:\Users\Benni\AppData\Local\Temp\amt3.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\b651c9604f704bf7b95c3f4dbad4ad03.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\ba982e628bd1442fa26a0070e033801e.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\c353bf589feb41da86cd77e74bb7c0df.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\Cheat Engine folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\CheatEngine62Clean.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting\880\logEFA2.tmp folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting\880\logD3FC.tmp folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting\880\logD0C0.tmp folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting\880\log550D.tmp folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting\880\log1F47.tmp folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting\880 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\CitrixLogs folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\CivilView Install.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\COMPOSITE Install.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\comtypes_cache\Dropbox-25 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\comtypes_cache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\Cookies folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner\setup\Temp folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner\setup\Summary folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner\setup\Report folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner\setup\Profile folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner\setup folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\decleaner\de-de folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\decleaner folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\DirectConnect2013Install.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\e50fc3dcffd64eabab43e1eec6088b7e.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\ESM Design_Install.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\events.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\f856d0a119cc4491afbb20743de64f1f.tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\fontconfig\cache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\fontconfig folder moved successfully.
File move failed. C:\Users\Benni\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\Benni\AppData\Local\Temp\gDEBugger-Benni.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\History\History.IE5 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\History folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\hsperfdata_Benni folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\HULFont000.ttf moved successfully.
C:\Users\Benni\AppData\Local\Temp\incredibar_installer.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\InventorRegistrationLog_20120730211208_00000029.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\InventorRegistrationLog_20120730211236_00000029.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\Inventor_Install.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\jna3941414430862403539.dll moved successfully.
C:\Users\Benni\AppData\Local\Temp\jna5825776796242891858.dll moved successfully.
C:\Users\Benni\AppData\Local\Temp\MaxDesInstall64.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\Mixamo.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\MozillaMailnews folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\MSBuild_7a2ab98d-eaac-4298-94fa-281c70bf1a2b moved successfully.
C:\Users\Benni\AppData\Local\Temp\MSI9736.LOG moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx093DFB92E82B484695C866CFE03E9EB5.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx0CAD9E6C922A4B21BBA6039EF4D7FE78.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx1611E05D926749A8899C13822D12FE89.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx1883142C2E23480D965C20F0E23D33A1.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx1978AB4D172F4E8D9598F08E38927172.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx1B9A7905B29C41DBA823957DB9DE41D7.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx229EEEC257FE49A9A93CF3F854AB5D0A.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx2321B0DB7EA94A52AC91CDFCBFE3EE47.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx23B8B01524FB4EE2BC33B1DD7668A3A9.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx23EA1F593AD843ABA7E97101EC325C8F.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx4810508EDC644879B87045173D879A82.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx5C8DC44DC09F42C9892B2C4B0A65EC52.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx6F4B02E2D7804EE2BB4B548A0A240FB4.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx8EB8BF9E513346E8882D1CAEE4C4DF00.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx9A041B1F4C314713B8BE1877456F48C7.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mx9B4FC76483554E15966468734D6E2EC2.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mxA23DE6497DFA4F76854808F38F4B944F.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mxA365635277C74A45B40E0733EACA1A73.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mxCE5E0039E59749E39DF7262FDFCC3F7E.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mxE0DF299A900440BEB820C4F2433115F8.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mxF99D09AD795F4D0490D6112EA7D77EDA.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\mxFDE422FF5CD449E4B062958DEC697A01.gdb folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\MyBabylonTB.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs118764960\118764960_TextureCache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs118764960 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs155065508\155065508_TextureCache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs155065508 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs173984060\173984060_TextureCache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs173984060 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs178526272\178526272_TextureCache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs178526272 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs180963468\180963468_TextureCache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs180963468 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs186786308\186786308_TextureCache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs186786308 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs305998256\305998256_TextureCache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs305998256 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs308127468\308127468_TextureCache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs308127468 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs308873020\308873020_TextureCache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs308873020 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs38537408\38537408_TextureCache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs38537408 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs5298356\5298356_TextureCache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\ogs5298356 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\oobelib.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\opera-20120721234348 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\patchlist.xml moved successfully.
C:\Users\Benni\AppData\Local\Temp\PDApp.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\ProductInformation.pit moved successfully.
C:\Users\Benni\AppData\Local\Temp\prof.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\qtsingleapp-combli-839e-1-lockfile moved successfully.
C:\Users\Benni\AppData\Local\Temp\qtsingleapplication-44c1-1-lockfile moved successfully.
C:\Users\Benni\AppData\Local\Temp\qtsingleapplication-5e9b-1-lockfile moved successfully.
C:\Users\Benni\AppData\Local\Temp\rasterproxies folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\RevitCustom.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\Revit_Install.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir10024 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir10046 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir10247 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir10250 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir1035 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir10459 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir11798 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir12118 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir12352 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir12372 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir12532 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir12643 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir12724 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir12775 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir12987 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir1406 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir14107 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir14202 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir14205 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir14368 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir14453 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir14770 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir15671 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir15792 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir15914 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir15965 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir16016 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir16092 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir16244 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir16326 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir16794 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir1711 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir17232 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir17404 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir17750 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir17823 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir18137 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir18441 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir18817 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir18872 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir18964 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir19093 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir19386 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir19425 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir19677 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir19809 