Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: deo0_sar.exe in der Appdata\local\Temp

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.08.2012, 19:37   #1
fabfabe
 
deo0_sar.exe in der Appdata\local\Temp - Standard

deo0_sar.exe in der Appdata\local\Temp



Hallo,

mein antivir programm hat die datai deo0_sar.exe gefunden und auch in quarantäne geschickt. nun bekomme ich den fehler das in der appdata\local\temp die exe nicht gestartet werden konnte.


ich habe hier schon ein wenig gestöbert und gesehen das ich nicht der einzige bin und jetzt wollte ich fragen ob mir jemand bei der auswertung von meinen log dateien helfen kann.

Vielen dank für jede hilfe

hier schon mal das log von malewarebytes :
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fabian :: DOLPHLUNDGREN [Administrator]

Schutz: Aktiviert

16.08.2012 16:49:09
mbam-log-2012-08-16 (16-49-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 563492
Laufzeit: 1 Stunde(n), 35 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
anscheinend habe ich auch noch einen zweiten trojaner drauf !?

lg fabian

Alt 17.08.2012, 02:23   #2
t'john
/// Helfer-Team
 
deo0_sar.exe in der Appdata\local\Temp - Standard

deo0_sar.exe in der Appdata\local\Temp





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 17.08.2012, 10:42   #3
fabfabe
 
deo0_sar.exe in der Appdata\local\Temp - Standard

deo0_sar.exe in der Appdata\local\Temp



erstmal danke für die antwort,

hier die beiden logs von OTL:

Code:
ATTFilter
OTL logfile created on: 17.08.2012 11:30:00 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Fabian\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,80% Memory free
7,93 Gb Paging File | 5,60 Gb Available in Paging File | 70,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 14,03 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive H: | 407,17 Gb Total Space | 40,01 Gb Free Space | 9,83% Space Free | Partition Type: NTFS
 
Computer Name: DOLPHLUNDGREN | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - H:\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - H:\Malwarebytes' Anti-Malware\anti virus\mbamservice.exe (Malwarebytes Corporation)
PRC - H:\Malwarebytes' Anti-Malware\anti virus\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - H:\Steam\bin\libcef.dll ()
MOD - H:\Steam\bin\avcodec-53.dll ()
MOD - H:\Steam\bin\chromehtml.dll ()
MOD - H:\Steam\bin\avformat-53.dll ()
MOD - H:\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- H:\Malwarebytes' Anti-Malware\anti virus\mbamservice.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 11 E9 2B 2A 72 CD 01  [binary data]
IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig?source=gama&hl=de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.07.17 10:48:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.14 20:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.14 20:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.03 14:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 16:52:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.14 19:55:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 16:52:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.14 19:55:35 | 000,000,000 | ---D | M]
 
[2011.03.24 01:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions
[2012.07.25 06:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\q2cw0yz0.default\extensions
[2012.06.19 15:01:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.03 16:26:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.03 14:09:42 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2011.03.30 13:06:39 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\FABIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2CW0YZ0.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.07.18 16:52:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.02 01:54:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.02 01:54:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.02 01:54:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.02 01:54:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.02 01:54:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.02 01:54:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\WINDOWS LIVE\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - F:\Programme\ip vermixer\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] H:\Malwarebytes' Anti-Malware\anti virus\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_SCC60.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001..\Run: [Steam] H:\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D26259E3-D5B5-4B87-B025-F9F77994DD0A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.17 11:18:58 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2012.08.16 16:39:14 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes
[2012.08.16 16:38:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.16 16:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.16 11:26:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 11:26:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 11:26:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 11:26:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 11:26:53 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 11:26:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 11:26:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 11:26:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 11:26:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 11:26:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 11:26:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 11:26:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 11:26:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.16 10:41:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.16 10:41:55 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.16 10:41:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.16 10:41:53 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.14 20:18:32 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\DayZCommander
[2012.08.14 20:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2012.08.02 12:03:11 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Rockstar Games
[2012.08.02 12:03:04 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.07.31 00:51:43 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Witcher 2
[2012.07.31 00:51:43 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\The Witcher 2
[2012.07.30 00:49:10 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\six-zsync
[2012.07.30 00:46:19 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Downloaded Installations
[2012.07.30 00:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.07.23 20:03:21 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\ArmA 2 OA
[2012.07.23 20:03:21 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\ArmA 2
[2012.07.23 19:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.07.23 19:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.07.23 19:48:06 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012.07.23 19:41:15 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Spirited_Machine
[2012.07.23 19:39:02 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Spirited Machine
[2012.07.23 13:31:31 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\LogMeIn Hamachi
[2012.07.23 13:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.07.23 12:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.17 11:18:59 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2012.08.17 10:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.17 09:52:52 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.17 09:52:52 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.17 09:51:23 | 104,052,063 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.08.17 09:45:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.17 09:45:34 | 3192,512,512 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.16 20:55:56 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.16 20:55:56 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.16 20:55:56 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.16 20:55:56 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.16 20:55:56 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.16 16:38:48 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.16 15:29:37 | 000,339,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.14 20:18:10 | 000,001,334 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012.08.14 19:59:43 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.14 19:59:43 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.04 12:16:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.04 12:16:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad
[2012.08.04 12:16:14 | 000,027,520 | ---- | M] () -- C:\Users\Fabian\AppData\Local\dt.dat
[2012.08.03 18:56:17 | 000,392,868 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.08.02 12:03:04 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.08.01 02:39:52 | 001,588,294 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.22 00:49:14 | 000,007,027 | ---- | M] () -- C:\Users\Fabian\Desktop\Dokument2.rtf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.16 16:38:48 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.14 20:18:10 | 000,001,334 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012.08.04 12:16:21 | 004,503,728 | ---- | C] () -- C:\ProgramData\23lldnur.pad
[2012.08.04 12:16:14 | 000,027,520 | ---- | C] () -- C:\Users\Fabian\AppData\Local\dt.dat
[2012.08.04 12:16:05 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.07.31 00:51:13 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.22 00:49:14 | 000,007,027 | ---- | C] () -- C:\Users\Fabian\Desktop\Dokument2.rtf
[2012.06.07 14:08:15 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.29 17:34:06 | 000,000,841 | ---- | C] () -- C:\Users\Fabian\.recently-used.xbel
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.10 23:43:30 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011.07.11 18:12:58 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.03.27 15:12:28 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.27 15:12:27 | 002,506,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_new_5-9-08.exe
[2011.03.27 15:12:27 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.03.24 21:15:19 | 000,007,604 | ---- | C] () -- C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg
[2011.03.24 02:43:28 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.24 01:59:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.12.13 12:38:41 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Amazon
[2012.05.07 15:24:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AquaNox
[2011.03.29 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AtomZombieDemoData
[2012.06.05 12:25:33 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AVG2012
[2011.07.19 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Bioshock
[2011.07.19 14:26:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Bioshock2
[2011.07.08 13:04:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Command and Conquer 4
[2011.03.29 12:52:49 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DarksporeData
[2012.02.09 17:35:09 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Dropbox
[2012.03.28 09:47:09 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Firefly Studios
[2011.07.31 15:26:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\GetRightToGo
[2011.05.29 16:59:20 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\go
[2011.12.29 16:32:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\gtk-2.0
[2012.04.25 20:50:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\LolClient
[2012.01.30 10:09:05 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2011.05.02 00:53:48 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Mount&Blade Warband
[2011.05.04 16:22:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Mount&Blade With Fire and Sword
[2011.07.16 17:39:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org
[2011.11.02 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Origin
[2011.08.11 13:49:27 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Red Alert 3
[2011.08.10 20:42:34 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Red Alert 3 Demo
[2012.05.31 20:17:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\runic games
[2012.07.30 00:49:10 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\six-zsync
[2012.07.23 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Spirited Machine
[2011.12.19 09:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\The Creative Assembly
[2012.07.23 15:34:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TS3Client
[2011.06.21 14:59:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\wargaming.net
[2011.05.18 12:54:58 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Windows Live Writer
[2012.05.22 16:19:36 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 17.08.2012 11:30:00 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Fabian\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,80% Memory free
7,93 Gb Paging File | 5,60 Gb Available in Paging File | 70,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 14,03 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive H: | 407,17 Gb Total Space | 40,01 Gb Free Space | 9,83% Space Free | Partition Type: NTFS
 
