Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.09.2012, 12:46   #1
semmel3
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Frage

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



Ich war abei meinen Systemstart malwieder in ordnung zu bringen und stoß auf eine datei namens thbcn womit ich nichts anfangen konnte. Ich hab daraufhin versucht mich in google schlau zu machen und fand ein Thema hier im Forum mit etwa den ähnlichen geschielderten Problemen. Hab dann auch direkt den Malwarrebytes Quickscan durchegführt und es wurden 42 infizierte Datein gefunden unter anderem jede menge PUP.Blappers ( was auch immer das ist ) und ein Triojan.Hoaxsms. Ich hoffe mir kann jemand weiter helfen und schonmal danke im Vorraus.
Ich bin auch gerade dabei ein kompletten Scan von Avira-Antivirus durchzuführen vllt findet der ja auch was obwohl ich das eigentlich regelmäsig mache!

Hier die log-datei vom Quick scan :

Zitat:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Semmel3 :: SEMMEL3-PC [Administrator]

28.09.2012 13:25:35
mbam-log-2012-09-28 (13-42-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202348
Laufzeit: 3 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 25
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\Software\SkyMedia (Adware.SkyMedia) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 14
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Semmel3\Downloads\Microsoft Office 2010.exe (Trojan.Hoaxsms) -> Keine Aktion durchgeführt.
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Semmel3\Downloads\youtube-downloader_new.exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.

(Ende)
Ich habe auchnoch ein scan mit OTL mit Perametern wie in dem verwanten Forum durchgeführt hier die 2 Texdatein:

OTl-text
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.09.2012 14:03:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Semmel3\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,85% Memory free
15,92 Gb Paging File | 13,45 Gb Available in Paging File | 84,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1432,34 Gb Free Space | 76,89% Space Free | Partition Type: NTFS
Drive D: | 4,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SEMMEL3-PC | User Name: Semmel3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Semmel3\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Users\Semmel3\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Users\Semmel3\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\program files (x86)\avira\antivir desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Semmel3\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Semmel3\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Users\Semmel3\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Gizmo Central) -- C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KORGUMDS) -- C:\Windows\SysNative\drivers\KORGUM64.SYS (KORG INC.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (GizmoDrv) -- C:\Windows\SysNative\drivers\gizmodrv.sys (Arainia Solutions LLC)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=vit4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 1E 10 43 96 49 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {4327FABE-3C22-4689-8DBF-D226CF777FE9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = hxxp://starwebsearch.com/index.php?from=4&q={searchTerms}
IE - HKCU\..\SearchScopes\{FCBEBBEA-AD82-4B47-8174-B91EEF715793}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchplusnetwork.com/?sp=vit4"
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://www.searchplusnetwork.com/?sp=vit4&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.25 19:31:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 11:10:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.18 15:37:57 | 000,000,000 | ---D | M]
 
[2011.01.08 20:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Extensions
[2012.09.15 19:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions
[2011.04.19 16:00:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.21 11:38:37 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2012.07.16 14:02:47 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com
[2012.09.15 19:17:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\ich@maltegoetz.de
[2011.08.28 13:19:22 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\youtube2mp3@mondayx.de.xpi
[2012.08.07 14:29:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.18 20:46:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012.09.02 15:17:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a6_expire
[2012.09.11 01:11:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire
[2012.09.28 13:33:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012.09.28 13:33:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012.08.13 00:13:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire
[2012.08.17 11:31:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire
[2012.09.28 13:17:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire
[2012.08.28 13:09:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire
[2012.09.25 16:56:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012.09.28 13:33:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire
[2012.09.04 21:30:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire
[2012.09.28 13:56:09 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire
[2012.07.24 20:11:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7acafe2d3e4c14a116bde4e028813ba7_expire
[2012.09.04 19:33:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire
[2012.09.28 13:17:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire
[2012.08.19 19:43:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9803c283e94e743374151c4bbe60a5df_expire
[2012.09.28 13:17:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2012.09.28 13:33:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire
[2012.09.20 12:55:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire
[2012.08.27 22:32:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b5bc7084382de95cb69790e5d10db338_expire
[2012.09.28 13:33:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire
[2012.07.24 20:11:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c1c44ca1d695da7ece0f59471a8950a1_expire
[2012.08.19 19:43:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire
[2012.08.13 01:42:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d2458fd784f4eb7cff549c598cd14651_expire
[2012.08.18 14:04:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire
[2012.09.20 12:55:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire
[2012.08.23 01:26:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf0952274624_expire
[2012.09.28 13:33:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012.09.28 13:33:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire
[2012.09.28 13:33:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012.09.25 16:56:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012.09.25 16:56:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2011.08.05 13:18:02 | 000,002,125 | ---- | M] () -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\searchplugins\GoogleFeed.xml
[2012.07.16 14:02:48 | 000,002,792 | ---- | M] () -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\searchplugins\Plusnetwork.xml
[2012.05.15 15:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.08 11:10:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.13 16:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 20:08:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 16:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 16:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 16:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 16:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll File not found
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Semmel3\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E8E9CFC-3CD5-464C-9C0A-C8674660156B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AACA96B-FDA6-4FD6-BE38-B7A3B95D772A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3E2BEF1-762D-4321-B489-A8635273DA18}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.06.27 00:29:39 | 000,000,022 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d7c2763a-816f-11e1-8180-20cf30bbd32d}\Shell - "" = AutoRun
O33 - MountPoints2\{d7c2763a-816f-11e1-8180-20cf30bbd32d}\Shell\AutoRun\command - "" = E:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.28 13:59:31 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.09.28 13:25:08 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\AppData\Roaming\Malwarebytes
[2012.09.28 13:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.28 13:24:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.28 13:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.28 13:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.26 12:35:22 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.22 14:24:30 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 14:24:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 14:24:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 14:24:29 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 14:24:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 14:24:29 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 14:24:29 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.20 16:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012.09.20 16:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012.09.20 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Guild Wars 2
[2012.09.12 13:04:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 13:04:02 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 13:04:01 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 13:04:01 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.08.30 10:26:35 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Games for Windows - LIVE Demos
[2012.08.30 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Spartan
[2012.08.30 03:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Wonderful End of the World Trial
[2012.08.30 02:55:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012.08.30 02:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012.08.30 02:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.28 13:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.28 13:24:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.28 13:24:12 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 13:24:12 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 13:22:39 | 001,541,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.28 13:22:39 | 000,669,456 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.28 13:22:39 | 000,628,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.28 13:22:39 | 000,137,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.28 13:22:39 | 000,112,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.28 13:16:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.28 13:16:37 | 2115,280,895 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.20 16:10:52 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.09.10 02:42:27 | 000,435,725 | ---- | M] () -- C:\Users\Semmel3\Desktop\sicherung arbeit.odt
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.28 13:24:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.20 16:10:52 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.09.10 02:41:34 | 000,435,725 | ---- | C] () -- C:\Users\Semmel3\Desktop\sicherung arbeit.odt
[2012.08.30 02:55:03 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.04.09 23:07:33 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2012.04.08 22:37:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.04.08 22:37:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.04.08 22:37:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.25 05:41:08 | 000,007,597 | ---- | C] () -- C:\Users\Semmel3\AppData\Local\Resmon.ResmonCfg
[2011.06.10 17:20:40 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.06.10 17:20:40 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011.01.19 12:07:17 | 000,000,095 | ---- | C] () -- C:\Users\Semmel3\AppData\Local\fusioncache.dat
[2011.01.18 08:15:22 | 001,540,406 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.18 08:12:35 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.18 08:12:33 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.18 08:12:31 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.01.17 18:45:14 | 000,000,600 | ---- | C] () -- C:\Users\Semmel3\AppData\Roaming\winscp.rnd
[2011.01.08 20:27:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.08 19:57:20 | 000,027,504 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.01.08 19:56:10 | 000,019,533 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.01.08 19:56:10 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