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir20038 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir20040 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir20074 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir20532 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir20568 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir21036 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir22041 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir22115 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir22145 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir22269 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir22552 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir24078 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir24173 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir24281 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir24615 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir2489 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir25077 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir25226 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir25337 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir25356 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir25510 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir25531 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir25622 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir25641 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir26539 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir26630 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir26653 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir26846 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir26996 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir27035 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir27439 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir27497 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir27537 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir27585 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir27754 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir27763 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir28761 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir2880 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir29089 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir29114 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir29201 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir29395 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir29454 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir29527 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir29538 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir29603 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir29739 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir29759 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir29877 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir29884 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir29968 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir30927 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir311 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir314 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir31534 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir31671 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir31753 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir31889 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir31913 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir31936 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir32125 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir32235 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir32313 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir32352 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir32359 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir32473 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir32486 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir3784 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir3849 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir3966 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir405 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir417 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir4754 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir4774 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir4836 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir4885 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir5659 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir6231 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir6316 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir6357 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir6419 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir6425 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir6428 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir6498 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir6677 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir6703 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir747 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir7663 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir7745 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir8068 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir8277 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir8425 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\scoped_dir8882 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\SingleClickMax.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\SingleClickMaxRevit.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\SUPERSetup folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\swtag.log moved successfully.
C:\Users\Benni\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZU373KAR folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\Temporary Internet Files\Content.IE5\WQADR916 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\Temporary Internet Files\Content.IE5\IUJ0VGJP folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\Temporary Internet Files\Content.IE5\0JCWSM0Y folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\Temporary Internet Files folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\tks_temp_Benni.tks moved successfully.
C:\Users\Benni\AppData\Local\Temp\UCDebugger folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\UnityWebPlayer\log folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\UnityWebPlayer folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\UpdateCheckerSetup.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\V.class moved successfully.
C:\Users\Benni\AppData\Local\Temp\w1xyjqt5.rv1 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\whd1luxd.jxq folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\WPDNSE folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\_ADSK_(7724DE60).tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\_ADSK_(77252447).tmp moved successfully.
C:\Users\Benni\AppData\Local\Temp\_esri_search_temp6428 folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\{153FB2DD-A2CE-4A41-A632-23A7B045FC82} folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\{90361D72-ACD0-4E28-AE78-F29EC32700D2} folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\{C700A8C1-9E65-1582-C2A8-00C7659E8215}\dataঠ爉ঠ䶠‚燠ঠ`\Cache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\{C700A8C1-9E65-1582-C2A8-00C7659E8215}\dataঠ爉ঠ䶠‚燠ঠ` folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\{C700A8C1-9E65-1582-C2A8-00C7659E8215}\dataঊ漙ঊ䶠‚滰ঊ`\Cache folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\{C700A8C1-9E65-1582-C2A8-00C7659E8215}\dataঊ漙ঊ䶠‚滰ঊ` folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\{C700A8C1-9E65-1582-C2A8-00C7659E8215}\data folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\{C700A8C1-9E65-1582-C2A8-00C7659E8215} folder moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF1B7846327AF4ADAB.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF22D0F34655F03B4D.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF24D7A81C44E07CA7.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF26EDA9788377B736.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF2B06AF5DA6747410.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF2EA1784EC22EE81D.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF316872F330C6159F.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF31B3C87F9000F6F1.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF33A06FAB7D50CFF9.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF3A4E27C9B2CA67BC.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF3CC2273931B39D81.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF3FC2B76380BD7B36.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF492B0C3ED21EF3A5.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF4DAD777D88B77365.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF51A1709E8F19834D.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF5A750632C962D371.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF763AC482CC5E5157.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF7AE1EF402E850EC2.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF7B8DD05B705FA099.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF9234BBFF32CE7CB1.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF93F3EF5A2C3C1225.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DF9B5F2B6A37400FE3.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFA58C96D5A8ABD070.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFA5F2A4971F38A1AC.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFA6352D9CF946A7E9.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFA989702261A77B39.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFBBEA2B02CF8E3CAA.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFBD221CFE82114471.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFC83EAA0D1B66BCAA.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFCFC92F82EB0BE2F5.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFDB7AFEF721B6A758.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFDFE5BAA9BEBA602E.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFEE240C73B4682BD6.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFEF4D2AD5DB5ADA20.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFFA45570FCAC02F5B.TMP moved successfully.
C:\Users\Benni\AppData\Local\Temp\~DFFBEFA693DDB049D0.TMP moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Benni\Desktop\cmd.bat deleted successfully.
C:\Users\Benni\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 281453 bytes
->Temporary Internet Files folder emptied: 432812 bytes
->Flash cache emptied: 57067 bytes
 