Computer Name: DOLPHLUNDGREN | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3147216635-1738779730-3799929888-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08ED5440-01C8-4A40-A8AE-7119B3BA5C70}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C6F8A25-DE6C-498C-A933-2D3B950638DB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0E455D19-FA81-4912-9836-ADEE37F52E31}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1CF2C87D-2E53-40EA-B960-7A877C0F95C8}" = lport=58566 | protocol=17 | dir=in | name=pando media booster | 
"{22BF2BF4-95C5-40A1-9CF5-DBB472235F44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{232575EE-B7E1-45AE-8AC1-F4213830A468}" = rport=445 | protocol=6 | dir=out | app=system | 
"{34DB1516-3465-448D-A61E-ADC8272CE7FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3E28C7B2-B113-4133-85F5-0CD7488120FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{415044D2-DCBA-43A6-99F4-44236E98DD13}" = lport=58566 | protocol=17 | dir=in | name=pando media booster | 
"{43F3438A-3955-4FEC-B25B-182B29F065D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B0DD5DC-899C-477E-862C-14D2EFFA4FE5}" = lport=58566 | protocol=6 | dir=in | name=pando media booster | 
"{771C45C0-3EC0-4259-8126-0D78E35F4313}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{786A1400-ED63-47B5-8A9D-B0D4E70EC8A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7F0F7C5C-29A7-4574-9EC9-448DF186FE75}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{90C0C89B-6324-45FF-8FF1-F4E751FC3F46}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{91E1DA6F-06FB-4973-B4DD-D63AD03F5098}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{94FF95D3-C409-4144-B419-7AA999F5A9FC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9B020A86-775D-438F-AB37-6D6A6D93BF6E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A7C0CB2D-BB9E-4688-968C-37F0A91B3F01}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AC0AFA32-A960-43FB-822C-62F5FCB11DDF}" = lport=58566 | protocol=6 | dir=in | name=pando media booster | 
"{B1496D76-C1CB-41B2-A24C-11C6946FECAA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B4F1F386-C037-4DDA-9CFA-12DFB6E84400}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BE967E63-A87C-4F51-8172-BECECF277862}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BFCE9CEC-DFE2-4A17-A66A-1035A1F7E8BA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C27F9857-7F36-477C-BF07-4B704FFBF875}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DC1ED482-D9EE-472B-BB73-03E1EA722B31}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E57A6E36-E9C0-4A84-8B17-A6C9362188A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EAD93FC5-195C-47B2-8422-3CB17A96853B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F79BBC97-9D8A-46BD-A55E-28C28BD5656C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AA4F14-1174-4BD7-A938-174BE6E84D4E}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{041BBCC3-BA33-4BA2-AD7D-B25BCAFE7A95}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{0479812C-679D-43E6-A43D-D65120CBCE2F}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{061542B0-C5A1-44A7-A9B8-F2B06D12096F}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\star wars empire at war\runme.exe | 
"{062425F9-292B-486B-BFB2-3508A11E84B0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{073CD4C5-25E4-46E5-A309-EDEE5EF9D081}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | 
"{07DAFF56-54A8-4BCD-AC18-641485CF4D98}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{080709DD-9328-40BE-864E-6C07CC08D935}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{083E277F-E3AA-4251-9B38-86073F51D08F}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\red faction guerrilla\rfg.exe | 
"{0969A7DE-F082-40FC-A317-3746083D692C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{0B932FE3-8938-4EA0-B2EC-ED02A98D4525}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\red faction guerrilla\rfg.exe | 
"{0BCF25C8-0EC2-4074-9C09-EE7CCB1CE7BC}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm | 
"{0BDAD993-9586-45D6-A5AA-2619D9B8CC8F}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{0C9D7687-B393-47AD-8249-AF98B7071341}" = protocol=6 | dir=in | app=h:\spiele\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{0CF95E3A-B11F-4C2E-BA96-4FF7AC56A190}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{0D14B677-6F91-4CEA-A402-27AFBFD54BF0}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\rise of immortals\roiclientr.exe | 
"{0D1E0C75-CE52-47BF-992D-33A530F4B9DF}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{0E2D0E93-2E70-4361-A373-CCE3F0B14153}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | 
"{0F560F54-BF08-4724-9890-B5E78A3DCA0B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0FD4BF7A-319F-4FD1-A3AB-31EE6A0E3735}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\uplink\uplink.exe | 
"{0FEE19F6-2892-491B-9289-388E9F6ABFAF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{10DE26AD-A5D4-4E00-8E6B-DA4034CA2A0F}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game | 
"{10F59F7A-BB5D-4DD3-876D-19F2D6F36A32}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"{11459C6A-ED19-4CCB-A510-EF50E81E4A5E}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe | 
"{1351829E-C6FE-413B-8D86-64E536278865}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bastion\bastion.exe | 
"{1378B70D-6D62-48FA-9F4E-9C21B1DFE0DA}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dawn of war gold\w40k.exe | 
"{13E03218-767C-44FB-B21E-A9BD4C6EFD6B}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\mount and blade\runme.exe | 
"{13FA8608-1685-4AC5-9BD8-8863B4B6CAD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{14893C96-1891-46FD-A147-C157AEDC49A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{152F54F7-7366-4E2F-A45D-3D776B28E119}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe | 
"{17C802AD-1E18-4011-8A21-869BF9C4C41C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{193E3DC1-CF84-4F16-9B96-A775AC69E45D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{1CE7F28D-8873-44EE-8558-DC34D62783D2}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{20107D92-1D97-42D6-A57F-2BF5F5798C08}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | 
"{2054F772-36D2-46A5-BE47-3C9B7B2D2EE2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{22DB9B29-88CC-4EE7-A7DD-0DC4E447E078}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\men of war\mow_editor.exe | 
"{24D0CAE6-B970-4B09-A321-C72CAA7F056B}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{24F8B7D9-232A-4A51-A957-604FA6CE32A6}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\alien swarm\swarm.exe | 
"{288EFC54-9D90-41B5-BB30-C7BFC4E7E889}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{2A9A363E-D78C-4424-BDBC-D0D8A38B64CF}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{2AE641A8-9ACE-4D87-BBB3-B2C9C2F1032D}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | 
"{2BE62302-C192-4F25-8021-1458E7AB4224}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{2D23970E-7ED2-45C9-96C3-8BF749E53B2E}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"{2E93CA8E-1F04-499C-B150-65C1189210B9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{2E9ADE3D-056B-45BC-99D6-687F31F09E48}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\defensegridtheawakening\defensegrid.exe | 
"{30A8ECD5-7AEC-46FE-B580-60F7AE4C1911}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm | 