Otl-Extras

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.09.2012 14:03:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Semmel3\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,85% Memory free
15,92 Gb Paging File | 13,45 Gb Available in Paging File | 84,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1432,34 Gb Free Space | 76,89% Space Free | Partition Type: NTFS
Drive D: | 4,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SEMMEL3-PC | User Name: Semmel3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D89D08-76C7-437F-8061-2218A66A6BCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{04A5FF94-E827-48BF-B14E-F95B15AF5774}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0C5CA600-5847-4EAC-ACF2-AD51F93986D4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0ED68441-E2BB-412B-AE60-BB2C46B7EBEA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{168E2F66-B90D-45DE-8DCF-82F614CC0313}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{289483AB-06BD-41FA-85EB-DD4E326EF51A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{298CF00C-9ABA-4CE4-B648-A9EC39FB8E8E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2B79A649-7AD2-46C4-ABF5-D57EA3BBF4E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2EFDB6D1-8CE8-4853-BD7F-B3AA3ACF899F}" = lport=49168 | protocol=6 | dir=in | name=akamai netsession interface | 
"{2F44BCC5-BC13-4AAB-A782-E0F3A77620C3}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{442AB8F5-8D04-4252-A35D-38FE1A62473C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{48EB8F4D-37D4-458C-88DB-0B783695834D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D5DA65E-7F51-40BA-BE6B-955009B2EE4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{65097C6C-A337-40E0-9E08-4ECED3F820B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F62DFE7-4177-4C3E-92D5-78D239CDE950}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6FD666CF-C087-4D88-8E09-8121B7B39402}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{702D77F1-7D87-421D-97B8-28062361C9DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{75D71D67-CD46-4C0C-955F-A8DEFCF3452F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{87D3A8EF-A493-4720-827D-05332F152405}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8A2EDED2-4748-44D4-B6E4-49AAB74C0C5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8BA8EC31-8549-49D2-9409-21D110A9FE5C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9B429D87-9F66-4AB3-8D4B-8F072F0170B0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{9F95ED39-CBFE-4A70-AF92-7F3494A882CE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A6A19C95-0AF3-4A31-B4FA-326CEEB3B9D5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BB7D3CC5-F113-4EA9-BDCE-B50AEAC77845}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7A59223-BD9C-4A53-BF77-7DDC7DE6B14B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CA40648F-6BFE-4452-A214-9965DCBE0395}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D693F4FA-7A32-427D-8301-FBC4CB8D61C9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D6A69205-67ED-4E11-8C1D-87330448C510}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC1D6C78-CDF7-4A7E-8669-AE475B30D4A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DF50F3F9-B392-4CE5-8D8C-56012292325C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E03AC141-0602-421B-83E0-D5C1C390AC65}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FF266D2B-7CF5-48B6-89F3-DB6D162E94B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015E7DFA-E039-4FBE-AE12-1A8ED924A7D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mother99\counter-strike source\hl2.exe | 
"{01DCB31E-28CF-4F69-BE48-3A636FB95B97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{02DF55F6-A590-45F2-8FBA-D727A0849359}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforever.exe | 
"{17FE9864-EB12-4313-A356-54736DCB7CED}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{1F0B4EE5-998F-416A-9ABC-5860758BA037}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforeverlauncher.exe | 
"{21ACC931-BD3B-4235-B48B-846A65DAA4E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{261228B9-79B5-4D50-B3BF-2E803EF65CB3}" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"{28DF8BD9-2BF0-451D-9DB7-309ECEE92925}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2A0FB448-974D-4C13-BDD5-FE10BD88A5EA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{2C8CB090-7317-4F67-9951-2E7616A13B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"{2DEC89C9-F931-4504-9136-566581529314}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{2E6BC299-95C0-44C9-B0CF-1F13C1DB57B6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{32FC71EB-BC3E-495A-9914-AC3C1334FC02}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3327864F-7518-4BCC-81FE-A72C20BD5030}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{3371047D-8F44-4806-A723-AF4F9044C32C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{34001BB9-C9D4-441E-A3B1-69DBDAAF3B03}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{34F2F701-A54F-47E7-B80A-A66C043836FD}" = dir=out | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe | 
"{3DAC82E0-0CF2-4A6A-8655-1E4389680F2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{3DAF56D8-1C8B-4D5C-8343-C4522737B079}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{422C7F1F-642C-42CD-AD6C-BD950A8C3A43}" = dir=out | app=%programfiles% (x86)\ableton\live 8.0.1\program\live 8.0.1.exe | 
"{4569CEF6-0B7C-459D-8600-A1C307209F08}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4B5817BD-DC1C-401C-9260-C4EECD167806}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{4C0BA5C5-C186-424A-ABCE-4E668D1E4DEC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{55EBB7A0-751C-47DD-ABD6-AFB6055622FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{58F8A5AD-F819-4CBB-AC22-072E07CAFA70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C971D68-FEB1-4392-88AC-B1C774FDE96F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6330180B-4586-4FE0-A04E-17466155463B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{65C734C7-615E-4438-9CE9-C170BBC1585D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6757E155-B5E4-4748-AEFB-E96A6341304A}" = dir=out | app=%programfiles%\native instruments\reaktor 5\reaktor5.exe | 
"{6A51DDB3-9494-4140-A4D8-B27E816F2EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforeverlauncher.exe | 
"{6BD32769-3A93-43AA-A6D8-90BA0D2A286B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{6EBB6EE0-91F2-4680-AF9B-E0D8E885307E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{6F15A31A-9F99-4519-8302-C566723E23F4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7064779A-0ABE-4BC5-A4DD-04F020047003}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{728E728E-B6B9-47D7-9F27-D0373FD48326}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{73EF78C8-F550-41F3-B6BA-D20F94DA022C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{7B23F193-88A5-40CB-95C8-B65B43074179}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C1FD9F9-7C13-4F91-8639-1548BE5C5C82}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7D2F7435-9471-4FF3-A6CA-A1BD136AE8AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{7E1F5B54-AD24-433F-9F24-305AF53FF1A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7E96EF0E-EE3C-4E26-B7F4-8DDD8F650859}" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"{8113BE97-2ED9-42C0-9DD1-4A18ED10EC25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{82A02444-7EBD-4500-BECF-A588DA71F250}" = protocol=17 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"{845B7CFA-FD50-4BE3-8C1D-39FEAFEDC103}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | 