User: All Users
 
User: Benni
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5173190 bytes
->Java cache emptied: 5326492 bytes
->FireFox cache emptied: 54892080 bytes
->Opera cache emptied: 188 bytes
->Flash cache emptied: 58398 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35845160 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 17479765695 bytes
 
Total Files Cleaned = 16.768,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Benni
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 07312012_170039
         
__________________

Alt 31.07.2012, 11:57   #4
t'john
/// Helfer-Team
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



Ja starte im normal Modus!

Sehr gut!



1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 16:15   #5
Killy80
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



Malwarebytes hat nichts mehr gefunden.

Hier das Log von AdwCleaner:

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/31/2012 at 17:14:11
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Benni - BENNI-ITX
# Running from : C:\Users\Benni\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\DT Soft
[x64] Key Found : HKCU\Software\StartSearch

***** [Registre - GUID] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\tdiz7m1v.default\prefs.js

[OK] File is clean.

-\\ Opera v12.0.1467.0

File : C:\Users\Benni\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1259 octets] - [31/07/2012 17:14:11]

########## EOF - C:\AdwCleaner[R1].txt - [1387 octets] ##########
         


Alt 31.07.2012, 16:44   #6
t'john
/// Helfer-Team
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?

Alt 31.07.2012, 20:18   #7
Killy80
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



Danke erstmal soweit.

Hier das Log von Emsisoft. Dazu muss ich leider sagen, dass ich bei ca 50% von Festplatte D abgebrochen habe, da das Ganze ewig gedauert hat.

Ausser den Dateien im _OTL Ordner sind die Anderen höchstwahrscheinlich False Positives. Das ist z.B. bei den Dateien im PCL Ordner schon länger bekannt. TemplateTestApp.exe ist sogar ein selbstgeschriebenes Programm.

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 31.07.2012 17:57:56

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	31.07.2012 17:58:27

C:\_OTL\MovedFiles\07312012_170039\C_Users\Bengt\AppData\Local\Temp\CheatEngine62Clean.exe 	gefunden: Trojan.Win32.CheatEngine.AMN!E1
C:\_OTL\MovedFiles\07312012_170039\C_Users\Bengt\AppData\Local\Temp\MyBabylonTB.exe 	gefunden: Riskware.Win32.Toolbar.Babylon.AMN!E1
C:\Users\Bengt\Documents\Visual Studio 2010\Projects\TemplateTestApp\Release\TemplateTestApp.exe 	gefunden: Trojan.Win32.Swrort!E2
C:\Users\Bengt\Desktop\Clustering\opencv\build\bin\Debug\opencv_test_gpud.exe 	gefunden: HackTool.Win32.Agent!E2
C:\Program Files (x86)\PCL\bin\convert_pcd_ascii_binary-gd.exe 	gefunden: HackTool.Win32.Agent!E2
C:\Program Files (x86)\PCL\bin\pcd_convert_NaN_nan.exe.vir 	gefunden: Backdoor.Win32.Poison!E2
C:\Program Files (x86)\PCL\bin\pcd_convert_NaN_nan-gd.exe 	gefunden: HackTool.Win32.Agent!E2
C:\Program Files (x86)\PCL\bin\pcd_viewer-gd.exe 	gefunden: Backdoor.Win32.Poison!E2
C:\Program Files (x86)\PCL\bin\pcl_features-gd.dll 	gefunden: Backdoor.Win32.Poison!E2
C:\Program Files (x86)\OpenFlipper\Debug\Plugins\Plugin-FileOVM.dll 	gefunden: Backdoor.Win32.Poison!E2
C:\Program Files (x86)\OpenFlipper\Debug\Plugins\Plugin-FileSKL.dll 	gefunden: Backdoor.Win32.Poison!E2
C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe 	gefunden: Trojan.Win32.CheatEngine.AMN!E1
C:\Program Files (x86)\AutoIt3\SciTE\AutoItMacroGenerator\TheHook.dll 	gefunden: Riskware.Monitor.Win32.Hooker.s!E1
C:\Program Files\Red Gate\ANTS Memory Profiler 7\Tutorials\VB\MandelbrotVB\MandelbrotVB.exe 	gefunden: Worm.Win32.Dorkbot!E2

Gescannt	1181027
Gefunden	14

Scan Ende:	31.07.2012 21:14:33
Scan Zeit:	3:16:06
         

Alt 31.07.2012, 22:23   #8
t'john
/// Helfer-Team
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



Log vom adwCelaner? http://www.trojaner-board.de/120831-...tml#post879602
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 22:32   #9
Killy80
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



Zitat:
Zitat von t'john Beitrag anzeigen


EDIT: Sorry, hatte das Delete Log mit dem ersten Log verwechselt.

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/31/2012 at 17:46:11
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Benni - BENNI-ITX
# Running from : C:\Users\Benni\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\DT Soft

***** [Registre - GUID] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\tdiz7m1v.default\prefs.js

[OK] File is clean.

-\\ Opera v12.0.1467.0

File : C:\Users\Benni\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1382 octets] - [31/07/2012 17:14:11]
AdwCleaner[S1].txt - [1163 octets] - [31/07/2012 17:46:11]

########## EOF - C:\AdwCleaner[S1].txt - [1291 octets] ##########
         

Alt 31.07.2012, 22:51   #10
t'john
/// Helfer-Team
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.08.2012, 03:13   #11
Killy80
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



ESET Log (alle Laufwerke voll gescannt):

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ff1d34abef7c9f4c919e81fed1ee0f41
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-01 02:12:29
# local_time=2012-08-01 04:12:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 12641783 95402065 0 0
# compatibility_mode=8192 67108863 100 0 151 151 0 0
# scanned=1061693
# found=1
# cleaned=1
# scan_time=14933
C:\_OTL\MovedFiles\07312012_170039\C_Users\Benni\AppData\Local\Temp\MyBabylonTB.exe	Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         

Alt 01.08.2012, 14:32   #12
t'john
/// Helfer-Team
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.08.2012, 14:59   #13
Killy80
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



Hab ich gemacht, wie gehts weiter? Und wie krieg ich den Taskmanager und den Desktop wieder?

Aber danke erstmal!


Alt 01.08.2012, 15:07   #14
t'john
/// Helfer-Team
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



Was ist mit dem Desktop?

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.08.2012, 15:46   #15
Killy80
 
deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Standard

deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?



Ich hab keine Symbole auf dem Desktop und der Task-Manager sagt, er sei durch einen Admin gesperrt (habe die Gruppenrichtlinien hierzu gecheckt, da scheint alles ok).

