Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win7 nach Login nur weißer Bildschirm - bisher keine Viren auf dem PC gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.08.2012, 19:01   #1
dervali
 
Win7 nach Login nur weißer Bildschirm - bisher keine Viren auf dem PC gefunden - Standard

Win7 nach Login nur weißer Bildschirm - bisher keine Viren auf dem PC gefunden



Hallo Leute,

ich benötige eure Hilfe, da alles bisher gelesene mir nicht weiter geholfen hat.
Vor 3 Tagen hatte ich das erste mal nach dem (Auto)Login nur einen weißen Screen und den Mauszeiger. Ich konnte nichts machen. Nach einem Neustart des Rechners ging wieder alles.

Vorgestern das selbe, allerdings halfen unzählige Neustarts nicht.
Erst eine Systemwiederherstellung brachte mich wieder auf den Desktop.

Gestern dann das selbe Spiel. Allerdings half nun auch nicht die Systemwiederherstellung.

Was habe ich bisher gemacht?

- Kaspersky Live CD - hat keine Viren gefunden
Registry und msconfig nach "bösen" Autostart Einträgen durchsucht - nichts gefunden

- Malwarebytes Anti-Malware nach Anleitung hier Iim Forum installiert und laufen lassen - hat auf dem betroffenen Datenträger nichts gefunden

- im abgesicherten Modus einen 2. Benutzer erstellt - beim Versuch mich mit diesem anzumelden, sehe ich "Stundenlang" den Willkommen Bildschirm

- Übrigens: Auf der selben Festplatte befindet sich noch eine WIndows 8 Installation, die problemlos läuft.

- OTL nach Anleitung hier im Forum durchgeführt, folgend die 2 Dateien:

Code:
ATTFilter
OTL logfile created on: 03.08.2012 16:29:43 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Vali\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,26 Gb Available Physical Memory | 78,30% Memory free
10,00 Gb Paging File | 8,45 Gb Available in Paging File | 84,54% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96,49 Gb Total Space | 31,37 Gb Free Space | 32,52% Space Free | Partition Type: NTFS
Drive D: | 34,18 Gb Total Space | 7,11 Gb Free Space | 20,80% Space Free | Partition Type: NTFS
Drive E: | 198,70 Gb Total Space | 13,66 Gb Free Space | 6,88% Space Free | Partition Type: NTFS
Drive G: | 22,75 Gb Total Space | 2,09 Gb Free Space | 9,19% Space Free | Partition Type: NTFS
Drive I: | 7,44 Gb Total Space | 7,16 Gb Free Space | 96,20% Space Free | Partition Type: FAT32
 
Computer Name: DESKTOP | User Name: Vali | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.03 16:04:10 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Vali\Desktop\OTL.exe
PRC - [2012.07.27 23:57:20 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Firefox\firefox.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Anti-Malware\mbam.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.27 23:57:20 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Firefox\mozjs.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.27 23:57:20 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.09 19:25:58 | 000,075,064 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.06 18:42:57 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.03.22 01:43:18 | 000,385,376 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012.03.22 01:42:32 | 000,401,760 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012.02.19 10:12:07 | 003,246,040 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012.01.12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012.01.12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.12 22:35:08 | 000,751,464 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011.09.19 17:59:40 | 000,278,336 | ---- | M] (NVIDIA) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2011.02.01 22:53:54 | 001,112,736 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.04.05 12:55:01 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.26 17:24:26 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 18:06:49 | 000,025,216 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\droidcam.sys -- (DroidCam)
DRV:64bit: - [2012.02.19 10:12:07 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2012.02.19 10:12:07 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012.02.19 10:12:06 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012.02.19 10:12:04 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.02.16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.02.16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011.12.19 14:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.12.04 23:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011.04.20 18:24:54 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.03.18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 04:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.20 04:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.05.20 15:26:48 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2010.04.27 11:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.09.15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 10:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007.07.03 19:04:44 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2007.07.03 19:04:16 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2012.03.22 01:43:12 | 000,075,104 | ---- | M] (BlueStack Systems) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012.01.11 22:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/04/07 09:50:06] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.12.04 23:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.10.27 08:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2010.03.31 01:00:00 | 000,026,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3462559716-537990258-3856606381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3462559716-537990258-3856606381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3462559716-537990258-3856606381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 28 0C F6 C0 6C CD 01  [binary data]
IE - HKU\S-1-5-21-3462559716-537990258-3856606381-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3462559716-537990258-3856606381-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3462559716-537990258-3856606381-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Avast\WebRep\FF [2012.07.07 09:41:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Firefox\components [2012.07.27 23:57:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Firefox\components [2012.07.27 23:57:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins
 
[2011.08.16 19:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vali\AppData\Roaming\mozilla\Extensions
[2012.08.03 16:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vali\AppData\Roaming\mozilla\Firefox\Profiles\i44lh1fj.default\extensions
[2012.05.18 14:52:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Vali\AppData\Roaming\mozilla\Firefox\Profiles\i44lh1fj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.29 17:56:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Vali\AppData\Roaming\mozilla\Firefox\Profiles\i44lh1fj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.03 19:33:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Vali\AppData\Roaming\mozilla\Firefox\Profiles\i44lh1fj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.07.01 12:43:24 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\Vali\AppData\Roaming\mozilla\Firefox\Profiles\i44lh1fj.default\extensions\de_DE@dicts.j3e.de
[2012.07.24 16:54:28 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Vali\AppData\Roaming\mozilla\Firefox\Profiles\i44lh1fj.default\extensions\firefox@ghostery.com
[2012.08.03 16:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vali\AppData\Roaming\mozilla\Firefox\Profiles\i44lh1fj.default\extensions\staged
[2012.02.04 15:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vali\AppData\Roaming\mozilla\Firefox\Profiles\zb772qxm.default\extensions
[2012.02.04 15:33:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Vali\AppData\Roaming\mozilla\Firefox\Profiles\zb772qxm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.02.04 15:33:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Vali\AppData\Roaming\mozilla\Firefox\Profiles\zb772qxm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.07 09:41:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST\WEBREP\FF
[2012.07.03 19:33:00 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\VALI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I44LH1FJ.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[2012.04.27 03:47:44 | 000,006,796 | ---- | M] () (No name found) -- C:\USERS\VALI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I44LH1FJ.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI
[2012.04.06 09:28:24 | 000,010,013 | ---- | M] () (No name found) -- C:\USERS\VALI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I44LH1FJ.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
 