"{8C4CB877-771A-4CE7-AD9E-3E869B965DFD}" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"{8E330D6E-04C7-4510-B7CA-CC104731661E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F3AC6DE-ADD3-4FD2-9201-B12264B954F2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{8F78629F-4686-4631-8061-36F6B4933D46}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | 
"{9CA29403-EE7B-4D35-B5E6-7CC214B94BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{A4ADDAAE-C62E-4864-838F-F94363EEEFA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A6E4640D-431B-40E1-ABA2-44DEFA051E83}" = dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe | 
"{A7B133E6-9153-46EF-80CD-890E79743E4D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{A88E3071-9214-4E19-9EB9-EEC10C3EC0F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A8E15104-9B7A-4763-9FB7-3CB2E3D3D587}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{A8F14CDA-D3E0-49B8-B400-D1AA3FDCCECD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B229312B-FBF9-46CA-B9DA-197150D9093C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{B3469B3F-83C4-4394-B030-2B1D54BC533A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{B3F0851E-EB6A-4B58-B6B2-1E6C656B03B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B7C93736-8A85-4D43-8AAE-AABE4374C2D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDCAA190-6FEA-4EB0-9B25-CDFF8010CD75}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{C395F7AD-AF9D-47D0-9D79-D8196FD1DBF1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C4482D10-9D9B-4EF5-BEC2-6AE5B1837AE9}" = dir=in | app=%programfiles% (x86)\ableton\live 8.0.1\program\live 8.0.1.exe | 
"{C6518FB6-635E-44DC-BCF5-5C9B263FDB3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\lutziie\counter-strike source\hl2.exe | 
"{CDD7517F-7532-41F1-9CB9-9A82D31E201F}" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"{CF7E1DCD-33A8-4C1B-B6EA-0BA4957CE895}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mother99\counter-strike source\hl2.exe | 
"{D157192D-4512-47F0-BE76-229950D9DC46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\lutziie\counter-strike source\hl2.exe | 
"{D8708315-2EF8-4910-8859-F6E44A8F8B1E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{DDF15E72-F345-42EF-A491-9F26A3E9B315}" = protocol=6 | dir=out | app=system | 
"{E03FFC84-8678-4B4B-BE28-9B07B29393BF}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{E2E6AD6E-366F-469E-8882-F0BDA9E08627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E420B9D9-B609-4A31-8AFF-4A7294D513DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{E9D970F2-7628-4F20-A057-DC1A649AFD8D}" = dir=in | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe | 
"{EA636CA8-5B82-4E63-AF83-B67FC317B1FE}" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"{EE444846-1B82-443C-967B-37B21CD7041C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforever.exe | 
"{F3670743-85E8-41CD-8F81-12DF95937434}" = protocol=6 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"{F567067A-522A-436D-8D18-14AFFA54F38F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{F6550485-E251-4C51-8B1B-4F556F4D56E5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{F7979907-8D14-4549-B410-A52FEC061BFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FF0519E5-EFC7-4792-B708-3CDE278C5440}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"TCP Query User{06A4D315-D932-4EA5-8BCD-0F44D1F50DC7}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{0ABB63E0-BACF-4065-A686-EAC9A531BA0D}C:\users\semmel3\desktop\mw2\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.dat | 
"TCP Query User{0AECF25A-D03D-4166-8D08-6D5B723A9B62}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{25FE0EB9-6785-43BD-BE95-159190BC7892}C:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe | 
"TCP Query User{2A14BF8F-7052-4586-AF0E-6DECAA7A486A}C:\users\semmel3\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{310EC278-9CA6-463A-82BA-3A8D6F967EA6}C:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe | 
"TCP Query User{37F940C5-F7C0-40B2-A2A7-99E9EA6DB03A}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"TCP Query User{4314FCE3-2D1B-403D-9F12-3F6FAAB04564}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{4E26B57E-2DAB-49C0-9472-3B0428DA8F61}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"TCP Query User{74BEB245-C2B0-4475-AB16-9A7B135AB5AD}C:\program files (x86)\activision\modern warfare 2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mpold.exe | 
"TCP Query User{77C8A727-1195-4E3A-94C1-6741E3814BFC}C:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{7C695C05-029E-4092-8EF5-4775028636B5}C:\users\semmel3\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\temp\gw2.exe | 
"TCP Query User{956CDBDE-2F32-413B-87D4-7F99E011C527}C:\users\semmel3\desktop\mw2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.exe | 
"TCP Query User{AC551760-E41B-49A2-93B6-A3B7566C3BB9}C:\users\semmel3\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{B5D8E2AA-7FE2-485E-8BDC-F8A6571309E4}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"TCP Query User{BA266FE6-E0C4-482F-B7D6-DC9A96C39F8A}C:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe | 
"TCP Query User{C339BDCE-C350-4563-AE8F-59720E5248A3}C:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe" = protocol=6 | dir=in | app=c:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe | 
"TCP Query User{CF95CF45-BD46-4407-94DF-4084540069B6}C:\users\semmel3\desktop\mw2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mpold.exe | 
"TCP Query User{D11C0AD1-5038-4D67-B7C5-9EDFA41C041B}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"TCP Query User{D70AA586-AB0B-4074-BECF-EC4C3BB7E9F6}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"TCP Query User{DE121CE7-A433-4EFD-8D23-C2E0FA4E4DD4}C:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe | 
"TCP Query User{E5746666-6631-4E1A-8F59-79A75F2EB617}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"TCP Query User{F02F160F-6A38-4630-9EDD-DFDE21C23202}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{F3BE3F8F-D78B-492D-AE54-4369A91D68B1}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{FDD9264B-55AE-4207-A3A4-CAF460A15081}C:\program files (x86)\activision\modern warfare 2\iw4m.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4m.exe | 
"TCP Query User{FFB03BEC-5704-49E0-B8D5-C57C08130E2F}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{0077A4C1-42B2-4CEC-BB14-D99D8E8CABF9}C:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe | 
"UDP Query User{0096B6F4-1115-46D0-B347-B33C881EBE7C}C:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe | 
"UDP Query User{04816270-EF81-4A16-90D4-8D097BA3C543}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"UDP Query User{0A33625F-9A19-42D4-A492-BBB8F8D29CD3}C:\users\semmel3\desktop\mw2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mpold.exe | 
"UDP Query User{113A8EA1-7C69-4BDF-8F73-FFFB0CB7DF10}C:\program files (x86)\activision\modern warfare 2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mpold.exe | 
"UDP Query User{138C4001-8B85-4293-AB8F-41E7DC53173C}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{359FA801-D0D1-467F-95DB-BFD2F5C2B431}C:\users\semmel3\desktop\mw2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.exe | 