"{334A8F52-B087-42E0-A361-274E31C6636C}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\red orchestra\system\redorchestra.exe | 
"{37A9AEAD-E402-4856-A0DA-8D369D7413E8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{38F5F846-9847-464B-A508-3F98B32FEF8B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{391EBFB6-C06C-4E7A-A7F0-0E7184731EE8}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\alien swarm\swarm.exe | 
"{3931EF89-4872-462E-BA11-1D7BB413C0FD}" = protocol=17 | dir=in | app=h:\spiele\world_of_tanks\worldoftanks.exe | 
"{3CAC60D5-7133-4B64-9B03-B3C21733ED98}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\resident evil 5\launcher.exe | 
"{3D4466FD-BDB4-4C15-BA52-7F8445A86675}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{40C58B78-9312-470F-A8E0-9A3C0C11DFAE}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game | 
"{41282BA0-D043-4DA8-9675-1B0F4C70E438}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\frontlines fuel of war\binaries\ffow.exe | 
"{42AE1DDD-3F62-4E29-BD2A-AA0D8EE77AA8}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\world in conflict\wic.exe | 
"{44C02B70-2287-42DB-BFF4-939727B5ECFF}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{44D93FAD-FB45-4756-A80D-EDDB0BE83AE8}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dead space 2\deadspace2.exe | 
"{45241F9E-75D3-4DCD-AC89-EA506E3F324C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{46C81C11-CA25-4D1B-9EDC-62C623F2B03F}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{4772615D-0E8D-46B8-85F5-F572B2627EAD}" = protocol=6 | dir=in | app=h:\spiele\jagged alliance 2 1.13\ja2.exe | 
"{4B825170-9C45-4008-AEA0-6B03D20E9F74}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bastion\bastion.exe | 
"{4BABD813-2E1B-4229-8C8F-FAF730342C55}" = protocol=6 | dir=out | app=system | 
"{4BF1335D-4C27-4D52-8268-BF863EDA512E}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{4C21C8E3-F07A-43F1-9C87-971CAFD23CB4}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\uplink\uplink.exe | 
"{4C8224F8-A5DE-44F9-98EC-442988ACC891}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{4EA61C90-A319-4F62-978D-14106B2EB8B9}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4EE4FF94-06A2-4296-AABE-E2D51C6A46CF}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe | 
"{4EF2666F-C385-4652-AED4-25EA134648A1}" = protocol=6 | dir=in | app=h:\spiele\diablo iii beta\diablo iii.exe | 
"{4FDD13EC-46FD-4932-AE44-1E13B3820EBC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{5227EC52-A000-4805-81EC-DFA4BBAE694C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\aquanox 2 revelation\aquanox 2 revelation.exe | 
"{527B2348-AB5E-4DD5-9EDF-0D41158B5C27}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{52B51AFD-325A-4705-8297-EF380B0333CC}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe | 
"{5419C04D-E9BA-4328-90DC-EEDD9522DFDB}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{5E31A03A-5F02-4E33-A3D1-94A57C14BF5A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5FEB02EC-769C-45AC-923A-5E37FDC6A667}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\endless space\endlessspace.exe | 
"{615FDDE7-8BD7-4D9A-AFFD-C6608D323ECF}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\nuclear dawn\ndsrv.exe | 
"{61AF0EAB-EE8B-4FD0-91F7-9C2EB3135B7E}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{631EF3FB-013D-4E8B-ABCA-EB55C0B53C4D}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\metro 2033\metro2033benchmark.exe | 
"{632CF575-27FB-46FD-851F-C53F3163953C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{636B92D5-95DC-48FA-B5C4-151F80260CBB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{649899CF-5DCE-46BF-9F1C-DBC02D367DF5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{661086DE-BFB2-40BF-9D1A-41EA137B69CF}" = protocol=6 | dir=in | app=h:\spiele\battlefield 3\battlefield 3\bf3.exe | 
"{661A1563-CE1B-4B3C-9364-C77987FA12C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6640FF30-8398-4FCA-A252-73CB669BA2E1}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{690EEECC-CF1A-4E34-A651-BFE3E4B52446}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{69F9A278-8E84-4B37-83D3-A8BD11763B07}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{6B7AE9F4-FEA6-4289-B919-5D5C00432918}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"{6C0D1571-3200-4D18-8AC6-20FE4184BB7B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6C349C56-86AE-4BC2-B145-9505B754CC11}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{6C62C075-69EA-4684-A2DC-72112A0942CA}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe | 
"{6D846D42-0564-408F-B9AF-3496254CC4CD}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{6E039A47-4B57-44A8-B843-3B31721D668E}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\star wars empire at war\runme2.exe | 
"{6FC5A47A-711A-4BD6-B39E-F0E17CD75E3B}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\portal 2\portal2.exe | 
"{7010F0ED-4878-4B0D-AF15-2FABDC92D3D1}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{71625203-AFFC-4216-8DC6-1421CF495482}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"{72E5018A-DD79-463D-A849-86F9370AC4C4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{73F0BA49-DA36-480B-A7CC-A73FDEC8B27D}" = protocol=17 | dir=in | app=h:\steam\steam.exe | 
"{7431EF5C-C3E1-4F46-ABBB-0936E479441D}" = protocol=17 | dir=in | app=h:\spiele\battlefield 3\battlefield 3\bf3.exe | 
"{7438F088-2F31-4267-BFD2-721B1C57FB26}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\metro 2033\metro2033benchmark.exe | 
"{768C0C27-0A5B-44BF-903B-98940E89AE03}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{77252F87-3372-4762-A28C-7F7BDF8E6EC4}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\spellforce 2 gold edition\spellforce2.exe | 
"{77885F19-CBFC-4F9C-80D5-34C85A9E6F82}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\endless space\endlessspace.exe | 
"{779CC46E-488C-44A8-85D6-4922CAF27653}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{78855A26-7AAA-4B0B-A349-E79D9E9E5A72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{794A6E9B-8E22-4AC2-B094-F07587BF6DC3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{79617A50-5E3A-4DC3-B089-EB8EAE6990CA}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{79AA13A1-0576-4409-BAEB-E63FCAD617CC}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\jabia\jaggedalliancebia.exe | 
"{7A3BBCB3-16AD-493A-8D16-5FCA17320BD1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{7AF3D74F-4873-4215-87DD-59707059BEC0}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"{7B4624C7-98EF-42E7-9B65-7DA49DFB52EC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{7B953BC0-0E29-4CB5-A9D2-618E78EB2E96}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\world in conflict\wic.exe | 
"{7DCEAF85-C9B6-4438-A326-F1BB03C6088C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\men of war\mow.exe | 
"{7E0EA513-32DE-4914-8D86-520E2F1EEDFE}" = protocol=17 | dir=in | app=h:\spiele\dayz mod\sixupdater\tools\bin\rsync.exe | 
"{8033E5F3-969F-47D4-9295-D0CCF4B3B56A}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | 
"{8035E6E5-D0C8-42F0-ADDE-3B1D163C9371}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\jabia\jaggedalliancebia.exe | 