O1 HOSTS File: ([2012.02.06 10:17:13 | 000,000,889 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 	127.0.0.1 	activate.adobe.com
O1 - Hosts: 	127.0.0.1 	practivate.adobe.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3462559716-537990258-3856606381-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3462559716-537990258-3856606381-1000..\Run: [SkyDrive] C:\Users\Vali\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Vali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Vali\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3462559716-537990258-3856606381-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A40EBE38-340B-401F-B694-C3D78F579C2B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E44D756A-B256-4947-8D43-D6FCCAB8E075}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1f876bc0-d736-11e1-88a0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1f876bc0-d736-11e1-88a0-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{7ee97f91-514e-11e1-a964-14dae9925593}\Shell - "" = AutoRun
O33 - MountPoints2\{7ee97f91-514e-11e1-a964-14dae9925593}\Shell\AutoRun\command - "" = A:\Setup\rsrc\autorun.exe
O33 - MountPoints2\{7ee97f91-514e-11e1-a964-14dae9925593}\Shell\dinstall\command - "" = A:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 7 Days ==========
 
[2012.08.03 16:15:20 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Roaming\Malwarebytes
[2012.08.03 16:15:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.03 16:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.03 16:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.03 16:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anti-Malware
[2012.08.03 16:04:09 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Vali\Desktop\OTL.exe
[2012.08.02 19:09:29 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.08.01 16:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.07.30 20:15:09 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Local\Origin
[2012.07.30 20:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.07.30 20:10:18 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Roaming\Origin
[2012.07.30 16:22:51 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.07.29 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Roaming\Sony Creative Software Inc
[2012.07.29 19:48:19 | 000,000,000 | ---D | C] -- C:\Users\Vali\Desktop\FSB
[2012.07.29 11:52:19 | 000,000,000 | ---D | C] -- C:\Users\Vali\Desktop\AviSynth
[2012.07.29 11:26:57 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Roaming\Audacity
[2012.07.29 11:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012.07.29 11:13:54 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012.07.28 14:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.07.28 14:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012.07.28 14:24:53 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Local\Sony
[2012.07.28 14:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2012.07.28 14:24:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.07.28 14:23:37 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Roaming\Sony
[2012.07.28 13:13:19 | 000,000,000 | ---D | C] -- D:\Dokumente\Activision
[2012.07.28 03:53:29 | 000,000,000 | ---D | C] -- D:\Dokumente\KONAMI
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 7 Days ==========
 