"UDP Query User{377B05DC-60E4-4FB4-9D51-8CED59B8A4E4}C:\users\semmel3\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{39C04FD3-5D52-4BC9-9F5B-1F5DBD83CA3C}C:\users\semmel3\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{3ECB84A6-8F05-47A5-A72D-377BE5D83AA8}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{3F68D25C-A7AD-41CF-8547-86FE540281AA}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{5DF9A99E-D1A6-456B-8155-EA045B186FE0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{6C5C2639-064F-4202-B1E9-EF2B35E9603B}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"UDP Query User{6DC76822-25EA-4A77-AC8A-C156CD5C731E}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"UDP Query User{7BFF630B-2153-48F7-A016-B291B43459A9}C:\users\semmel3\desktop\mw2\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.dat | 
"UDP Query User{7E4CF59E-761D-4295-8C9C-6207AC7841FD}C:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{8AE10A56-C960-46D6-90AE-8A8CE0D65179}C:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe | 
"UDP Query User{97EBEDCD-5D5D-45F6-94E5-4F790885BCDD}C:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe | 
"UDP Query User{A77EB67B-DB34-4015-B2B9-2710E32B51DF}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"UDP Query User{BF193D71-C053-4355-9DF3-532DB3F231FD}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"UDP Query User{CDDB15D7-486A-46DE-9520-6F53B9FC60BC}C:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe" = protocol=17 | dir=in | app=c:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe | 
"UDP Query User{CFD885F0-8527-40DA-944E-D74F61DC361A}C:\program files (x86)\activision\modern warfare 2\iw4m.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4m.exe | 
"UDP Query User{D5F2F23D-9464-4FA9-BD38-529125B8EFEC}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"UDP Query User{E0343B7F-BD3D-41A1-9414-0E6046224FE4}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{F4924D05-D9CC-4871-B0CF-D9867B235B68}C:\users\semmel3\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\temp\gw2.exe | 
"UDP Query User{F6B94F14-8759-4CC3-B8FC-DFD7A2AC1249}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E086923-AAA3-4F98-A6E2-48B64CE27553}" = Native Instruments Reaktor Factory Selection
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5941D535-34BF-BB6E-E52B-F464E4E955FF}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A2DDE39D-BA16-4DBB-9C96-A6703142DCF3}" = Native Instruments Komplete 7 Players
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0FC9E28-1CE6-4A40-BEF1-C6E6EDFCA070}" = Native Instruments Kontakt Factory Selection
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D7D6AA2C-DD2C-53F1-1F1D-5AC3CDE1B90C}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{04475621-9BF8-EF82-4691-1C8FD9D40FD2}" = CCC Help Polish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07A733AA-2D8C-1E0E-ED9B-B4CA59AE86B3}" = Catalyst Control Center
"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AADBEB8-3F11-7FB7-6DDC-EE2276C1A80E}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{2C3F42F5-935B-E64C-13D7-4369B0D66DE9}" = CCC Help Greek
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37CE847B-3279-1A39-CA09-FBF330B5EC97}" = CCC Help Czech
"{3C15E8E2-3463-584F-D4F8-D95878737EAB}" = CCC Help Norwegian
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{420500EA-4038-AADB-DD76-90D0311E5867}" = CCC Help Spanish
"{43403BCA-6051-A108-682C-5BABB69D3919}" = CCC Help Hungarian
"{441717E8-ADF5-4724-8B90-FA8DE7B73F91}" = KORG KAOSSILATOR PRO Editor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{549ECD2C-5ACD-0598-56E6-BF88F6B5CE9E}" = CCC Help Portuguese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BAD1D5F-157F-C4D7-05B8-7B2D08874DFA}" = CCC Help German
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{6E9484D8-F1F5-8737-3C35-C2ACB8BC9BF8}" = CCC Help Danish
"{6EB6BC61-0079-80B7-9AE8-A28E02F81E04}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DDE8F9-FAD1-4C64-84DF-DF287EAE6FAE}" = CCC Help Turkish
"{7C53D4FA-0F42-3B24-686B-2AB688C8B112}" = Catalyst Control Center Localization All
"{810AC1C1-CB19-45EA-B5C9-77B654F9CA07}" = TQ Defiler.NET
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{85F76CD3-92C2-6422-202C-ADC655E83940}" = CCC Help Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.POWERPOINT_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.POWERPOINT_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92E71E47-7BDE-2A10-A9C2-373DCAE4EEB9}" = CCC Help Chinese Traditional
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9693675A-7108-247D-A369-AF08C8E32CFD}" = CCC Help English
"{9971CC5F-9E89-6024-72CD-2F9B33305B7F}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E8426B6-0027-8C7E-9729-E86053D9A3D5}" = CCC Help Finnish
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B3CB5BA3-3E98-4E85-944E-B03D055F8450}" = KORG USB-MIDI Driver Tools for Windows
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B66F4972-5C17-90A5-95AB-0C4DAEFC92A4}" = CCC Help Korean
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{DB689397-D3C2-BD23-A83E-FCA68454F0FE}" = CCC Help Dutch
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EAD24F4A-8BB8-EAC5-A995-3D9A96DF3FA4}" = CCC Help French
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BC0231-25D6-B4BF-5D9E-633220A2C09A}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F501FACA-3AFB-FAC4-825D-F6D1343F0C69}" = Catalyst Control Center Graphics Previews Common
"{F7657E34-0046-9515-61D9-7AAFC84C4AC8}" = CCC Help Thai
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Akamai" = Akamai NetSession Interface Service
"ArtMoney SE_is1" = ArtMoney SE v7.35
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"DAEMON Tools Pro" = DAEMON Tools Pro
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup" = DivX-Setup
"Free Studio_is1" = Free Studio version 5.3.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"Gizmo Central" = Gizmo Central
"Guild Wars 2" = Guild Wars 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Live 8.2.2" = Live 8.2.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Komplete 7 Players" = Native Instruments Komplete 7 Players
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kontakt Factory Selection" = Native Instruments Kontakt Factory Selection
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Service Center" = Native Instruments Service Center
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.91
"Steam App 12840" = DiRT 2
"Steam App 240" = Counter-Strike: Source
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 7200" = TrackMania United
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"winscp3_is1" = WinSCP 4.2.9
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 21:29:23 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 29.08.2012 21:29:26 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 29.08.2012 21:29:28 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 30.08.2012 08:59:39 | Computer Name = Semmel3-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MiracleWOW.exe, Version: 1.0.0.25,
 Zeitstempel: 0x4feb47ba  Name des fehlerhaften Moduls: MiracleWOW.exe, Version: 1.0.0.25,
 Zeitstempel: 0x4feb47ba  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0011230e  ID des fehlerhaften
 Prozesses: 0x13dc  Startzeit der fehlerhaften Anwendung: 0x01cd86af48afecfa  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\World of Warcraft\MiracleWOW.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\World of Warcraft\MiracleWOW.exe
Berichtskennung:
 8e46102f-f2a2-11e1-9b7e-20cf30bbd32d
 