"{80DEE278-8FA2-474D-8D46-0222E34D1983}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{81BDD170-DEE2-455B-9ECF-3B84691E824A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{81CC7392-D3CB-4D16-9046-85A052EEDA64}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{824965B5-F0D1-4458-9F66-D7443A49D906}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\nuclear dawn\nucleardawn.exe | 
"{84601283-5364-4997-9597-2A39DBFEFDD3}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe | 
"{84F4589C-8344-497B-A91C-DEA14F921167}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{87055DA8-61E7-4444-BDB2-C683035187D6}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\blood bowl legendary edition\bb_le.exe | 
"{870728F2-B390-4D92-8727-5978EE522CE9}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\defensegridtheawakening\defensegrid.exe | 
"{89BB46EC-4838-4910-91CD-21582425E8F0}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{8A7DBB31-D77D-47F0-9ED0-E40547993DE2}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\nuclear dawn\nucleardawn.exe | 
"{8B0ABF46-C1D3-4AA4-97EE-C95A5A6CB9C8}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{8BAF1640-CAF0-4DC1-9732-EE06BBCE94A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8CF0D0D2-B0EB-45E1-8883-1BDF3FD313FC}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\aquanox 2 revelation\aquanox 2 revelation.exe | 
"{8E23BF66-5482-4680-8E82-AEB1A80285B0}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\runme.exe | 
"{8E7F5399-5143-441E-884F-2D13243925AE}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{8F146568-C447-4B12-A38C-C48814E9BE5F}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game | 
"{8F9A78CD-8E3A-4806-B819-FA2F97CE770D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{91F52C52-9DB7-4611-B833-B77462F0C4EF}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{93BD4BD8-21E6-45EE-9290-93306AEF3CD0}" = protocol=17 | dir=in | app=h:\spiele\riseoflegends\legends.exe | 
"{943583E8-645B-42B1-AD59-117811DC5898}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{945B2D97-0240-4A46-8FFB-DBF13C1351B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{95DD02C9-31FF-41B7-B8B3-3EE89731D568}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\defensegridtheawakening\defensegrid.exe | 
"{95E76079-5499-4565-A272-4B6A149CB436}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\arma 2\arma2.exe | 
"{96F60E36-6D8F-436E-BA65-2582AAEEB8A9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{97A42EB3-3762-4C00-9051-3C8EA2E684D8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{98D62064-EAE4-4450-AF61-17941F209A07}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"{99CC8DC0-CEB9-4A1D-9271-3DDE472DB94C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9B25CCE0-98A6-49DA-9D7D-FE96678E084E}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{9DE25322-2DB6-4C06-B929-4164F33EFE7C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dawn of war gold\w40k.exe | 
"{9DEB2FB9-5546-4183-8F10-FC53B1720289}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\blood bowl legendary edition\bb_le.exe | 
"{9FFF4A56-6C41-40DE-A165-6260FCD87222}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\red orchestra\system\redorchestra.exe | 
"{A3CC6865-185E-4CBA-9ACF-C787C3EA4A04}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{A3F48B95-9604-4218-8BC3-453CB365FBB1}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{A8CD662A-E961-4EA2-9D3E-21DFCAFA6C6B}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\spellforce 2 gold edition\spellforce2.exe | 
"{A9268D7A-844E-4993-A52B-E756E2D80159}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game | 
"{AAA36C42-91C7-454D-8343-DE7E50F8EFBB}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\alien swarm\srcds.exe | 
"{ACE58FBD-C6F8-48E1-889E-EB9B6E42F766}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\magicka\magicka.exe | 
"{ADA733B5-A47C-4184-AB50-683E99AFA2B0}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | 
"{AE6A1B0E-4068-4612-85E1-A67EA46D0D03}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe | 
"{AE7BFB69-FA94-4A3D-B1FC-E1A8028241A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{AFD326E7-8A9F-4C84-B2CC-BD788D4874A9}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{B064AA7B-54A0-4BD0-880E-398385970325}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\magicka\magicka.exe | 
"{B0BA49F1-5132-45DE-B113-3AE52846B5D1}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\mount and blade\runme.exe | 
"{B1B9456B-678D-4657-B613-71E263A37E90}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{B30331DC-014A-400A-B60F-FA698FA6CCF2}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{B4DE34D2-03A4-46EE-B6EC-87DF224AD8A4}" = protocol=6 | dir=in | app=h:\steam\steam.exe | 
"{B5185734-53BD-49BD-AD61-287C97EB6C24}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{B5E353C7-659D-405E-B11D-35D9DA1682EF}" = protocol=17 | dir=in | app=h:\spiele\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{B5FDFDDB-3805-4361-B99E-993F914B02F8}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{B61834D3-27B2-4AC3-B23B-CAFBDEA5862C}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\the witcher 2\launcher.exe | 
"{B7C0AF9A-49F8-49CF-A92A-2427BCCF9AEE}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\frontlines fuel of war\binaries\ffow.exe | 
"{B8324ABE-ED7C-447C-BE82-58C561426212}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B90F4923-2110-42BB-9737-BEAE4F24DC54}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{B92333F3-4984-454E-B551-5C420D048B17}" = protocol=6 | dir=in | app=h:\spiele\world_of_tanks\worldoftanks.exe | 
"{B936E0D3-9972-49A2-BD41-8CBDAFB3A973}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{BA47585E-EA39-4AE4-9F41-FCD55EB51ED0}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe | 
"{BACC6F14-1D3E-41CF-BD55-F86C2D50521C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe | 
"{BE4A8F5C-7052-4975-AF0F-C2E967EB1FDF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BF021BB8-BDA0-4FD8-8AF0-AA85058BA7CC}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dawn of war gold\w40kwa.exe | 
"{BF38D7E4-8FEA-43E3-BF31-7992DEAA301D}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{BF9C5946-759B-4DCA-802A-B928DBEC4DFB}" = protocol=17 | dir=in | app=h:\spiele\diablo iii beta\diablo iii.exe | 
"{BFAD2A9D-08B6-4A31-94F4-3B355FFEA4CA}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe | 
"{BFC09437-DF62-40F3-B662-0F1DB603E291}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{C0633FBE-38E4-41BA-8ADE-B1A61D0AE60D}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\arma 2\arma2.exe | 
"{C1C7451F-7EEE-401E-BBE3-B0CB214C3BC4}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm | 
"{C22B50BB-2BB6-4F6B-B900-8835E2ECB2F2}" = protocol=17 | dir=in | app=h:\spiele\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{C3B20773-C103-4CFD-A9B7-8DFBF9361CFC}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\alien swarm\srcds.exe | 
"{C674B5AF-A57E-494C-BAAF-1CDD2D901665}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{C6B00BFF-104D-4AA7-BD45-5DB4AB99E3E3}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\men of war\mow.exe | 
"{C7ED05B9-43B3-4985-8FB6-5CD387A56940}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C84BEDEA-9B98-45F8-96E6-120FB3827CEB}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{C8A943DA-E2B2-4B2C-A8AF-6ECFCE5394B4}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{C9DDFDF8-CAB1-4590-8F9E-09EBF0B28C72}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{CA0BBCDC-0D2A-4E16-BC19-ECCFACD0922F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{CA65FCA3-E9F0-4AEE-9660-CA362B26DD12}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{CC117F4D-86A6-4A82-B011-4A321998B79E}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bioshock\builds\release\bioshock.exe | 