[2012.08.03 16:15:11 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.03 16:04:41 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.03 16:04:41 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.03 16:04:41 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.03 16:04:41 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.03 16:04:41 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.03 16:04:10 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Vali\Desktop\OTL.exe
[2012.08.03 16:00:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.03 15:58:59 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.03 15:58:51 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.08.03 03:50:08 | 000,001,727 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.08.03 03:50:07 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.08.03 03:50:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.08.03 03:49:54 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012.08.01 20:57:04 | 000,016,136 | ---- | M] () -- C:\Users\Vali\Desktop\Ohne Titel.veg
[2012.07.31 17:20:35 | 000,077,824 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2012.07.30 20:08:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.30 20:08:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.30 19:59:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.30 16:29:59 | 000,023,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 16:29:59 | 000,023,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 11:43:05 | 062,445,056 | ---- | M] () -- D:\Dokumente\Ohne Titel.avi
[2012.07.29 11:43:05 | 000,000,036 | ---- | M] () -- D:\Dokumente\Ohne Titel.avi.sfl
[2012.07.29 01:21:46 | 1943,134,405 | ---- | M] () -- D:\Dokumente\YouTube-75b9f797f3c54ff984ea08e60ada01c4.mp4
[2012.07.28 16:22:16 | 1942,540,514 | ---- | M] () -- D:\Dokumente\YouTube-b396ada9bc3c4dd8b0dcbe2292b2672b.mp4
[2012.07.28 14:25:25 | 000,117,186 | ---- | M] () -- C:\Users\Public\Desktop\Key.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.03 16:15:11 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.03 03:50:08 | 000,001,727 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.08.01 20:57:04 | 000,016,136 | ---- | C] () -- C:\Users\Vali\Desktop\Ohne Titel.veg
[2012.07.29 11:43:03 | 062,445,056 | ---- | C] () -- D:\Dokumente\Ohne Titel.avi
[2012.07.29 11:43:03 | 000,000,036 | ---- | C] () -- D:\Dokumente\Ohne Titel.avi.sfl
[2012.07.29 11:26:54 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.07.28 23:36:24 | 1943,134,405 | ---- | C] () -- D:\Dokumente\YouTube-75b9f797f3c54ff984ea08e60ada01c4.mp4
[2012.07.28 14:39:34 | 1942,540,514 | ---- | C] () -- D:\Dokumente\YouTube-b396ada9bc3c4dd8b0dcbe2292b2672b.mp4
[2012.07.28 13:47:15 | 000,117,186 | ---- | C] () -- C:\Users\Public\Desktop\Key.exe
[2012.07.27 05:49:29 | 000,003,221 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2012.07.26 19:33:58 | 000,684,313 | ---- | C] () -- C:\Windows\unins000.exe
[2012.07.26 19:33:58 | 000,013,157 | ---- | C] () -- C:\Windows\unins000.dat
[2012.07.09 19:26:17 | 000,214,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.09 19:25:58 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.07.09 19:14:01 | 000,000,255 | ---- | C] () -- C:\Windows\game.ini
[2012.06.28 15:50:41 | 000,010,094 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012.06.28 15:50:38 | 000,850,152 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012.06.28 15:50:38 | 000,014,046 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012.06.17 15:04:02 | 000,110,114 | ---- | C] () -- C:\Users\Vali\.TransferManager.db
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.05 15:47:47 | 000,000,132 | ---- | C] () -- C:\Users\Vali\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.05.03 04:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012.04.11 11:39:02 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.03.18 11:44:28 | 000,007,607 | ---- | C] () -- C:\Users\Vali\AppData\Local\Resmon.ResmonCfg
[2012.03.06 19:38:07 | 000,000,132 | ---- | C] () -- C:\Users\Vali\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2012.03.05 06:28:00 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.03.05 06:28:00 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.03.05 06:27:57 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.03.05 06:27:57 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.03.02 07:12:08 | 000,000,160 | ---- | C] () -- C:\Windows\wiso.ini
[2012.03.01 20:44:59 | 000,000,424 | ---- | C] () -- C:\Users\Vali\.swfinfo
[2012.02.22 18:07:48 | 000,000,032 | ---- | C] () -- C:\ProgramData\droidcam-settings
[2012.02.19 10:05:42 | 000,000,484 | RHS- | C] () -- C:\Users\Vali\ntuser.pol
[2012.02.05 12:10:09 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.04 17:17:30 | 000,077,824 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2012.02.04 14:21:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.02.19 10:51:57 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Acronis
[2012.02.27 10:34:12 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Ashampoo
[2012.08.02 17:56:03 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Audacity
[2012.02.22 20:35:32 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Bioshock2
[2012.02.04 15:31:13 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\bizarre creations
[2012.05.17 14:27:32 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\BoneTown
[2012.05.13 13:21:10 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\calibre
[2012.03.25 13:29:32 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Canon
[2012.03.12 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.02.05 17:38:32 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2012.07.26 17:44:01 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\DAEMON Tools Lite
[2012.02.24 08:22:09 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\DarknessII
[2012.06.28 15:53:35 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\dBpoweramp
[2012.08.03 03:50:13 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Dropbox
[2012.02.21 19:45:17 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Eve Market Scanner
[2012.04.22 15:36:02 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\EveHQ
[2012.06.25 06:41:15 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\EVEMon
[2012.02.21 19:43:24 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\EveTrader
[2012.02.21 19:49:09 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\EVETycoon
[2012.06.27 17:42:29 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\FileZilla
[2012.06.04 18:50:25 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\FreePDF
[2012.02.05 15:41:00 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Indicium Technologies
[2012.02.05 16:52:48 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\IrfanView
[2012.02.05 13:07:09 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\JAM Software
[2012.04.21 17:10:55 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\LS
[2012.02.04 15:56:47 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Modified Weather Gadget
[2012.08.03 16:31:54 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\NetSpeedMonitor
[2012.07.17 07:36:25 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Notepad++
[2012.06.16 06:57:34 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Opera
[2012.07.30 20:15:19 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Origin
[2012.02.05 17:17:08 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Publish Providers
[2012.02.04 15:33:15 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\QTTabBar
[2012.04.08 08:37:51 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Rovio
[2012.07.28 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Sony
[2012.07.29 20:59:55 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Sony Creative Software Inc
[2012.07.20 15:24:32 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Sports Interactive
[2012.02.12 14:41:44 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.07.26 19:37:00 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Steinberg
[2012.02.04 15:33:15 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Trillian
[2012.06.26 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\TS3Client
[2012.02.04 15:33:33 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\ts3overlay
[2012.02.06 21:47:05 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Tunngle
[2012.02.05 18:58:03 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\Ubisoft
[2012.07.31 17:45:10 | 000,000,000 | ---D | M] -- C:\Users\Vali\AppData\Roaming\UseNeXT
[2012.08.03 15:58:51 | 000,000,214 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012.08.03 03:49:54 | 000,000,218 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2012.06.17 12:06:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 03.08.2012 16:29:43 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Vali\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,26 Gb Available Physical Memory | 78,30% Memory free
10,00 Gb Paging File | 8,45 Gb Available in Paging File | 84,54% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96,49 Gb Total Space | 31,37 Gb Free Space | 32,52% Space Free | Partition Type: NTFS
Drive D: | 34,18 Gb Total Space | 7,11 Gb Free Space | 20,80% Space Free | Partition Type: NTFS
Drive E: | 198,70 Gb Total Space | 13,66 Gb Free Space | 6,88% Space Free | Partition Type: NTFS
Drive G: | 22,75 Gb Total Space | 2,09 Gb Free Space | 9,19% Space Free | Partition Type: NTFS
Drive I: | 7,44 Gb Total Space | 7,16 Gb Free Space | 96,20% Space Free | Partition Type: FAT32
 