EDIT: Sehe gerade, der Task-Manager geht wieder. Weiß jetzt nicht welcher Schritt geholfen hat, aber es geht
Immernoch keine Desktopsymbole.

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 01.08.2012 16:17:13 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Benni\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 75,03% Memory free
15,97 Gb Paging File | 13,68 Gb Available in Paging File | 85,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 57,89 Gb Free Space | 29,65% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 383,51 Gb Free Space | 52,09% Space Free | Partition Type: NTFS
Drive F: | 4,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BENNI-ITX | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.01 16:14:01 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
PRC - [2012.07.03 05:09:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Benni\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.26 19:16:36 | 000,385,376 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012.04.24 20:28:29 | 001,044,816 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012.02.24 23:46:53 | 000,374,272 | ---- | M] (C Tech Development Corporation) -- C:\Program Files (x86)\Common Files\C Tech\CTech.License.Service.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.15 00:19:54 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe
PRC - [2011.08.22 18:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.08.22 18:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011.08.22 17:34:52 | 011,837,440 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2011.08.22 16:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.04.23 16:20:36 | 001,670,144 | ---- | M] (ESRI) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
PRC - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
PRC - [2008.11.06 00:59:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 19:34:41 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012.06.14 08:36:05 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 08:35:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:35:46 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.09 18:54:49 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.05.09 17:05:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.09 17:05:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.09 17:05:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.09 17:05:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.09 17:05:07 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.09 17:05:02 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
MOD - [2011.02.07 06:14:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll
MOD - [2011.02.07 06:14:18 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
MOD - [2011.02.07 06:14:16 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll
MOD - [2011.02.07 06:14:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.31 16:56:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.07.03 05:09:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.19 14:36:32 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.26 19:16:36 | 000,385,376 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012.04.26 19:15:56 | 000,401,760 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012.04.24 20:28:29 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.02.24 23:46:53 | 000,374,272 | ---- | M] (C Tech Development Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\C Tech\CTech.License.Service.exe -- (CTech.License.Service.exe)
SRV - [2012.01.24 11:25:20 | 000,078,336 | ---- | M] (Dassault Systèmes) [On_Demand | Stopped] -- C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.23 15:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011.11.10 22:52:01 | 000,145,408 | ---- | M] (Red Gate Software Ltd.) [On_Demand | Stopped] -- C:\Programme\Red Gate\ANTS Performance Profiler 6\RedGate.Profiler.IISService.exe -- (ANTS Performance Profiler 6 Service)
SRV - [2011.11.10 22:51:58 | 000,174,008 | ---- | M] (Red Gate Software Ltd.) [On_Demand | Stopped] -- C:\Programme\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe -- (ANTS Memory Profiler 7 Service)
SRV - [2011.09.15 00:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe -- (mi-raysat_3dsmax2013_32)
SRV - [2011.08.22 18:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.08.22 18:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.08.22 17:34:52 | 011,837,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2011.08.22 16:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.08.22 00:11:28 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.08.07 14:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.06 00:59:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe -- (ArcGIS License Manager)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.12.02 21:59:44 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.08.22 18:07:58 | 000,062,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.08.22 18:06:14 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.08.22 16:12:26 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.08.22 16:12:26 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.08.22 00:11:26 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.08.08 15:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.07.04 20:35:59 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.13 13:58:00 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.12.21 17:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2009.12.21 17:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.20 04:27:34 | 000,027,136 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.04.28 12:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64)
DRV:64bit: - [2007.12.03 04:20:54 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2007.04.27 07:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2007.04.27 07:40:00 | 000,056,872 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV - [2012.08.01 15:43:12 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.04.26 19:16:30 | 000,075,104 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2011.11.23 15:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2011.07.05 23:49:20 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011.07.01 01:23:33 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010.09.22 16:31:34 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002.07.17 03:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 4F ED 94 75 37 CC 01  [binary data]
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: ", stealthy.co"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 16:56:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.23 03:21:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.10.01 21:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions
[2011.10.01 21:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012.07.30 18:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\tdiz7m1v.default\extensions
[2012.01.24 19:49:16 | 000,000,000 | ---D | M] (HNG downloader/starter (live)) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\tdiz7m1v.default\extensions\npretoxlive@live.heroesandgenerals.com
[2012.05.21 23:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.30 18:56:54 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\BENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDIZ7M1V.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.07.31 16:56:44 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
 