Error - 30.08.2012 20:49:42 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.0.4619 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ad4    Startzeit: 
01cd861145029f28    Endzeit: 24    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 be4eec46-f305-11e1-9b7e-20cf30bbd32d  
 
Error - 31.08.2012 11:45:42 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 10.09.2012 16:17:34 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e64    Startzeit: 
01cd8f528cec3d54    Endzeit: 28    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 8cbe742e-fb84-11e1-b400-20cf30bbd32d  
 
Error - 10.09.2012 21:13:43 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: a40    Startzeit: 
01cd8f9151442b30    Endzeit: 25    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 ec13e286-fbad-11e1-b400-20cf30bbd32d  
 
Error - 20.09.2012 11:40:15 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ff8    Startzeit: 
01cd973efe2a6a71    Endzeit: 22    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 77276dc8-0339-11e2-ba4e-20cf30bbd32d  
 
Error - 22.09.2012 08:23:39 | Computer Name = Semmel3-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: update.exe_Avira Free Antivirus, 
Version: 12.3.14.31, Zeitstempel: 0x4fe31944  Name des fehlerhaften Moduls: aepack.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x5050b518  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x037037d4  ID des fehlerhaften Prozesses: 0x13ec  Startzeit der fehlerhaften Anwendung:
 0x01cd98bca88de599  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir
 Desktop\update.exe  Pfad des fehlerhaften Moduls: aepack.dll  Berichtskennung: 56684367-04b0-11e2-b47c-20cf30bbd32d
 
[ System Events ]
Error - 09.09.2012 22:07:24 | Computer Name = Semmel3-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.09.2012 07:39:35 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 16.09.2012 07:54:35 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 18.09.2012 14:38:19 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 23.09.2012 06:48:24 | Computer Name = Semmel3-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.101
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.09.2012 14:15:18 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 24.09.2012 15:42:35 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.09.2012 10:22:26 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27.09.2012 07:26:48 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 27.09.2012 07:26:48 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von semmel3 (28.09.2012 um 13:17 Uhr)

Alt 28.09.2012, 13:17   #2
M-K-D-B
/// TB-Ausbilder
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?





Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Bitte füge alle Logfiles in sog. Codeboxen ein. Das Symbol dafür findest du über dem Textfeld, es sieht in etwa so aus: #.
  • Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Für Benutzer von Windows Vista und Windows 7 gilt: Alle Programme mit Rechtsklick "Als Administrator ausführen" starten.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Choose File
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    ATTFilter
    C:\Users\Semmel3\Downloads\Microsoft Office 2010.exe
             
  • und klicke auf Öffnen.
  • Klicke auf Scan it!.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.
__________________


Alt 28.09.2012, 14:25   #3
semmel3
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



Ok hab die datei wie beschreiben getestet dann reanalyse gemacht .

Adresszeile hier:

https://www.virustotal.com/file/aee44770e1712a51f621dc52eeac0b57d6618f53cc39edfc75074381fbe43b4c/analysis/1348838615/
__________________

Alt 28.09.2012, 14:31   #4
M-K-D-B
/// TB-Ausbilder
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



Servus,



Schritt 1
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 2
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.





Schritt 3
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Nein.
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt 4
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von MBAM,
  • die Logdatei von AdwCleaner,
  • die Logdatei von aswMBR,
  • die Logdatei von TDSS-Killer.

Alt 28.09.2012, 15:02   #5
semmel3
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



Schritt 1 :
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Semmel3 :: SEMMEL3-PC [Administrator]

28.09.2012 15:34:08
mbam-log-2012-09-28 (15-34-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202476
Laufzeit: 6 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 20
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{8830ddf0-3042-404d-a62c-384a85e34833} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Semmel3\Downloads\Microsoft Office 2010.exe (Trojan.Hoaxsms) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Semmel3\Downloads\youtube-downloader_new.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Ich wusste nicht ob ich em Neustart Zustimmen sollte. Habe schritt 2 noch ausgeführt und dann vor 3 neu gestartet !


Schritt 2 :

Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 09/28/2012 um 15:42:10 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Semmel3 - SEMMEL3-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Semmel3\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\searchplugins\Plusnetwork.xml
Ordner Gefunden : C:\Users\Semmel3\AppData\LocalLow\bbrs_002.tb
Ordner Gefunden : C:\Users\Semmel3\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\Conduit
Ordner Gefunden : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\ConduitCommon
Ordner Gefunden : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\CT2653012
Ordner Gefunden : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Ordner Gefunden : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchplusnetwork.com/?sp=vit4