Computer Name: DESKTOP | User Name: Vali | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-3462559716-537990258-3856606381-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2254BCFB-465F-4887-A893-827937A5227C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4D6E487F-D4F2-4C4E-9E28-852A60DCA0E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{501BE1A1-536A-4656-BDE0-8BC797CBD6A6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{514D2FC9-AE15-4161-ACBD-D79EA70C4479}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5767411D-2E9B-47A1-ABF1-DE618A03054C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{57A64BEF-C9DF-4211-88A3-A6167F790D3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B55F5BA-4FF5-4DC6-AD76-CA565123E1B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5C69F6BF-3CB5-4243-BD80-6BC7EDFAE2E0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{61B334A9-8971-413E-A785-2D0F732F3170}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{684C2346-DCC4-4214-BCD8-B92CD02D2DE7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6B4F70CD-708D-4EF6-B2D8-8274A94D6AE7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{715FFEAA-CE61-4F0D-83C4-72C432102F24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{71F44560-4EB0-4990-955F-C301047833EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{741DE968-2449-46CD-A303-3933B9118AEC}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{780A442E-0282-4066-8B02-85C102E7F4A6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7B864ABE-D35B-4DDF-80D3-4E0D1D20E1E9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{925E427F-70BC-49BE-BBAB-5DE6B97B8F87}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{95FB0405-E421-40DE-A8BB-FBB3305914D8}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9D2722A9-24A0-4DED-ABEC-4DE7379BE9CF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9D27CCD0-4488-42B7-8019-5214E05AF7C2}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{AADA065B-AFDE-4B5F-8D7C-4E4F9CEE7E35}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AE3299DE-B812-4B77-A31A-5539557EB461}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B2596CCF-22AD-4514-9368-D64BAEBD9F02}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B6D06A17-1E81-48F0-9740-8F58FC2E9602}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BA542603-618C-4AA3-A2F3-7D59AB9FD158}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BB2ADA74-6535-4150-BB37-0CD35789627F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{C10B7A19-6888-412D-9A53-DB1EC5D298D0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C2554271-0348-4AD0-954C-0F2663248F5A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CC325EC3-2FD5-4202-9D73-CEF6C260E4CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D56FCE88-2412-4C2A-AAEC-883A3E73F28F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E2CCD091-3356-4756-BCAE-9BC60103FF4C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E97BF692-396F-4F82-AF87-F00B36BDD489}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F07CD2FD-C5FC-4801-9834-5E2C954C90E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04018C88-CCBF-477D-8A4A-B3936A20487B}" = protocol=17 | dir=in | app=c:\games & toolz\eve\bin\exefile.exe | 
"{04D2983C-5804-450B-A9DA-D3D2B839B4BE}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{059DB393-A02B-42C8-806C-AA2EAFB3A672}" = protocol=17 | dir=in | app=e:\dead space 2\deadspace2.exe | 
"{0A8679CE-0E06-4656-B3AD-AC7082024782}" = protocol=6 | dir=in | app=e:\dead space 2\deadspace2.exe | 
"{0ABC2176-C947-4737-8CC5-45266D00CC4B}" = protocol=17 | dir=in | app=e:\mass effect 3\binaries\win32\masseffect3.exe | 
"{0B184DF4-AF6F-4BD8-9363-5DBF47CF6F36}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{0BE9BB70-3618-4D8D-ABAC-8719F522A606}" = protocol=6 | dir=in | app=e:\driver san francisco\driver.exe | 
"{0F9DF39B-6724-407E-82C3-AE96DA0E1818}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{1009E7E2-41AA-4EDD-B42A-14CA9415C45D}" = protocol=17 | dir=in | app=e:\origin games\fifa 12\game\fifa.exe | 
"{1164085F-1517-4A5A-B98F-3D0743BE1D20}" = protocol=6 | dir=in | app=e:\anno 2070\autopatcher.exe | 
"{15626FB9-AE48-4DB3-8549-183A089C0258}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe | 
"{1A8178C7-0ADC-487D-873F-4EB71242DFED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1CE28C91-738D-498B-B6A4-A7C5FAF811E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E4BBD22-6502-466F-A2DB-903E1C979D51}" = protocol=17 | dir=in | app=c:\users\vali\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2473F729-3E40-47A6-B425-32157D3DDCEE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | 
"{26746AE0-3837-4F34-B142-E1688821CAA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2B93DD01-0812-40B9-8236-262AEFF8D30B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{321E05B9-CD9A-495A-AFDC-1E8CD1FB5E04}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{32995114-8AED-47CD-B8EC-DFC944D8931F}" = protocol=6 | dir=in | app=e:\anno 2070\anno5.exe | 
"{33ECBE0A-48E3-463B-B659-78E00CF166A2}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{347FC8F0-FA81-4F3E-BCDA-98BFC9020EC2}" = protocol=6 | dir=in | app=c:\program files (x86)\droidcam\droidcamapp.exe | 
"{3C8CF69C-FB0F-4F31-84B1-1410D9F110EF}" = protocol=17 | dir=in | app=e:\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{42C64845-86C5-49F8-BC20-A9EC601C175F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{459AB81B-461F-4D1B-B7E9-C1DB1A383096}" = protocol=6 | dir=in | app=c:\users\vali\appdata\local\microsoft\skydrive\skydrive.exe | 
"{477E2B1F-0E05-4D08-A89D-796DDDD8D794}" = protocol=6 | dir=in | app=e:\anno 2070\initengine.exe | 
"{48ACB7D5-766B-42CA-8705-6B1B93E10483}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{4EB7583E-A580-4993-B559-B60E0936DD5C}" = protocol=6 | dir=in | app=e:\origin games\fifa 12\game\fifa.exe | 
"{4F169E13-5A13-446B-BD9A-840728222DD6}" = protocol=6 | dir=in | app=e:\resident evil operation raccoon city\raccooncity.exe | 
"{52BB6CAA-24A5-47F8-9FC6-D0694C93DAA2}" = protocol=17 | dir=in | app=e:\driver san francisco\driver.exe | 
"{53F103D8-F513-45BF-8BAC-028A57BA6EAD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | 
"{550666AA-07DE-48A9-A02E-FC2D3180490B}" = protocol=6 | dir=in | app=e:\uefa euro 2012\game\fifa.exe | 
"{5963EE86-4478-42A7-AE17-6B9BD41BAADB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5C0AD3FE-BE5E-4CF5-A654-8F75CFEB700D}" = protocol=17 | dir=in | app=e:\anno 2070\initengine.exe | 
"{5E36BAF4-CA80-4833-B3DE-A4B6AF251B95}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | 
"{6172CD81-D917-4E32-8A85-96E328741CB0}" = dir=out | app=e:\max payne 3\playmaxpayne3.exe | 
"{62D01295-C979-4C88-BD97-554FFB5D0F79}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{651EF8F4-CBA5-443B-88AD-94351660F735}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{6568AD9B-40C5-432A-8894-B7CE08DB8CD4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{658D0548-4797-47A1-B0A9-17AB8F5C250F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68DEA215-EBCF-494A-9B07-BC3C30FBD348}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{69251F93-58B1-4B16-BB56-A73D961BF4F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{69CAD962-C428-47C2-BF3D-482413C993F5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | 
"{6C59CDC6-F6B1-47F2-8319-1E512DDCB4CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{6D97F316-74E7-4651-A6EC-AD91D899DFFC}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{7052D7CC-53BB-4226-83A2-510CD6438160}" = protocol=17 | dir=in | app=c:\program files (x86)\droidcam\droidcamapp.exe | 
"{736754D7-D463-4422-B0CE-6638CD864F94}" = protocol=6 | dir=in | app=e:\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{7591580A-D0EE-42E4-905C-A2E9FF5E894A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{7C0A09E8-AA8D-4C7D-AD45-375136369068}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{7CF228F7-EED0-4271-A6D4-7BC0AE825607}" = dir=in | app=e:\max payne 3\playmaxpayne3.exe | 
"{8477C3DE-E0E9-466E-BF65-8D6F74A9CF9F}" = protocol=6 | dir=in | app=c:\games & toolz\eve\bin\exefile.exe | 
"{8621455C-CC3C-4AD5-B590-C8B4F5966B41}" = protocol=17 | dir=in | app=e:\uefa euro 2012\game\fifa.exe | 
"{863D7344-2078-4330-97E8-74F105ECD02D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{8E53D7FA-2CE4-4397-BA51-5AC13FC16C68}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8F2A99A1-4FA1-4B53-8782-D3EF0C1013C3}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{9221A141-892D-48CD-9E14-AE3B6F70FB5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9874494A-518A-4678-B4C6-155A796F692C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{989941DD-3BC5-4B51-ACCB-0AD21BCA01E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9924B8E4-3AD5-43BB-BE15-6ADD6C285EDB}" = protocol=17 | dir=in | app=e:\eve\bin\exefile.exe | 
"{9B5360D2-B220-45B2-92DA-CBFD9F8A2CB9}" = dir=out | app=e:\max payne 3\maxpayne3.exe | 
"{9B83B14A-B48A-446F-8BCD-DE68888E8D42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A2BC9E72-4801-4EA7-A6D8-F4F36A9838ED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A4122791-84F2-430A-A2E5-BE5AED3AB427}" = protocol=17 | dir=in | app=e:\anno 2070\autopatcher.exe | 
"{A8E20DD1-003E-4232-BEA0-0E9589AE014F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE3E6451-BA9D-4D7D-B5B0-D1BFB76282F8}" = dir=in | app=e:\max payne 3\maxpayne3.exe | 
"{AE8D327F-3654-46D1-8796-D776E395E43B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B6EBEE4B-DF34-4CEC-9823-F7772AC87CBC}" = protocol=6 | dir=out | app=system | 
"{B7329165-01BD-4A2C-BB9B-5AB6CDAEFC77}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{B7C0B8F3-B45A-4B9E-AEED-D1C8A8FB0959}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B9ACB342-81E2-484B-939B-3EEEDE9099BD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{BD0A8CA2-DCEF-4836-BC21-1E6CAC082599}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BDA20396-518C-4116-BDA3-86064AB0584F}" = protocol=17 | dir=in | app=e:\resident evil operation raccoon city\raccooncity.exe | 
"{C4081DC4-3E08-4519-BBC0-2E24BD2732EE}" = protocol=6 | dir=in | app=e:\eve\bin\exefile.exe | 
"{C9BD3715-2543-4BFC-BEE3-5CB9F0155B84}" = protocol=6 | dir=in | app=e:\mass effect 3\binaries\win32\masseffect3.exe | 
"{CB3D3749-52AD-4528-BB3F-222204C0AFC2}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{D21FBA84-6DA4-4A8F-A25E-2E435278902B}" = protocol=17 | dir=in | app=e:\anno 2070\anno5.exe | 
"{D3580EE4-ADB9-44BF-AE57-F6119F7068D8}" = protocol=17 | dir=in | app=c:\users\vali\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D4F0B309-6080-4277-98F7-2DDF6C331397}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D5937383-B3C1-4FB8-9627-8A18B6B8A295}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DBC99694-76B5-4914-91E2-713C6A41596B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{DDD2DC73-0123-4466-8DC4-738B72959AF5}" = dir=in | app=e:\max payne 3\playmaxpayne3.exe | 