O1 HOSTS File: ([2012.07.04 05:17:53 | 000,002,077 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 *****
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 *****
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 *****
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 *****
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 *****
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 *****
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 127.0.0.1 ***** 
O1 - Hosts: 15 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Programme\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [Steam] D:\Spiele\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Benni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird - Verknüpfung.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
O7 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://www.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{907F05D5-4F56-4E56-B226-B36102B34431}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F72A69-FFB5-455F-BDE6-D17CADF887C8}: DhcpNameServer = 130.149.7.7 193.174.75.142
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.02.22 20:35:36 | 000,000,043 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: BlueStacks Agent - hkey= - key= - C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
MsConfig:64bit - StartUpReg: BlueStacks App Player - hkey= - key= - C:\Program Files (x86)\BlueStacks\HD-FrontEnd.exe (BlueStack Systems, Inc.)
MsConfig:64bit - StartUpReg: hlRuESAqYEn6vel - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ISUSPM Startup - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: KeePass 2 PreLoad - hkey= - key= - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: vmware-tray - hkey= - key= - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {1764AB49-1BBF-A8B3-EF99-A2BF1655B4E4} - Internet Explorer
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {3C637055-BA38-8D2E-E298-02909B416CFF} - Browser Customizations
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B18C9A71-2ACE-08F5-8A9C-DED18EC07167} - Themes Setup
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0EA7D21E-5B80-2898-982D-7C56939508C3} - Browser Customizations
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {62844525-1D83-4F2E-8FB4-F90A85A4451E} - Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9DEF786C-0309-5127-F12A-275952191F98} - Browser Customizations
ActiveX: {BB6B3481-B35C-C1D8-A6E6-82A744E3C2AD} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EBB70E44-DF18-AE49-8EB9-E6EDA34C46C2} - Java (Sun)
ActiveX: {F20A945C-5C10-21D9-A1F3-F63E15F54DC9} - .NET Framework
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {T9yd0xvX-wKoC-Odsf-7vSX-pYWA9BY4CApc} - 
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.01 15:39:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.01 15:38:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.08.01 00:00:53 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Benni\Desktop\esetsmartinstaller_enu.exe
[2012.07.31 17:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.07.31 17:55:58 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Anti-Malware
[2012.07.31 17:00:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.31 14:20:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.07.31 09:16:27 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2012.07.31 09:13:39 | 000,000,000 | ---D | C] -- C:\logs
[2012.07.30 21:19:02 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Roaming
[2012.07.30 21:12:36 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Inventor Server x64 3dsMaxDesign
[2012.07.30 21:12:11 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Inventor Server x64 Direct Connect
[2012.07.30 21:04:16 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\3dsMaxDesign
[2012.07.30 21:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2012.07.30 21:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012.07.25 15:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2012.07.25 04:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.07.25 04:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.07.25 04:33:08 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Malwarebytes
[2012.07.25 04:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.25 04:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.25 04:32:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.25 04:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.24 01:25:03 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\inkscape
[2012.07.24 01:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[2012.07.16 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\LucasArts
[2012.07.15 21:53:53 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\SimCity 4
[2012.07.09 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\FLiNGTrainer
[2012.07.09 02:38:56 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\My Cheat Tables
[2012.07.09 02:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2012.07.09 02:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2012.07.08 20:53:12 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Endless Space
[2012.07.08 18:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iceberg Interactive
[2012.07.07 02:49:56 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\client_update1
[2012.07.06 02:42:29 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\DT-Template-R8
[2012.07.02 16:52:05 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\DA_SA-Tex-Vorlage-2010-05-12
[2012.07.02 16:28:35 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\diplomarbeit-vorlage-latex
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.01 16:14:01 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2012.08.01 15:51:12 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 15:51:12 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 15:42:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.01 15:42:36 | 2134,396,927 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.01 04:14:02 | 001,627,538 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.01 04:14:02 | 000,701,470 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.01 04:14:02 | 000,656,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.01 04:14:02 | 000,150,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.01 04:14:02 | 000,123,146 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.01 00:00:54 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Benni\Desktop\esetsmartinstaller_enu.exe
[2012.07.31 21:58:01 | 000,002,934 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.07.31 12:41:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.07.31 09:27:40 | 000,002,026 | ---- | M] () -- C:\Users\Benni\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.07.31 09:27:40 | 000,001,955 | ---- | M] () -- C:\Users\Benni\Desktop\Avira DE-Cleaner.lnk
[2012.07.28 02:00:02 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Quark Updater.job
[2012.07.28 01:05:22 | 000,003,048 | ---- | M] () -- C:\Users\Benni\.recently-used.xbel
[2012.07.27 05:19:36 | 000,007,606 | ---- | M] () -- C:\Users\Benni\AppData\Local\Resmon.ResmonCfg
[2012.07.27 00:43:14 | 000,847,210 | ---- | M] () -- C:\Users\Benni\Desktop\ma002.pdf
[2012.07.27 00:31:20 | 000,118,763 | ---- | M] () -- C:\Users\Benni\Desktop\surface-curvature.pdf
[2012.07.26 23:54:14 | 000,108,078 | ---- | M] () -- C:\Users\Benni\Desktop\curvature.pdf
[2012.07.25 15:26:42 | 000,001,602 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2012.07.21 23:46:04 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.21 23:46:04 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.12 22:48:01 | 000,000,382 | ---- | M] () -- C:\Users\Benni\Documents\ChatLog Meet Now 2012_07_12 22_48.rtf
[2012.07.12 16:00:54 | 005,051,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.08 15:56:48 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.07.06 02:42:16 | 000,105,897 | ---- | M] () -- C:\Users\Benni\Desktop\DT-Template-R8.zip
[2012.07.04 23:44:18 | 000,002,199 | ---- | M] () -- C:\Users\Benni\.kdiff3rc
[2012.07.04 16:41:23 | 003,207,754 | ---- | M] () -- C:\Users\Benni\Desktop\Diplomarbeit.pdf
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 05:09:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.07.03 05:04:52 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.07.02 16:51:59 | 004,162,409 | ---- | M] () -- C:\Users\Benni\Desktop\DA_SA-Tex-Vorlage-2010-05-12.zip
[2012.07.02 16:42:46 | 000,001,543 | ---- | M] () -- C:\Users\Benni\Desktop\diploma.tex
 