"{CEC490A2-DC5F-4B35-ADE8-58CB2F808AE8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CEF7E7EF-EF69-49BE-8588-37DF1A6B925A}" = protocol=17 | dir=in | app=h:\spiele\riseoflegends\legends.exe | 
"{CF011651-CD82-4492-9B82-FFAA4FE83148}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{CF01EC4A-3096-425D-B70D-56385F025125}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | 
"{CF095D8A-2A11-4C5E-927E-941C32DFB03E}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"{CF86C85C-50B5-45BB-994E-06FB0AB04696}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{D0EC1757-F5E1-4D73-97F2-82374E668B92}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"{D0F96244-4F27-43C0-804D-EA89C5396BCD}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{D1149103-7178-4D29-B9EC-DAFF6DAE2AF8}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{D11FC949-DB05-4647-9CC9-024884FCC7C8}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"{D2A060F3-4791-4DA0-92DA-AE8D43EC135D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D465A636-4275-4B54-93E7-D26931E220FC}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{D493DF0C-B3A2-446D-85EE-E18BE5904927}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D75F7C35-D96A-4410-A33B-3AF7EBA547F6}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\portal 2\portal2.exe | 
"{D7D2725F-3A2A-4275-BF05-ED2E784E3A3E}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\red orchestra\system\redorchestra.exe | 
"{D96D57BA-AACB-4316-9B44-1E15741063A7}" = protocol=6 | dir=in | app=h:\spiele\dayz mod\sixupdater\tools\bin\rsync.exe | 
"{DAD4F714-E2C1-46BD-876E-9788B5DFCE68}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DCD71478-2FF6-47BF-8819-F0E5A22814C8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{DD6BE402-34A3-4412-B194-5E6ED9D4424B}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{DE1151BC-DD7E-427D-A4AD-B691A551A7E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DEDB8E87-48C7-42D0-9FBF-2F61124D5293}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{DF0693E3-0F3C-4BA7-A7E9-32D7EE0CEEF2}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\rise of immortals\roiclientr.exe | 
"{DF129AA6-00C2-4ACA-A89E-45F0F5524851}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bioshock\builds\release\bioshock.exe | 
"{E0704B9C-46D1-477D-B072-E15E9D7410C1}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{E14B3C1B-50DC-474C-9330-BA8224BC115C}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dead space 2\deadspace2.exe | 
"{E1C75C26-8229-4707-B60F-53F038C2EAB5}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E305F0CF-EF42-4F88-B7C4-A6F82EDAEBFF}" = protocol=17 | dir=in | app=h:\spiele\world_of_tanks\wotlauncher.exe | 
"{E3DDF888-6825-4685-864C-C6A5BA6D5A0F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E43A8DEB-3497-4FBF-AE8C-414ADC32A57C}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{E48AAD9E-31CD-44D8-AB55-2A044F83C316}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{E4DD6C9D-D396-433B-9D8D-0E425F4357A7}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\men of war\mow_editor.exe | 
"{E580CF47-8FC1-4821-B8D2-925DC8D25E43}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{E5923AEE-34A3-412A-8275-637ABC0ECA85}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{E812634C-E3BC-4D0C-B8D0-2EFB0F57C901}" = protocol=17 | dir=in | app=h:\spiele\jagged alliance 2 1.13\ja2.exe | 
"{E93EDF5F-CC12-4953-A75F-3435E86EF8FD}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\star wars empire at war\runme.exe | 
"{E9A7F64C-BF57-483D-AE26-E8F8F45B7457}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"{EB23927F-7472-48DC-B9E6-251B47602DC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC7E9F31-01A3-41E2-85E3-E609E12B4AED}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{ECB8AC13-57D5-4C1B-9791-E1D7B69F6886}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{EE6C7293-4C9B-4F5E-8EC6-9A14B7C26E3B}" = protocol=6 | dir=in | app=h:\spiele\world_of_tanks\wotlauncher.exe | 
"{EF0F896A-3F12-4D24-9F40-70FCF9B2C2DE}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm | 
"{EFB20FBD-9F24-4F75-B616-0AA994095C46}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{EFFFBAF3-3564-4F13-B3EB-B568E92BB407}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{F022F000-8D9E-42F3-AB80-EF59E5A181D2}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\red orchestra\system\redorchestra.exe | 
"{F0561BF7-6166-4416-A257-77FF5D328416}" = protocol=6 | dir=in | app=h:\spiele\riseoflegends\legends.exe | 
"{F1222B9F-684F-46FD-8F98-FCACABB6D074}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\defensegridtheawakening\defensegrid.exe | 
"{F192B376-68D2-4748-96AC-84E0F4BB3A9D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{F2AEC6F8-2DAE-4763-9E0F-3A1D7038A9D1}" = protocol=6 | dir=in | app=h:\spiele\riseoflegends\legends.exe | 
"{F2D43FDF-2463-4DBC-A06B-9FD557D8BD27}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F39F79E4-F42D-4803-8D39-27FF8CEF46DD}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dawn of war gold\w40kwa.exe | 
"{F3BAED33-2FB5-4254-A629-83BA6A231161}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\resident evil 5\launcher.exe | 
"{F3D7103E-B44D-4418-B950-C7B5FAB8CB78}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{F51C5CCA-3DB1-444D-8455-59968BEF1005}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe | 
"{F7E74306-7315-47BC-B330-650555F4AB16}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\star wars empire at war\runme2.exe | 
"{F7FE06F4-6CB0-43E1-B29D-4F5E2DAB3CD3}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\runme.exe | 
"{F830EDFC-9D80-430D-A049-6BF7DD235B7D}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | 
"{F9D04A00-AAAA-4C08-88C7-B7874A50C14A}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\nuclear dawn\ndsrv.exe | 
"{F9EDB6E2-8AD9-4D0C-9B95-CCDDD7609486}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe | 
"{FB4D95D6-7EA4-4B9B-BC86-CCC424F29D09}" = protocol=58 | dir=in | app=system | 
"{FEB6FA11-11A3-465B-B65D-510F7BFDF9C3}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\the witcher 2\launcher.exe | 
"{FEE48C2B-139D-4835-887F-91A547654691}" = protocol=6 | dir=in | app=h:\spiele\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{FF448381-051B-4AFA-A5B4-8F56E923E34C}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"TCP Query User{3EB173E8-450A-43F7-AE6B-D6F202A2B59B}H:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"TCP Query User{3F73644B-BFDC-439C-AAF0-5B7F0F60B339}H:\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\red faction guerrilla\rfg.exe | 
"TCP Query User{474CE72F-F3C3-40D9-9047-EAB22E582B42}H:\spiele\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=h:\spiele\world_of_tanks\wotlauncher.exe | 
"TCP Query User{5360E603-7A6F-4546-84AF-13CEA0C9F3AB}H:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{66E8484C-36B7-4A64-A7C6-46DBC943D04E}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe | 