"{DF032B1B-FB22-4FAE-96F3-7B551DC70E9A}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{E37D252F-379D-4016-BB8C-AB85CEBCA080}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{E407F487-012D-46FE-893C-33CC7043B644}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{EBCB358E-9368-4664-99E1-89DB1AF11A9A}" = dir=out | app=e:\max payne 3\playmaxpayne3.exe | 
"{ED41FA8D-6A54-465A-852F-B08842EDEBD1}" = protocol=6 | dir=in | app=c:\users\vali\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F0DAA926-CDE3-4706-B339-BFECAFB5A5E7}" = protocol=17 | dir=in | app=c:\users\vali\appdata\local\microsoft\skydrive\skydrive.exe | 
"{F512EAC4-7B68-4BC2-8FE9-157A53C62356}" = protocol=6 | dir=in | app=c:\users\vali\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F6212138-BAAB-4AB8-B794-CD9149EA9673}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{FE058D0A-C8ED-42AD-91E0-318A65CD6A80}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | 
"TCP Query User{18869019-BF57-42A0-B232-FBC98CEE4894}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe | 
"TCP Query User{1956387C-591B-4426-BC3A-439AD870F11B}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{22F3A2D3-28FB-47B8-8952-E8146C5AE01A}E:\uefa euro 2012\game\fifa.exe" = protocol=6 | dir=in | app=e:\uefa euro 2012\game\fifa.exe | 
"TCP Query User{24495839-52E8-42E6-B698-CE74DFC320D7}E:\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=e:\call of duty 2\cod2mp_s.exe | 
"TCP Query User{4AD192DC-B80E-42DD-8999-A4361A0DF1AC}E:\eve\bin\exefile.exe" = protocol=6 | dir=in | app=e:\eve\bin\exefile.exe | 
"TCP Query User{4C568AFF-51FD-4F01-ABF3-AA0B398A88C4}E:\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=e:\mass effect 3\binaries\win32\masseffect3.exe | 
"TCP Query User{51ADF733-3AA0-4F85-96AD-FF24480B1950}E:\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=e:\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"TCP Query User{55462944-9DA4-4A1E-9D05-280F7115D714}E:\driver san francisco\driver.exe" = protocol=6 | dir=in | app=e:\driver san francisco\driver.exe | 
"TCP Query User{962AB768-EDDF-4F5D-ADF8-BE33FB531574}E:\steam\steamapps\common\prototype 2\prototype2.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\prototype 2\prototype2.exe | 
"TCP Query User{9F9112EB-537B-45FB-90B3-11AE89E6C242}E:\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=e:\dead space 2\deadspace2.exe | 
"TCP Query User{ACA8044A-07D9-4BBC-B35F-EDDC109CD186}C:\games & toolz\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\games & toolz\eve\bin\exefile.exe | 
"TCP Query User{B4B8A837-8EE2-40FE-9555-909A9CF1F81E}E:\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=e:\max payne 3\maxpayne3.exe | 
"TCP Query User{B6E5B401-C35F-40DD-A85F-D210E1D6AE14}E:\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=e:\max payne 3\maxpayne3.exe | 
"TCP Query User{BECA5A4C-0999-4953-9046-3557C1963949}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe | 
"TCP Query User{CAAD4832-1AB0-4C07-9E73-132E2CE6A447}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{D447A294-DD2E-4118-B01E-83DD963595CA}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{E6601BA8-1FCE-488D-80D4-590183322948}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{E87511D2-BCDC-44FB-998B-50FDAE7F15B7}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{F75574A8-2EA1-4F5C-BFCD-BD9126345D8E}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe | 
"UDP Query User{02497CA8-E661-4E8B-B760-356F268D0E7C}E:\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=e:\dead space 2\deadspace2.exe | 
"UDP Query User{178E8AAC-54E4-4932-B899-D66E225144B5}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe | 
"UDP Query User{1C0729F1-6680-4220-9A7E-EAC3E1DF646F}E:\uefa euro 2012\game\fifa.exe" = protocol=17 | dir=in | app=e:\uefa euro 2012\game\fifa.exe | 
"UDP Query User{672FB94C-0E32-4C6C-B8D2-2959BABA7BFF}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe | 
"UDP Query User{6B39B1CF-452D-4B2B-BE8B-98A5C233027D}E:\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=e:\mass effect 3\binaries\win32\masseffect3.exe | 
"UDP Query User{725E624F-4D14-4E99-8693-93273B493154}E:\steam\steamapps\common\prototype 2\prototype2.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\prototype 2\prototype2.exe | 
"UDP Query User{8533C2D2-AEDE-4BE5-86EA-FAF698F2FC90}E:\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=e:\max payne 3\maxpayne3.exe | 
"UDP Query User{89CD1D2E-CA2E-46D1-B769-D974AD3987F7}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{9DC216A3-148C-454E-8BD0-BEEF379CA776}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe | 
"UDP Query User{A032094F-A716-446F-9F61-CF8E42D13195}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{A9636811-8070-4C2A-8B25-BB33C47EFD82}E:\eve\bin\exefile.exe" = protocol=17 | dir=in | app=e:\eve\bin\exefile.exe | 
"UDP Query User{ADA91A16-658C-4829-9751-35FE8DEA5B3D}E:\driver san francisco\driver.exe" = protocol=17 | dir=in | app=e:\driver san francisco\driver.exe | 
"UDP Query User{D533B1AA-1569-4EE4-8070-3E27E079981B}E:\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=e:\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"UDP Query User{DBE3F491-6405-4BD0-B22A-611BB2CC7A5C}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{E10496AE-8C6A-4343-B23E-8DC4D9A87BD8}C:\games & toolz\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\games & toolz\eve\bin\exefile.exe | 
"UDP Query User{E117F8C0-CCF9-4920-BBFD-70BFD118D11B}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{E653026C-08CC-443D-BC53-90E1FB117DB2}E:\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=e:\max payne 3\maxpayne3.exe | 
"UDP Query User{F045C9D1-3558-48F2-B86B-43A6E1283A47}E:\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=e:\call of duty 2\cod2mp_s.exe | 
"UDP Query User{F54A2793-4A29-4CE9-A0B0-BC9BD39D60B1}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{31A6FA40-E935-11E0-95F9-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{33C19CDE-E935-11E0-A0DA-F04DA23A5C58}" = MSVCRT Redists
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC38EE55-86A7-4688-BC8E-202D82FB8B7B}" = NetSpeedMonitor 2.4.2.0 x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"GPL Ghostscript 9.04" = GPL Ghostscript
"JosipMedved_VhdAttach_is1" = VHD Attach 1.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{07A6B206-3F11-4D92-92A1-90E116ADD660}" = Angry Birds
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B9E0BD1-328D-415C-80A5-6B0028F0C104}" = Call of Duty(R) 2 Patch 1.2
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{138B4FA4-B9C1-422E-BDB9-75E516B2522B}" = calibre
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2F8C3308-46DC-4431-B1C0-5C579A5CADBE}" = Joe
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{42223788-172F-491E-B5F6-91136414AEFD}" = SSDlife Pro
"{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player
"{43430FA1-12BB-4D88-862E-4F1000008400}" = Resident Evil: Operation Raccoon City
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4D96D2F0-8FB4-45C2-9B80-2DCB88016316}_is1" = Machinarium
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65F8E0A6-A290-4D47-B391-D6353D756854}" = Pro Evolution Soccer 2013 DEMO
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E3508A-7352-4738-934F-C1AAF25616CF}" = EveHQ
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7EDF4F60-E41A-4D55-8400-A633443C0065}" = QTTabBar 1.5.0.0 Beta 2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FA601A-241A-4956-8A21-F7D525C4422F}_is1" = SSD Tweaker version 2.0.1
"{858265FC-A472-40CF-B9A6-A5C1297AEF9B}" = Eve Market Scanner
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9240D97C-D575-465E-A681-21C0979EE5DF}" = Angry Birds Seasons
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E5AE81-74F7-4659-A66D-985AAB26F0B8}" = BlueStacks (beta-1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 11 Professional
"{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}" = Angry Birds Rio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DD6A0EE6-A8D3-449F-95B7-C971FBB0D19D}" = Call of Duty(R) 2 Patch 1.01
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E492D84D-F8CB-48C7-A78C-D62537D5AE46}" = GMX SMS-Manager
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1ED5BD7-4770-4037-9CBD-5DF9A5BEC408}" = Plus Pack für Acronis True Image Home 2011
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"Addictive Drums ADpak Retro_is1" = Addictive Drums ADpak Retro
"Addictive Drums Inno Setup_is1" = Addictive Drums 1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.2
"Audacity_is1" = Audacity 2.0
"avast" = avast! Free Antivirus
"Canon MG6100 series Benutzerregistrierung" = Canon MG6100 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.unitedinternet.ums.sms-mms-manager" = GMX SMS-Manager
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.0.0 Shizuku Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Driver San Francisco" = Driver San Francisco
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FileZilla Client" = FileZilla Client 3.5.3
"Fraps" = Fraps (remove only)
"FreePDF_XP" = FreePDF (Remove only)
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OE Backup" = OE Backup 4.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 12.00.1467" = Opera 12.00
"Origin" = Origin
"pyfa" = pyfa 1.1.5
"Rockstar Games Social Club" = Rockstar Games Social Club
"R-Studio 5.1NSIS" = R-Studio 5.1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Walking Dead_is1" = The Walking Dead Episode 2 - Starved for Help
"Trillian" = Trillian
"Tunngle beta_is1" = Tunngle beta
"UEFA EURO 2012_is1" = UEFA EURO 2012
"UseNeXT_is1" = UseNeXT
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.2
"Xfire" = Xfire (remove only)
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3462559716-537990258-3856606381-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Kies Air Discovery Service" = Kies Air Discovery Service
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.07.2012 21:38:13 | Computer Name = Desktop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.07.2012 14:27:15 | Computer Name = Desktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmiprvse.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79d42  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c96e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000dc47b
ID
 des fehlerhaften Prozesses: 0x1230  Startzeit der fehlerhaften Anwendung: 0x01cd6db7a617529a
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\wbem\wmiprvse.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\RPCRT4.dll  Berichtskennung: 0528e8e1-d9ab-11e1-9f23-14dae9925593
 