========== Files Created - No Company Name ==========
 
[2012.07.31 12:41:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.07.31 09:27:40 | 000,002,026 | ---- | C] () -- C:\Users\Benni\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.07.31 09:27:40 | 000,001,955 | ---- | C] () -- C:\Users\Benni\Desktop\Avira DE-Cleaner.lnk
[2012.07.28 01:05:22 | 000,003,048 | ---- | C] () -- C:\Users\Benni\.recently-used.xbel
[2012.07.27 00:43:14 | 000,847,210 | ---- | C] () -- C:\Users\Benni\Desktop\ma002.pdf
[2012.07.27 00:31:20 | 000,118,763 | ---- | C] () -- C:\Users\Benni\Desktop\surface-curvature.pdf
[2012.07.26 23:54:14 | 000,108,078 | ---- | C] () -- C:\Users\Benni\Desktop\curvature.pdf
[2012.07.25 15:26:42 | 000,001,602 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2012.07.24 01:24:36 | 000,001,055 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2012.07.12 22:48:01 | 000,000,382 | ---- | C] () -- C:\Users\Benni\Documents\ChatLog Meet Now 2012_07_12 22_48.rtf
[2012.07.06 02:42:15 | 000,105,897 | ---- | C] () -- C:\Users\Benni\Desktop\DT-Template-R8.zip
[2012.07.04 16:41:16 | 003,207,754 | ---- | C] () -- C:\Users\Benni\Desktop\Diplomarbeit.pdf
[2012.07.03 05:05:50 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.07.02 16:51:56 | 004,162,409 | ---- | C] () -- C:\Users\Benni\Desktop\DA_SA-Tex-Vorlage-2010-05-12.zip
[2012.07.02 16:43:07 | 000,001,543 | ---- | C] () -- C:\Users\Benni\Desktop\diploma.tex
[2012.05.20 17:24:04 | 003,145,746 | ---- | C] () -- C:\Users\Benni\Depth.tga
[2012.05.14 03:40:06 | 002,275,328 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2012.05.14 03:40:06 | 001,719,808 | ---- | C] () -- C:\Windows\SysWow64\sfml-graphics-d-2.dll
[2012.05.14 03:40:06 | 001,111,040 | ---- | C] () -- C:\Windows\SysWow64\sfml-graphics-2.dll
[2012.05.14 03:40:06 | 000,294,400 | ---- | C] () -- C:\Windows\SysWow64\sfml-network-d-2.dll
[2012.05.14 03:40:06 | 000,186,368 | ---- | C] () -- C:\Windows\SysWow64\sfml-audio-d-2.dll
[2012.05.14 03:40:06 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\sfml-window-d-2.dll
[2012.05.14 03:40:06 | 000,126,464 | ---- | C] () -- C:\Windows\SysWow64\sfml-system-d-2.dll
[2012.05.14 03:40:06 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\sfml-network-2.dll
[2012.05.14 03:40:06 | 000,050,176 | ---- | C] () -- C:\Windows\SysWow64\sfml-window-2.dll
[2012.05.14 03:40:06 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\sfml-audio-2.dll
[2012.05.14 03:40:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\sfml-system-2.dll
[2012.03.29 19:25:09 | 000,000,748 | ---- | C] () -- C:\Users\Benni\.OpenFlipperOpenFlipper.ini
[2012.03.20 20:56:06 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll
[2012.03.18 00:56:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.19 08:12:28 | 000,000,352 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\Network Meter_Settings.ini
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.17 16:50:21 | 000,000,288 | ---- | C] () -- C:\Users\Benni\SciTE.session
[2011.12.17 16:49:57 | 000,015,239 | ---- | C] () -- C:\Users\Benni\abbrev.properties
[2011.12.08 03:02:58 | 000,000,045 | ---- | C] () -- C:\Users\Benni\.gitconfig
[2011.10.17 05:45:29 | 000,034,225 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\gd.db
[2011.10.17 05:45:29 | 000,000,283 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\groovedown.settings
[2011.09.30 00:36:09 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.30 00:36:04 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.16 17:16:05 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.07.29 02:17:51 | 000,060,304 | ---- | C] () -- C:\Users\Benni\g2mdlhlpx.exe
[2011.07.27 00:09:00 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\glew32.dll
[2011.07.22 18:08:40 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.07.14 18:20:05 | 000,011,386 | ---- | C] () -- C:\Users\Benni\gsview32.ini
[2011.07.05 22:36:55 | 000,007,606 | ---- | C] () -- C:\Users\Benni\AppData\Local\Resmon.ResmonCfg
[2011.07.05 02:22:02 | 000,002,199 | ---- | C] () -- C:\Users\Benni\.kdiff3rc
[2011.07.05 01:08:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.04 22:45:50 | 000,000,698 | ---- | C] () -- C:\Users\Benni\Mercurial-kiln.ini
[2011.07.04 22:45:50 | 000,000,170 | ---- | C] () -- C:\Users\Benni\mercurial.ini
[2011.07.04 21:02:15 | 000,002,934 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.07.02 04:01:33 | 000,000,412 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\All CPU Meter_Settings.ini
[2011.07.01 22:25:10 | 001,649,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.01 00:48:26 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.07.01 00:28:56 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.07.01 00:24:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.12.06 15:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
 