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\prefs.js

Gefunden : user_pref("CT2653012..clientLogIsEnabled", true);
Gefunden : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2653012.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2653012.AppTrackingLastCheckTime", "Tue Dec 13 2011 21:15:37 GMT+0100");
Gefunden : user_pref("CT2653012.BrowserCompStateIsOpen_129514968327663878", true);
Gefunden : user_pref("CT2653012.BrowserCompStateIsOpen_129653180391256971", true);
Gefunden : user_pref("CT2653012.CTID", "CT2653012");
Gefunden : user_pref("CT2653012.CurrentServerDate", "13-12-2011");
Gefunden : user_pref("CT2653012.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2653012.DialogsGetterLastCheckTime", "Sun Dec 11 2011 17:58:19 GMT+0100");
Gefunden : user_pref("CT2653012.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2653012.FirstServerDate", "12-4-2011");
Gefunden : user_pref("CT2653012.FirstTime", true);
Gefunden : user_pref("CT2653012.FirstTimeFF3", true);
Gefunden : user_pref("CT2653012.FirstTimeSettingsDone", true);
Gefunden : user_pref("CT2653012.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2653012.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2653012.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2653012.HomePageProtectorEnabled", false);
Gefunden : user_pref("CT2653012.Initialize", true);
Gefunden : user_pref("CT2653012.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2653012.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2653012.InstalledDate", "Tue Apr 12 2011 22:50:49 GMT+0200");
Gefunden : user_pref("CT2653012.InvalidateCache", false);
Gefunden : user_pref("CT2653012.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2653012.IsGrouping", false);
Gefunden : user_pref("CT2653012.IsMulticommunity", false);
Gefunden : user_pref("CT2653012.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2653012.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2653012.LanguagePackLastCheckTime", "Mon Dec 12 2011 20:07:20 GMT+0100");
Gefunden : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2653012.LastLogin_2.7.1.3", "Sat Apr 30 2011 13:43:56 GMT+0200");
Gefunden : user_pref("CT2653012.LastLogin_3.3.3.2", "Thu Jun 30 2011 22:59:13 GMT+0200");
Gefunden : user_pref("CT2653012.LastLogin_3.6.0.10", "Tue Sep 27 2011 21:08:13 GMT+0200");
Gefunden : user_pref("CT2653012.LastLogin_3.7.0.6", "Tue Nov 08 2011 22:16:19 GMT+0100");
Gefunden : user_pref("CT2653012.LastLogin_3.8.0.8", "Mon Dec 05 2011 20:42:20 GMT+0100");
Gefunden : user_pref("CT2653012.LastLogin_3.8.1.0", "Tue Dec 13 2011 21:15:37 GMT+0100");
Gefunden : user_pref("CT2653012.LatestVersion", "3.8.1.0");
Gefunden : user_pref("CT2653012.Locale", "en");
Gefunden : user_pref("CT2653012.LoginCache", 4);
Gefunden : user_pref("CT2653012.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2653012.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2653012.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2653012.RadioIsPodcast", false);
Gefunden : user_pref("CT2653012.RadioLastCheckTime", "Tue Dec 13 2011 17:59:52 GMT+0100");
Gefunden : user_pref("CT2653012.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2653012.RadioLastUpdateServer", "129438915777300000");
Gefunden : user_pref("CT2653012.RadioMediaID", "21806912");
Gefunden : user_pref("CT2653012.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2653012.RadioMenuSelectedID", "EBRadioMenu_CT265301221806912");
Gefunden : user_pref("CT2653012.RadioShrinkedFromSetup", false);
Gefunden : user_pref("CT2653012.RadioStationName", "California%20Rock%20-%20Rock");
Gefunden : user_pref("CT2653012.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Gefunden : user_pref("CT2653012.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2653012.SearchBoxWidth", 150);
Gefunden : user_pref("CT2653012.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2653012.SearchEngineBeforeUnload", "Yahoo");
Gefunden : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Gefunden : user_pref("CT2653012.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Mon Dec 12 2011 17:58:21 GMT+0100");
Gefunden : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gefunden : user_pref("CT2653012.SearchProtectorEnabled", false);
Gefunden : user_pref("CT2653012.SearchProtectorToolbarDisabled", false);
Gefunden : user_pref("CT2653012.ServiceMapLastCheckTime", "Mon Dec 12 2011 21:17:48 GMT+0100");
Gefunden : user_pref("CT2653012.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2653012.SettingsLastCheckTime", "Tue Dec 13 2011 13:17:27 GMT+0100");
Gefunden : user_pref("CT2653012.SettingsLastUpdate", "1323706893");
Gefunden : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Thu Dec 08 2011 17:58:18 GMT+0100");
Gefunden : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1312887586");
Gefunden : user_pref("CT2653012.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
Gefunden : user_pref("CT2653012.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2653012.UserID", "UN98209596837378296");
Gefunden : user_pref("CT2653012.ValidationData_Search", 0);
Gefunden : user_pref("CT2653012.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2653012.alertChannelId", "1045667");
Gefunden : user_pref("CT2653012.backendstorage.cb_firstuse0100", "31");
Gefunden : user_pref("CT2653012.backendstorage.cbfirsttime", "576564204E6F7620303920323031312031383A32313A34342[...]
Gefunden : user_pref("CT2653012.backendstorage.ct2653012ads1", "25374225323261647325323225334125354225374225323[...]
Gefunden : user_pref("CT2653012.backendstorage.ct2653012current_term", "426C75652B466F756E646174696F6E2B2D2B457[...]
Gefunden : user_pref("CT2653012.backendstorage.ct2653012sdate", "3230");
Gefunden : user_pref("CT2653012.backendstorage.facebook_mode", "32");
Gefunden : user_pref("CT2653012.backendstorage.facebook_user_locale", "6465");
Gefunden : user_pref("CT2653012.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Gefunden : user_pref("CT2653012.backendstorage.url_history", "687474703A2F2F7777772E796F75747562652E636F6D2F776[...]
Gefunden : user_pref("CT2653012.backendstorage.url_history_time", "31333233383031343031313832");
Gefunden : user_pref("CT2653012.clientLogIsEnabled", false);
Gefunden : user_pref("CT2653012.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2653012.components.1000234", false);
Gefunden : user_pref("CT2653012.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Tue Dec 13 2011 21:15:37 GMT+0100");
Gefunden : user_pref("CT2653012.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2653012.initDone", true);
Gefunden : user_pref("CT2653012.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2653012.isFirstRadioInstallation", false);
Gefunden : user_pref("CT2653012.myStuffEnabled", true);
Gefunden : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2653012.oldAppsList", "129199665576502590,129199665576658841,111,129518362214439676,129[...]
Gefunden : user_pref("CT2653012.revertSettingsEnabled", true);
Gefunden : user_pref("CT2653012.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2653012.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2653012.testingCtid", "");
Gefunden : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Mon Dec 12 2011 21:17:48 GMT+0100");
Gefunden : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Mon Dec 05 2011 12:42:19 GMT+0100");
Gefunden : user_pref("CT2653012.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CT2653012.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2653012&octid=[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d8[...]
Gefunden : user_pref("CommunityToolbar.EngineOwner", "");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "veoh_web_player");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", true);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Semmel3\\AppData\\Roaming\\Mozilla\[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2653012");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "veoh_web_player");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2653012");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 07 2011 11:10:43 GMT+02[...]
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 14:17:07 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 30 2011 14:16:59 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "{590a3c05-19db-4f14-a5dc-8babac194955}");
Gefunden : user_pref("CommunityToolbar.globalUserId", "3089e1ab-5016-420f-b8e3-8493fa09e5a9");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.killedEngine", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Dec 12 2011 14:33:3[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Dec 12 2011 17:58:30 GMT+010[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Dec 12 2011 21:17:49 GMT+0100");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "06737bc5-3fc2-42fc-9423-979089138e7d");
Gefunden : user_pref("CommunityToolbar.undefined", "");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.searchplusnetwork.com/?sp=vit4");
Gefunden : user_pref("keyword.URL", "hxxp://www.searchplusnetwork.com/?sp=vit4&q=");

*************************

AdwCleaner[R1].txt - [19227 octets] - [28/09/2012 15:42:10]

########## EOF - C:\AdwCleaner[R1].txt - [19288 octets] ##########
         
Schritt 3:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-28 15:49:09
-----------------------------
15:49:09.545    OS Version: Windows x64 6.1.7601 Service Pack 1
15:49:09.545    Number of processors: 8 586 0x1E05
15:49:09.545    ComputerName: SEMMEL3-PC  UserName: Semmel3
15:49:21.947    Initialize success
15:49:39.976    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:49:39.976    Disk 0 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
15:49:40.022    Disk 0 MBR read successfully
15:49:40.022    Disk 0 MBR scan
15:49:40.022    Disk 0 Windows 7 default MBR code
15:49:40.038    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:49:40.054    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1907627 MB offset 206848
15:49:40.116    Disk 0 scanning C:\Windows\system32\drivers
15:49:50.240    Service scanning
15:50:06.449    Modules scanning
15:50:06.449    Disk 0 trace - called modules:
15:50:06.480    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
15:50:06.480    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007755790]
15:50:06.480    3 CLASSPNP.SYS[fffff8800182f43f] -> nt!IofCallDriver -> [0xfffffa800715a580]
15:50:06.496    5 ACPI.sys[fffff88000d587a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007168060]
15:50:06.496    Scan finished successfully
15:50:18.617    Disk 0 MBR has been saved successfully to "C:\Users\Semmel3\Desktop\MBR.dat"
15:50:18.617    The log file has been saved successfully to "C:\Users\Semmel3\Desktop\aswMBR.txt"
         