Error - 29.07.2012 14:28:34 | Computer Name = Desktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a1c7  Name des fehlerhaften Moduls: d2d1.dll, Version: 6.1.7601.17563,
 Zeitstempel: 0x4d5faec9  Ausnahmecode: 0xc0000096  Fehleroffset: 0x000000000004f902
ID
 des fehlerhaften Prozesses: 0xef0  Startzeit der fehlerhaften Anwendung: 0x01cd6db7a36fdd16
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\system32\d2d1.dll  Berichtskennung: 3448a6ce-d9ab-11e1-9f23-14dae9925593
 
Error - 29.07.2012 14:28:34 | Computer Name = Desktop | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Windows-Minianwendungen wurde wegen dieses Fehlers
 geschlossen.    Programm: Windows-Minianwendungen  Datei:     Der Fehlerwert ist im Abschnitt
 "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie die Datei erneut.
Diese
 Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird,
 wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht auf die Datei
 zugreifen können und   - diese sich im Netzwerk befindet,   dann sollte der Netzwerkadministrator
 überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem 
Server hergestellt werden kann.   - diese sich auf einem Wechseldatenträger, wie z.
 B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig
 in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.   Wenden Sie sich an den Administrator 
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, 
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
Error - 29.07.2012 14:57:53 | Computer Name = Desktop | Source = Application Hang | ID = 1002
Description = Programm audacity.exe, Version 2.0.1.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 828    Startzeit: 
01cd6db8dfa8f902    Endzeit: 8222    Anwendungspfad: C:\Program Files (x86)\Audacity\audacity.exe