"TCP Query User{8059257A-42B1-4695-8016-147E27D4A196}H:\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"TCP Query User{806B0B03-EC9A-43C0-B271-CD08BDA110DD}H:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{8959B205-FEE8-4AF9-B41A-6EA618550B9B}H:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"TCP Query User{90E3D97D-9F95-4D99-A03B-C3F2278EC4A1}H:\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\resident evil 5\re5dx10.exe | 
"TCP Query User{97FA0EE7-3ACD-4E27-8AEB-A4DF79620361}H:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"TCP Query User{99578384-FD7A-44F7-AE8B-9BE5473C2DCA}H:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"TCP Query User{A96954F6-E537-4377-BFA1-8F212067114D}H:\steam\steamapps\common\metro 2033\metro2033benchmark.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\metro 2033\metro2033benchmark.exe | 
"TCP Query User{AA6F90C8-399C-4A69-A900-86B8748563A5}H:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"TCP Query User{AA86C264-EE75-45A6-8DC3-739E64FECE59}H:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game" = protocol=6 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game | 
"TCP Query User{B62B41CC-502D-4212-9E96-C616276304A0}H:\spiele\hon\hon.exe" = protocol=6 | dir=in | app=h:\spiele\hon\hon.exe | 
"TCP Query User{BA2C49F0-1352-4129-953B-87C7DD56FC25}H:\spiele\jagged alliance 2 1.13\ja2.exe" = protocol=6 | dir=in | app=h:\spiele\jagged alliance 2 1.13\ja2.exe | 
"TCP Query User{BAE326F2-E3E4-4B9C-99C0-AD7EFD6A972A}H:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{C9D45886-1DCE-446B-9C34-C3230DFFFF19}H:\steam\steamapps\mendix_fa\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\mendix_fa\team fortress 2\hl2.exe | 
"TCP Query User{D08E0577-CF6D-401B-8DCD-A9F87A9485D5}H:\spiele\dayz mod\sixupdater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=h:\spiele\dayz mod\sixupdater\tools\bin\rsync.exe | 
"TCP Query User{E558CE7C-61E8-42A1-BC3C-BD3F583C5B4A}H:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{EEF9C078-4F1F-487F-B240-EE357D889F2B}H:\spiele\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=h:\spiele\world_of_tanks\worldoftanks.exe | 
"TCP Query User{EFFCE807-30C4-47B1-A579-F75688D5D872}H:\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=h:\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game | 
"UDP Query User{0CC94B93-D525-4CB4-BB3E-AB5AB689BDD6}H:\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"UDP Query User{0D56274C-DDB4-45FA-86FF-E89B83513C52}H:\steam\steamapps\mendix_fa\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\mendix_fa\team fortress 2\hl2.exe | 
"UDP Query User{166A4FBC-AF0D-4AF3-ACB6-5A1CD728A8F1}H:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game" = protocol=17 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game | 
"UDP Query User{1E64C3D6-03BA-40C2-BF79-ADAFF48C45CC}H:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{58CEB475-5888-4F21-AD5D-CBEA5ECCE9C8}H:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"UDP Query User{5BF6A894-ADA4-4DF4-8FC9-8A0002F861D4}H:\spiele\jagged alliance 2 1.13\ja2.exe" = protocol=17 | dir=in | app=h:\spiele\jagged alliance 2 1.13\ja2.exe | 
"UDP Query User{63B0490F-C903-4144-870F-E51672408F09}H:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"UDP Query User{6AA8E06E-91E4-41D6-9FA5-30314A6D310D}H:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{76559B8F-1FB4-43D3-9A84-D223F9CEC028}H:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{88FC5085-34F2-4F64-9DF4-23334BBDF56F}H:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"UDP Query User{913A8A12-0262-41D3-89E0-D08B824F6BF6}H:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{94748DF3-C2D8-40AB-A15F-A1F04B46E3E1}H:\spiele\hon\hon.exe" = protocol=17 | dir=in | app=h:\spiele\hon\hon.exe | 
"UDP Query User{9528726D-C53E-4C9D-89E9-B743D5B5135C}H:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"UDP Query User{BC281130-7788-44BE-89A1-E2088342883D}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe | 
"UDP Query User{C1F49D16-BE2A-4C5C-B9EC-93A9A41DFFDC}H:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"UDP Query User{C29240FF-DB0A-4179-8A9E-122DB2B4CD09}H:\steam\steamapps\common\metro 2033\metro2033benchmark.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\metro 2033\metro2033benchmark.exe | 
"UDP Query User{C6A7681D-3487-45F8-9905-9EAF6F9B632F}H:\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=h:\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game | 
"UDP Query User{CABD14D7-0DB2-44CA-B776-B2CA4A150BAE}H:\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\red faction guerrilla\rfg.exe | 
"UDP Query User{D94B0E46-D5E7-4B00-B1EE-77A64B9B84C3}H:\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\resident evil 5\re5dx10.exe | 
"UDP Query User{DFD18433-28C0-44CE-BEC5-33CFD9F35EBE}H:\spiele\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=h:\spiele\world_of_tanks\wotlauncher.exe | 
"UDP Query User{EDCE29E8-0262-44A2-B6CA-492999A938C3}H:\spiele\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=h:\spiele\world_of_tanks\worldoftanks.exe | 
"UDP Query User{F688A9F9-4511-461B-A272-91E7FBB6B5CB}H:\spiele\dayz mod\sixupdater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=h:\spiele\dayz mod\sixupdater\tools\bin\rsync.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5454085C-129F-416C-9C0B-8B1000048301}" = BioShock 2
"{56BBD647-0547-41FC-9245-AD7AC3CABF28}_is1" = Jagged Alliance 2 Wildfire
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DC1F4DB8-FC61-4669-93D3-80722348102D}" = DayZ Commander
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"Counter-Strike: Source v17" = Counter-Strike: Source v17
"Desura" = Desura
"DivX Setup.divx.com" = DivX-Setup
"Eastern Front" = Eastern Front
"ESN Sonar-0.70.4" = ESN Sonar
"FreeMat" = FreeMat
"Giraffic" = Veoh Giraffic Video Accelerator
"Homeworld2" = Homeworld2
"Homeworld2 v1.2 patch_is1" = Homeworld2 v1.2.16
"hon" = Heroes of Newerth
"InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Samsung ML-1660 Series" = Wartung Samsung ML-1660 Series
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 102600" = Orcs Must Die!
"Steam App 107100" = Bastion
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 12210" = Grand Theft Auto IV
"Steam App 1280" = Darkest Hour: Europe '44-'45
"Steam App 1510" = Uplink
"Steam App 17480" = Command and Conquer: Red Alert 3
"Steam App 17710" = Nuclear Dawn
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 204100" = Max Payne 3
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 208140" = Endless Space
"Steam App 21760" = World in Conflict
"Steam App 21910" = World in Conflict: Soviet Assault
"Steam App 24240" = PAYDAY: The Heist
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 32470" = Star Wars: Empire at War Gold
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 39160" = Dungeon Siege III
"Steam App 39550" = Spellforce 2: Gold Edition
"Steam App 39640" = AquaNox 2: Revelation
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 4560" = Company of Heroes
"Steam App 47780" = Dead Space 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 64000" = Men of War: Assault Squad
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7830" = Men of War
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 9340" = Company of Heroes: Opposing Fronts
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3147216635-1738779730-3799929888-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.07.2012 06:49:55 | Computer Name = DolphLundgren | Source = MsiInstaller | ID = 11327
Description = 
 