========== LOP Check ==========
 
[2012.07.30 21:19:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Roaming
[2012.05.22 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Subversion
[2012.03.31 21:16:33 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\.minecraft
[2011.08.17 19:23:26 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\.purple
[2011.08.27 14:18:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\abgx360
[2012.04.25 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ACD Systems
[2012.04.28 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Aquafadas
[2011.12.17 16:44:36 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\asoftech
[2011.10.11 21:26:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Atari
[2012.07.30 21:17:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Autodesk
[2011.08.12 22:38:38 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Blender Foundation
[2012.01.18 00:59:50 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\BugAid Software
[2012.07.11 22:40:22 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\C Tech
[2011.08.06 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Chime
[2011.08.08 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Coccinella
[2012.04.26 15:41:36 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.12.13 23:30:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\CorsixTH
[2012.07.08 18:09:43 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DAEMON Tools Lite
[2012.03.08 20:57:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Doublefine
[2012.04.23 17:51:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DraftSight
[2012.08.01 15:43:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Dropbox
[2012.01.17 23:17:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ESRI
[2012.04.17 17:23:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\FileZilla
[2011.07.02 14:56:11 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Firefly Studios
[2012.06.25 00:58:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\fltk.org
[2011.07.07 02:45:03 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Fog Creek Software
[2011.11.02 20:23:20 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\FreeCAD
[2012.05.21 02:56:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\gDEBugger
[2012.04.01 05:35:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Groovedown
[2012.04.25 04:45:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\gtk-2.0
[2011.07.19 16:31:25 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ImgBurn
[2012.07.24 01:25:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\inkscape
[2012.06.28 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Inlage
[2011.07.04 21:04:39 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\JetBrains
[2012.07.30 21:20:50 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\KeePass
[2011.10.17 05:45:29 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\lang
[2011.10.11 21:26:16 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Leadertech
[2012.04.20 17:59:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LockHunter
[2012.07.16 18:28:37 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LucasArts
[2012.07.02 00:49:44 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LyX2.0
[2012.05.13 03:06:59 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MediaMonkey
[2011.10.15 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Might & Magic Heroes VI
[2011.08.16 17:16:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MinMaxGames
[2012.06.11 05:20:56 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Mp3tag
[2012.07.28 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Nokia
[2012.07.11 02:05:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Notepad++
[2011.07.18 20:40:33 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\OpenOffice.org
[2011.07.01 01:19:59 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Opera
[2011.12.13 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Origin
[2011.10.10 19:21:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Panda Security
[2012.03.13 06:52:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ParaView
[2011.10.01 21:50:52 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Prism
[2012.04.28 23:23:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Quark
[2012.07.30 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Roaming
[2012.02.21 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\RotMG.Production
[2012.03.23 17:00:27 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Rovio
[2011.08.12 05:52:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Runiter
[2011.08.09 02:21:54 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Spark
[2011.07.01 00:35:23 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Splashtop
[2011.07.02 03:26:47 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Subversion
[2011.07.14 00:27:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Telerik
[2011.07.01 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Thunderbird
[2011.07.04 20:42:58 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TrueCrypt
[2012.02.13 22:31:31 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TS3Client
[2012.01.10 19:16:18 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ts3overlay
[2011.08.04 15:44:01 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Unity
[2012.07.30 17:54:20 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\VisualAssist
[2012.03.27 04:47:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Waveform
[2012.07.02 00:58:05 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\WinShell
[2012.06.15 20:33:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Wireshark
[2012.07.02 02:02:23 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\xm1
[2011.12.17 18:20:09 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\AutoMe_SWTOR.job
[2012.07.28 02:00:02 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\Quark Updater.job
[2012.05.30 17:51:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.31 21:16:33 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\.minecraft
[2011.08.17 19:23:26 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\.purple
[2011.08.27 14:18:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\abgx360
[2012.04.25 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ACD Systems
[2012.04.26 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Adobe
[2011.07.11 02:17:27 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Apple Computer
[2012.04.28 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Aquafadas
[2011.12.17 16:44:36 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\asoftech
[2011.10.11 21:26:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Atari
[2012.03.18 01:20:31 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ATI
[2012.07.30 21:17:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Autodesk
[2011.08.12 22:38:38 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Blender Foundation
[2012.01.18 00:59:50 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\BugAid Software
[2012.07.11 22:40:22 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\C Tech
[2011.08.06 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Chime
[2011.08.08 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Coccinella
[2012.04.26 15:41:36 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.12.13 23:30:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\CorsixTH
[2012.07.08 18:09:43 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DAEMON Tools Lite
[2012.03.08 20:57:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Doublefine
[2012.04.23 17:51:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DraftSight
[2012.08.01 15:43:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Dropbox
[2012.01.17 23:17:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ESRI
[2012.04.17 17:23:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\FileZilla
[2011.07.02 14:56:11 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Firefly Studios
[2012.06.25 00:58:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\fltk.org
[2011.07.07 02:45:03 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Fog Creek Software
[2011.11.02 20:23:20 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\FreeCAD
[2012.05.21 02:56:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\gDEBugger
[2011.11.02 20:51:44 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Google
[2012.04.01 05:35:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Groovedown
[2012.04.25 04:45:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\gtk-2.0
[2011.07.01 00:24:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Identities
[2011.07.19 16:31:25 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ImgBurn
[2012.07.24 01:25:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\inkscape
[2012.06.28 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Inlage
[2011.07.01 00:27:38 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\InstallShield
[2011.07.01 00:48:36 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Intel Corporation
[2011.07.04 21:04:39 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\JetBrains
[2012.07.30 21:20:50 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\KeePass
[2011.10.17 05:45:29 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\lang
[2011.10.11 21:26:16 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Leadertech
[2012.04.20 17:59:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LockHunter
[2012.07.16 18:28:37 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LucasArts
[2012.07.02 00:49:44 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LyX2.0
[2011.07.01 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Macromedia
[2012.07.25 04:33:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Malwarebytes
[2011.08.12 21:03:29 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MathWorks
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Media Center Programs
[2012.05.13 03:06:59 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MediaMonkey
[2012.02.29 14:57:08 | 000,000,000 | --SD | M] -- C:\Users\Benni\AppData\Roaming\Microsoft
[2011.07.04 21:14:52 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Microsoft FxCop
[2011.10.15 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Might & Magic Heroes VI
[2012.07.02 00:44:23 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MiKTeX
[2011.08.16 17:16:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MinMaxGames
[2011.07.05 01:08:26 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Mozilla
[2012.06.11 05:20:56 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Mp3tag
[2012.07.28 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Nokia
[2012.07.11 02:05:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Notepad++
[2011.07.18 20:40:33 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\OpenOffice.org
[2011.07.01 01:19:59 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Opera
[2011.12.13 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Origin
[2011.10.10 19:21:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Panda Security
[2012.03.13 06:52:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ParaView
[2011.10.01 21:50:52 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Prism
[2012.04.28 23:23:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Quark
[2012.07.30 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Roaming
[2012.02.21 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\RotMG.Production
[2012.03.23 17:00:27 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Rovio
[2011.08.12 05:52:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Runiter
[2011.07.07 18:16:57 | 000,000,000 | RH-D | M] -- C:\Users\Benni\AppData\Roaming\SecuROM
[2012.08.01 00:03:01 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Skype
[2011.08.09 02:21:54 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Spark
[2011.07.01 00:35:23 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Splashtop
[2011.07.02 03:26:47 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Subversion
[2011.10.17 05:46:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Sun
[2012.02.19 17:30:52 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\SUPERAntiSpyware.com
[2011.07.14 00:27:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Telerik
[2011.07.01 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Thunderbird
[2012.08.01 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TortoiseHg
[2011.11.08 18:56:35 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TortoiseSVN
[2011.07.04 20:42:58 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TrueCrypt
[2012.02.13 22:31:31 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TS3Client
[2012.01.10 19:16:18 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ts3overlay
[2011.08.04 15:44:01 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Unity
[2012.07.30 17:54:20 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\VisualAssist
[2011.12.12 06:50:19 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\vlc
[2011.12.21 00:21:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\VMware
[2012.03.27 04:47:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Waveform
[2011.07.04 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\WinRAR
[2012.07.02 00:58:05 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\WinShell
[2012.06.15 20:33:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Wireshark
[2012.07.02 02:02:23 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\xm1
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Benni\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Benni\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Benni\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.02.15 04:21:37 | 000,903,168 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Groovedown\GrooveDown_Start.exe
[2011.10.07 00:28:38 | 000,119,808 | R--- | M] () -- C:\Users\Benni\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.01.27 00:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2011a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 152 bytes -> C:\Program Files (x86)\Common Files\C Tech:{42005500-5100-7200-6F00-650056007100}