Berichts-ID:
 3e9eabfb-d9af-11e1-a1df-14dae9925593  
 
Error - 29.07.2012 14:59:42 | Computer Name = Desktop | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: d20    Startzeit: 01cd6db8c0db9c46    Endzeit: 455    Anwendungspfad:
 C:\Windows\Explorer.EXE    Berichts-ID: 89a70607-d9af-11e1-a1df-14dae9925593  
 
Error - 29.07.2012 15:00:55 | Computer Name = Desktop | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 14d8    Startzeit: 01cd6dbc5d873a0c    Endzeit: 1772    Anwendungspfad:
 C:\Windows\explorer.exe    Berichts-ID: b191b01c-d9af-11e1-a1df-14dae9925593  
 
Error - 29.07.2012 16:01:20 | Computer Name = Desktop | Source = Windows Backup | ID = 4103
Description = 
 
Error - 30.07.2012 10:42:47 | Computer Name = Desktop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.07.2012 14:10:17 | Computer Name = Desktop | Source = Windows Installer 3.1 | ID = 921877
Description = 
 
Error - 01.08.2012 15:38:21 | Computer Name = Desktop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 21.05.2012 23:10:49 | Computer Name = Desktop | Source = BROWSER | ID = 8032
Description = 
 
Error - 21.05.2012 23:16:18 | Computer Name = Desktop | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk4\DR4.
 