Error - 23.07.2012 06:51:38 | Computer Name = DolphLundgren | Source = MsiInstaller | ID = 11327
Description = 
 
Error - 23.07.2012 07:17:23 | Computer Name = DolphLundgren | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
 nicht initialisiert werden.  Details: Could not query the status of the EventSystem
 service.  System Error: Der Computer wird heruntergefahren.  .
 
Error - 23.07.2012 13:43:36 | Computer Name = DolphLundgren | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 166c    Startzeit:
 01cd68d2318b1365    Endzeit: 57    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 eb73a51e-d4ed-11e1-9909-6cf04971042f  
 
Error - 26.07.2012 10:51:51 | Computer Name = DolphLundgren | Source = VSS | ID = 12305
Description = 
 
Error - 29.07.2012 15:19:18 | Computer Name = DolphLundgren | Source = Application Hang | ID = 1002
Description = Programm left4dead2.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: a1c    Startzeit: 
01cd6dbc77f31e08    Endzeit: 0    Anwendungspfad: h:\steam\steamapps\common\left 4 dead 
2\left4dead2.exe    Berichts-ID:   
 
Error - 29.07.2012 18:31:20 | Computer Name = DolphLundgren | Source = Application Hang | ID = 1002
Description = Programm arma2oa.exe, Version 1.62.95.248 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7d4    Startzeit: 
01cd6dd9208850a7    Endzeit: 112    Anwendungspfad: H:\Steam\SteamApps\common\arma 2 operation
 arrowhead\Expansion\beta\arma2oa.exe    Berichts-ID:   
 