< End of report >
         

Geändert von Killy80 (01.08.2012 um 16:23 Uhr)

Antwort

Themen zu deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?
7-zip, adobe, battle.net, bluestacks, cftmon.lnk, cleaner pro, deo0_sar.exe, desktop, document, exploit.drop.cod, format, go_0molg.pad, grand theft auto, gvu trojaner, gvu trojaner 2.07, gvu trojaner entfernen, gvu trojaner mit webcam, hotspot, hotspot shield, install.exe, jdownloader, langs, monitor.exe, monkey island, mozilla, neu aufsetzen, nexus, origin, performance, programme, ransom trojaner, registry, reveton.c, scan, senden, sketchup, software, spark, tan, taskmanager, usb, usb 3.0, visual studio, webcam gvu trojaner, webcamfenster, win64, win7 64, windows



Ähnliche Themen: deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?


  1. BetterSurf Addware nur halb entfernt
    Plagegeister aller Art und deren Bekämpfung - 22.02.2014 (35)
  2. File Restore Trojaner - ist er sicher entfernt?
    Log-Analyse und Auswertung - 16.11.2012 (2)
  3. deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? II
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (2)
  4. GVU-Trojaner WEbcam /Trojan.Ransom.Gen sicher und endgültig entfernen?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (18)
  5. Deo0_sar.exe manuell entfernt RUNDLL Start Fehler
    Log-Analyse und Auswertung - 09.08.2012 (9)
  6. war mit Verschlüsselungs-Trojaner infiziert - sicher entfernt?
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (3)
  7. Trojaner Security Shield sicher vom System entfernt?
    Log-Analyse und Auswertung - 06.04.2012 (12)
  8. Trojaner sperte meinen PC aus sicherheitsgründen Neuinstallation ..ist er jetzt sicher ?
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (15)
  9. Trojaner sicher entfernt? oder recovery cd starten?
    Alles rund um Windows - 10.03.2012 (2)
  10. Trojan:Win32/Bublik.b vom MSEssentials entfernt. Ist das System jetzt sicher?
    Log-Analyse und Auswertung - 17.02.2012 (4)
  11. Gema Trojaner halb entfernt problem...
    Log-Analyse und Auswertung - 11.01.2012 (4)
  12. Systemwiederherstellung nach BKA Trojaner -- Was jetzt tun um sicher zu gehen ?
    Plagegeister aller Art und deren Bekämpfung - 09.11.2011 (1)
  13. Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängt
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (6)
  14. TR/Crypt/XPACK.Gen2 entfernt nach load.exe-Anleitung. - Jetzt sicher?
    Plagegeister aller Art und deren Bekämpfung - 06.10.2010 (14)
  15. AV Security Suite entfernt - PC jetzt sicher?
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (10)
  16. virtumonde.dll und mehrere Trojaner - Pc jetzt sicher?
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (13)
  17. Trojaner sicher entfernt? - HJT-Logfile
    Log-Analyse und Auswertung - 04.04.2008 (3)

Zum Thema deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? - Hallo! Ich hatte heute einen Ransom-Trojaner, der mich weder an den Taskmanager lies, noch in die Eingabeaufforderung. Ich hab dann OTLPE herausgefunden, welche Datei dafür verantwortlich ist und diese gelöscht. - deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?...
Archiv
Du betrachtest: deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.