Error - 21.05.2012 23:16:18 | Computer Name = Desktop | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk4\DR4.
 
Error - 21.05.2012 23:16:22 | Computer Name = Desktop | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk4\DR4.
 
Error - 21.05.2012 23:38:18 | Computer Name = Desktop | Source = BROWSER | ID = 8032
Description = 
 
Error - 22.05.2012 11:06:49 | Computer Name = Desktop | Source = BROWSER | ID = 8032
Description = 
 
Error - 22.05.2012 15:54:47 | Computer Name = Desktop | Source = BROWSER | ID = 8032
Description = 
 
Error - 22.05.2012 16:04:08 | Computer Name = Desktop | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 22.05.2012 23:50:18 | Computer Name = Desktop | Source = BROWSER | ID = 8032
Description = 
 
Error - 23.05.2012 12:26:48 | Computer Name = Desktop | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >
         
So, findet Ihr hier was? Ich habe beim überfliegen, nichts auffälliges finden können.
Wäre echt klasse, wenn Ihr mir hier weiterhelft. Ich weiß keinen Rat mehr.

ich erstelle mir jetzt eine SARDU Rescue Disc, evtl.findet einer der Scanner da etwas.

Alt 05.08.2012, 14:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 nach Login nur weißer Bildschirm - bisher keine Viren auf dem PC gefunden - Standard

Win7 nach Login nur weißer Bildschirm - bisher keine Viren auf dem PC gefunden



Trotzdem bitte alle Logs von Malwarebytes posten
Die Logs enthalten ein paar mehr Infos als nur Fund oder kein Fund.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu Win7 nach Login nur weißer Bildschirm - bisher keine Viren auf dem PC gefunden
7-zip, antivirus, battle.net, bho, bildschirm, bluestacks, browser, canon, crystaldiskinfo, cubase, document, error, erste mal, euro, fehler, festplatte, firefox, flash player, installation, kaspersky, keine viren, langs, live cd, logfile, mozilla, msvcrt, nach login, nicht möglich, nvidia update, plug-in, raccoon, realtek, rundll, scan, security, senden, software, svchost.exe, teamspeak, viren, windows, windows 8, wrapper



Ähnliche Themen: Win7 nach Login nur weißer Bildschirm - bisher keine Viren auf dem PC gefunden


  1. Windows 7: Schwarzer LogIn-Bildschirm nur mit weißer Maus
    Log-Analyse und Auswertung - 28.07.2015 (12)
  2. Weißer Bildschirm nach Start bei Win7 auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 11.11.2014 (12)
  3. win7 weißer bildschirm nach anmeldung und voriger entfernung von websearch.exitingsearch.info
    Plagegeister aller Art und deren Bekämpfung - 10.04.2014 (15)
  4. Weißer Bildschirm nach dem Star von WIN7
    Log-Analyse und Auswertung - 06.10.2013 (2)
  5. Win7: weißer Bildschirm nach hochfahren
    Plagegeister aller Art und deren Bekämpfung - 23.09.2013 (10)
  6. Weißer Bildschirm nach Start Win7
    Log-Analyse und Auswertung - 14.09.2013 (5)
  7. Win7 64Bit Weißer Bildschirm nach Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 08.09.2013 (7)
  8. Win7 weißer Bildschirm nach start
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (3)
  9. Zuerst Polizei-Virus,jetzt nur noch Weißer Bildschirm nach Anmeldung,Win7
    Log-Analyse und Auswertung - 05.07.2013 (15)
  10. Weißer Bildschirm nach Benutzeranmelding WIN7
    Log-Analyse und Auswertung - 02.07.2013 (24)
  11. Weißer Bildschirm nach anmelden PC Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 08.05.2013 (6)
  12. Nach Virusentfernung immer noch weißer gesperrter Bildschirm beim Windows Login
    Log-Analyse und Auswertung - 01.02.2013 (15)
  13. Weißer Bildschirm nach Benutzer Login, Windows 7
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (24)
  14. Nach Win7-Benutzer Anmeldung, kurz Desktop. dann weißer Bildschirm mit Cursor
    Plagegeister aller Art und deren Bekämpfung - 28.11.2012 (23)
  15. Weißer Bildschirm nach start von winXP keine Reaktion auf tasten
    Log-Analyse und Auswertung - 13.09.2012 (11)
  16. Weißer Bildschirm nach Systemstart WIN7
    Log-Analyse und Auswertung - 03.06.2012 (2)
  17. Viren? schwarzer Bildschirm nach Windows Login
    Log-Analyse und Auswertung - 03.06.2012 (1)

Zum Thema Win7 nach Login nur weißer Bildschirm - bisher keine Viren auf dem PC gefunden - Hallo Leute, ich benötige eure Hilfe, da alles bisher gelesene mir nicht weiter geholfen hat. Vor 3 Tagen hatte ich das erste mal nach dem (Auto)Login nur einen weißen Screen - Win7 nach Login nur weißer Bildschirm - bisher keine Viren auf dem PC gefunden...
Archiv
Du betrachtest: Win7 nach Login nur weißer Bildschirm - bisher keine Viren auf dem PC gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.