Error - 29.07.2012 18:36:35 | Computer Name = DolphLundgren | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: arma2oa.exe, Version: 1.62.95.248,
 Zeitstempel: 0x500d59cb  Name des fehlerhaften Moduls: arma2oa.exe, Version: 1.62.95.248,
 Zeitstempel: 0x500d59cb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002a2063  ID des fehlerhaften
 Prozesses: 0x5bc  Startzeit der fehlerhaften Anwendung: 0x01cd6dd9e52cdf12  Pfad der
 fehlerhaften Anwendung: H:\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
Pfad
 des fehlerhaften Moduls: H:\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
Berichtskennung:
 d9b95aca-d9cd-11e1-998d-6cf04971042f
 
Error - 29.07.2012 18:51:13 | Computer Name = DolphLundgren | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e78    Startzeit: 
01cd6dcfb50bdc24    Endzeit: 29    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 e3cea10b-d9cf-11e1-998d-6cf04971042f  
 
Error - 04.08.2012 06:16:22 | Computer Name = DolphLundgren | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00039952  ID des fehlerhaften
 Prozesses: 0x1aa0  Startzeit der fehlerhaften Anwendung: 0x01cd722a2ff24ceb  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\rundll32.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 705e86f2-de1d-11e1-921e-6cf04971042f
 
[ System Events ]
Error - 16.08.2012 04:33:24 | Computer Name = DolphLundgren | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 16.08.2012 04:33:25 | Computer Name = DolphLundgren | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 16.08.2012 04:33:51 | Computer Name = DolphLundgren | Source = bowser | ID = 8003
Description = 
 
Error - 16.08.2012 09:29:27 | Computer Name = DolphLundgren | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 16.08.2012 09:29:27 | Computer Name = DolphLundgren | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 16.08.2012 15:30:24 | Computer Name = DolphLundgren | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 16.08.2012 16:11:09 | Computer Name = DolphLundgren | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 17.08.2012 03:45:37 | Computer Name = DolphLundgren | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 17.08.2012 03:45:37 | Computer Name = DolphLundgren | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 17.08.2012 03:46:03 | Computer Name = DolphLundgren | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
__________________

Alt 17.08.2012, 15:16   #4
t'john
/// Helfer-Team
 
deo0_sar.exe in der Appdata\local\Temp - Standard

deo0_sar.exe in der Appdata\local\Temp



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?source=gama&hl=de" 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) 
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found 
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - F:\Programme\ip vermixer\Hotspot Shield\HssIE\HssIE_64.dll File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
[2012.08.04 12:16:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad 
[2012.08.04 12:16:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad 
[2012.06.05 12:25:33 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AVG2012 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.08.2012, 01:35   #5
fabfabe
 
deo0_sar.exe in der Appdata\local\Temp - Standard

deo0_sar.exe in der Appdata\local\Temp



Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-3147216635-1738779730-3799929888-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3147216635-1738779730-3799929888-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "hxxp://www.google.com/ig?source=gama&hl=de" removed from browser.startup.homepage
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4\ deleted successfully.
C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\ras_0oed.pad moved successfully.
C:\ProgramData\23lldnur.pad moved successfully.
C:\Users\Fabian\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\Fabian\AppData\Roaming\AVG2012 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Fabian\Desktop\cmd.bat deleted successfully.
C:\Users\Fabian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Fabian
->Temp folder emptied: 263417264 bytes
->Temporary Internet Files folder emptied: 81411401 bytes
->Java cache emptied: 4489747 bytes
->FireFox cache emptied: 692711376 bytes
->Flash cache emptied: 28024 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 454306 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70195900 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 824637531 bytes
 
Total Files Cleaned = 1.882,00 mb
 
 
OTL by OldTimer - Version 3.2.57.0 log created on 08182012_022618

Files\Folders moved on Reboot...
C:\Users\Fabian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Fabian\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         


Alt 18.08.2012, 14:44   #6
t'john
/// Helfer-Team
 
deo0_sar.exe in der Appdata\local\Temp - Standard

deo0_sar.exe in der Appdata\local\Temp



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> deo0_sar.exe in der Appdata\local\Temp

Alt 29.09.2012, 20:56   #7
t'john
/// Helfer-Team
 
deo0_sar.exe in der Appdata\local\Temp - Standard

deo0_sar.exe in der Appdata\local\Temp



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu deo0_sar.exe in der Appdata\local\Temp
administrator, anti-malware, antivir, appdata, auswertung, autostart, code, dateien, explorer, fehler, frage, gelöscht, log, malwarebytes, microsoft, programm, quarantäne, roaming, service, speicher, temp, test, trojaner, version



Ähnliche Themen: deo0_sar.exe in der Appdata\local\Temp


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. C:\Users\Be\AppData\Local\Temp\OCS Virus gefunden?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2014 (14)
  3. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  4. C:\Users\*****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (3)
  5. C:/Users/User/AppData/Local/Temp/er_00_0_l.exe
    Log-Analyse und Auswertung - 17.10.2012 (4)
  6. C:\Users\Name\AppData\Local\Temp\g7i0ol_kaz.exe, was ist das??
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (15)
  7. c:\users\***\appdata\local\temp\vcplt.dll
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (21)
  8. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  9. Avira findet TR/EyeStye.N.1213 unter C:\User\***\AppData\Local\Temp\203.temp
    Log-Analyse und Auswertung - 31.10.2011 (5)
  10. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  11. C:\windows\system32\AppData\Local\Temp\Kg0.exe
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (9)
  12. TR/FraudPack.kvb.76 in C:\Users\***\AppData\Local\Temp\Fj0.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (4)
  13. TR/Crypt.XPACK.Gen in -> AppData\Local\Temp\BIT6C2E.tmp
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (15)
  14. Virus unter C:\Users\***\AppData\Local\Temp
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (2)
  15. XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (10)
  16. TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe
    Log-Analyse und Auswertung - 14.03.2010 (18)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)

Zum Thema deo0_sar.exe in der Appdata\local\Temp - Hallo, mein antivir programm hat die datai deo0_sar.exe gefunden und auch in quarantäne geschickt. nun bekomme ich den fehler das in der appdata\local\temp die exe nicht gestartet werden konnte. ich - deo0_sar.exe in der Appdata\local\Temp...
Archiv
Du betrachtest: deo0_sar.exe in der Appdata\local\Temp auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.