Schritt 4 :

Code:
ATTFilter
15:52:10.0279 3276  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:52:10.0372 3276  ============================================================
15:52:10.0372 3276  Current date / time: 2012/09/28 15:52:10.0372
15:52:10.0372 3276  SystemInfo:
15:52:10.0372 3276  
15:52:10.0372 3276  OS Version: 6.1.7601 ServicePack: 1.0
15:52:10.0372 3276  Product type: Workstation
15:52:10.0372 3276  ComputerName: SEMMEL3-PC
15:52:10.0372 3276  UserName: Semmel3
15:52:10.0372 3276  Windows directory: C:\Windows
15:52:10.0372 3276  System windows directory: C:\Windows
15:52:10.0372 3276  Running under WOW64
15:52:10.0372 3276  Processor architecture: Intel x64
15:52:10.0372 3276  Number of processors: 8
15:52:10.0372 3276  Page size: 0x1000
15:52:10.0372 3276  Boot type: Normal boot
15:52:10.0372 3276  ============================================================
15:52:12.0041 3276  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:52:12.0041 3276  ============================================================
15:52:12.0041 3276  \Device\Harddisk0\DR0:
15:52:12.0041 3276  MBR partitions:
15:52:12.0041 3276  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:52:12.0041 3276  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
15:52:12.0041 3276  ============================================================
15:52:12.0088 3276  C: <-> \Device\Harddisk0\DR0\Partition2
15:52:12.0088 3276  ============================================================
15:52:12.0088 3276  Initialize success
15:52:12.0088 3276  ============================================================
15:52:17.0455 4452  ============================================================
15:52:17.0455 4452  Scan started
15:52:17.0455 4452  Mode: Manual; 
15:52:17.0455 4452  ============================================================
15:52:21.0479 4452  ================ Scan system memory ========================
15:52:21.0479 4452  System memory - ok
15:52:21.0479 4452  ================ Scan services =============================
15:52:21.0667 4452  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:52:21.0667 4452  1394ohci - ok
15:52:21.0713 4452  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:52:21.0729 4452  ACPI - ok
15:52:21.0760 4452  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:52:21.0760 4452  AcpiPmi - ok
15:52:21.0869 4452  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:52:21.0869 4452  AdobeARMservice - ok
15:52:22.0103 4452  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:52:22.0119 4452  AdobeFlashPlayerUpdateSvc - ok
15:52:22.0150 4452  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:52:22.0150 4452  adp94xx - ok
15:52:22.0166 4452  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:52:22.0181 4452  adpahci - ok
15:52:22.0197 4452  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:52:22.0197 4452  adpu320 - ok
15:52:22.0213 4452  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:52:22.0213 4452  AeLookupSvc - ok
15:52:22.0259 4452  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:52:22.0259 4452  AFD - ok
15:52:22.0291 4452  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:52:22.0291 4452  agp440 - ok
15:52:22.0415 4452  [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
15:52:22.0415 4452  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
15:52:22.0415 4452  Akamai ( HiddenFile.Multi.Generic ) - warning
15:52:22.0415 4452  Akamai - detected HiddenFile.Multi.Generic (1)
15:52:22.0431 4452  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:52:22.0447 4452  ALG - ok
15:52:22.0447 4452  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:52:22.0447 4452  aliide - ok
15:52:22.0493 4452  [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:52:22.0493 4452  AMD External Events Utility - ok
15:52:22.0509 4452  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:52:22.0509 4452  amdide - ok
15:52:22.0509 4452  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:52:22.0509 4452  AmdK8 - ok
15:52:22.0649 4452  [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:52:22.0774 4452  amdkmdag - ok
15:52:22.0790 4452  [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:52:22.0790 4452  amdkmdap - ok
15:52:22.0805 4452  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:52:22.0805 4452  AmdPPM - ok
15:52:22.0821 4452  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:52:22.0821 4452  amdsata - ok
15:52:22.0821 4452  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:52:22.0837 4452  amdsbs - ok
15:52:22.0837 4452  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:52:22.0837 4452  amdxata - ok
15:52:22.0852 4452  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:52:22.0868 4452  AntiVirSchedulerService - ok
15:52:22.0883 4452  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:52:22.0899 4452  AntiVirService - ok
15:52:22.0946 4452  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:52:22.0946 4452  AppID - ok
15:52:22.0961 4452  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:52:22.0961 4452  AppIDSvc - ok
15:52:23.0024 4452  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:52:23.0039 4452  Appinfo - ok
15:52:23.0055 4452  [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:52:23.0071 4452  Apple Mobile Device - ok
15:52:23.0086 4452  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:52:23.0086 4452  arc - ok
15:52:23.0102 4452  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:52:23.0102 4452  arcsas - ok
15:52:23.0133 4452  aspnet_state - ok
15:52:23.0164 4452  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:52:23.0164 4452  AsyncMac - ok
15:52:23.0164 4452  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:52:23.0164 4452  atapi - ok
15:52:23.0211 4452  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:52:23.0211 4452  AtiHDAudioService - ok
15:52:23.0258 4452  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:52:23.0273 4452  AudioEndpointBuilder - ok
15:52:23.0289 4452  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:52:23.0289 4452  AudioSrv - ok
15:52:23.0367 4452  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:52:23.0367 4452  avgntflt - ok
15:52:23.0414 4452  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:52:23.0414 4452  avipbb - ok
15:52:23.0429 4452  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:52:23.0429 4452  avkmgr - ok
15:52:23.0461 4452  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:52:23.0461 4452  AxInstSV - ok
15:52:23.0476 4452  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:52:23.0492 4452  b06bdrv - ok
15:52:23.0539 4452  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:52:23.0539 4452  b57nd60a - ok
15:52:23.0585 4452  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:52:23.0585 4452  BDESVC - ok
15:52:23.0632 4452  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:52:23.0632 4452  Beep - ok
15:52:23.0695 4452  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:52:23.0710 4452  BFE - ok
15:52:23.0757 4452  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:52:23.0757 4452  BITS - ok
15:52:23.0788 4452  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:52:23.0788 4452  blbdrive - ok
15:52:23.0835 4452  [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:52:23.0835 4452  Bonjour Service - ok
15:52:23.0882 4452  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:52:23.0882 4452  bowser - ok
15:52:23.0897 4452  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:52:23.0897 4452  BrFiltLo - ok
15:52:23.0897 4452  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:52:23.0897 4452  BrFiltUp - ok
15:52:23.0944 4452  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:52:23.0944 4452  Browser - ok
15:52:23.0975 4452  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:52:23.0975 4452  Brserid - ok
15:52:23.0975 4452  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:52:23.0991 4452  BrSerWdm - ok
15:52:23.0991 4452  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:52:23.0991 4452  BrUsbMdm - ok
15:52:24.0007 4452  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:52:24.0007 4452  BrUsbSer - ok
15:52:24.0022 4452  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:52:24.0022 4452  BTHMODEM - ok
15:52:24.0038 4452  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:52:24.0038 4452  bthserv - ok
15:52:24.0053 4452  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:52:24.0053 4452  cdfs - ok
15:52:24.0069 4452  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:52:24.0069 4452  cdrom - ok
15:52:24.0100 4452  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:52:24.0100 4452  CertPropSvc - ok
15:52:24.0116 4452  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:52:24.0116 4452  circlass - ok
15:52:24.0131 4452  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:52:24.0147 4452  CLFS - ok
15:52:24.0163 4452  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:52:24.0178 4452  clr_optimization_v2.0.50727_32 - ok
15:52:24.0225 4452  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:52:24.0225 4452  clr_optimization_v2.0.50727_64 - ok
15:52:24.0303 4452  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:52:24.0334 4452  clr_optimization_v4.0.30319_32 - ok
15:52:24.0365 4452  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:52:24.0365 4452  clr_optimization_v4.0.30319_64 - ok
15:52:24.0365 4452  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:52:24.0365 4452  CmBatt - ok
15:52:24.0397 4452  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:52:24.0397 4452  cmdide - ok
15:52:24.0459 4452  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:52:24.0459 4452  CNG - ok
15:52:24.0475 4452  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:52:24.0475 4452  Compbatt - ok
15:52:24.0506 4452  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:52:24.0506 4452  CompositeBus - ok
15:52:24.0506 4452  COMSysApp - ok
15:52:24.0521 4452  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:52:24.0521 4452  crcdisk - ok
15:52:24.0553 4452  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:52:24.0553 4452  CryptSvc - ok
15:52:24.0599 4452  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:52:24.0599 4452  DcomLaunch - ok
15:52:24.0615 4452  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:52:24.0615 4452  defragsvc - ok
15:52:24.0646 4452  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:52:24.0646 4452  DfsC - ok
15:52:24.0677 4452  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:52:24.0693 4452  Dhcp - ok
15:52:24.0709 4452  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:52:24.0709 4452  discache - ok
15:52:24.0724 4452  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:52:24.0724 4452  Disk - ok
15:52:24.0740 4452  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:52:24.0740 4452  Dnscache - ok
15:52:24.0771 4452  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:52:24.0787 4452  dot3svc - ok
15:52:24.0802 4452  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:52:24.0818 4452  DPS - ok
15:52:24.0849 4452  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:52:24.0849 4452  drmkaud - ok
15:52:24.0896 4452  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:52:24.0896 4452  dtsoftbus01 - ok
15:52:24.0927 4452  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:52:24.0943 4452  DXGKrnl - ok
15:52:24.0958 4452  EagleX64 - ok
15:52:24.0989 4452  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:52:24.0989 4452  EapHost - ok
15:52:25.0052 4452  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:52:25.0099 4452  ebdrv - ok
15:52:25.0145 4452  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:52:25.0145 4452  EFS - ok
15:52:25.0177 4452  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:52:25.0192 4452  ehRecvr - ok
15:52:25.0223 4452  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:52:25.0223 4452  ehSched - ok
15:52:25.0239 4452  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:52:25.0239 4452  elxstor - ok
15:52:25.0286 4452  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:52:25.0286 4452  ErrDev - ok
15:52:25.0301 4452  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:52:25.0301 4452  EventSystem - ok
15:52:25.0317 4452  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:52:25.0317 4452  exfat - ok
15:52:25.0333 4452  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:52:25.0333 4452  fastfat - ok
15:52:25.0379 4452  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:52:25.0379 4452  Fax - ok
15:52:25.0395 4452  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:52:25.0395 4452  fdc - ok
15:52:25.0411 4452  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:52:25.0411 4452  fdPHost - ok
15:52:25.0426 4452  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:52:25.0426 4452  FDResPub - ok
15:52:25.0442 4452  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:52:25.0442 4452  FileInfo - ok
15:52:25.0457 4452  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:52:25.0457 4452  Filetrace - ok
15:52:25.0457 4452  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:52:25.0457 4452  flpydisk - ok
15:52:25.0504 4452  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:52:25.0504 4452  FltMgr - ok
15:52:25.0535 4452  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:52:25.0551 4452  FontCache - ok
15:52:25.0598 4452  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:52:25.0598 4452  FontCache3.0.0.0 - ok
15:52:25.0629 4452  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:52:25.0629 4452  FsDepends - ok
15:52:25.0645 4452  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:52:25.0645 4452  Fs_Rec - ok
15:52:25.0676 4452  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:52:25.0676 4452  fvevol - ok
15:52:25.0691 4452  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:52:25.0691 4452  gagp30kx - ok
15:52:25.0707 4452  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:52:25.0707 4452  GEARAspiWDM - ok
15:52:25.0754 4452  [ 79C65AC6B3274C0712B3CEDB99B9BE0B ] Gizmo Central   C:\Program Files (x86)\Gizmo\gservice.exe
15:52:25.0754 4452  Gizmo Central - ok
15:52:25.0785 4452  [ EE8829B623542D8ADC4DBA65A1133741 ] GizmoDrv        C:\Windows\system32\drivers\GizmoDrv.sys
15:52:25.0785 4452  GizmoDrv - ok
15:52:25.0832 4452  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:52:25.0847 4452  gpsvc - ok
15:52:25.0863 4452  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
15:52:25.0863 4452  hamachi - ok
15:52:25.0972 4452  [ 5F2E60AF81607A4AEDAA3801C843A51F ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
15:52:26.0035 4452  Hamachi2Svc - ok
15:52:26.0050 4452  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:52:26.0050 4452  hcw85cir - ok
15:52:26.0081 4452  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:52:26.0081 4452  HdAudAddService - ok
15:52:26.0097 4452  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:52:26.0097 4452  HDAudBus - ok
15:52:26.0113 4452  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
15:52:26.0128 4452  HECIx64 - ok
15:52:26.0128 4452  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:52:26.0128 4452  HidBatt - ok
15:52:26.0128 4452  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:52:26.0128 4452  HidBth - ok
15:52:26.0144 4452  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:52:26.0144 4452  HidIr - ok
15:52:26.0159 4452  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:52:26.0159 4452  hidserv - ok
15:52:26.0175 4452  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:52:26.0175 4452  HidUsb - ok
15:52:26.0191 4452  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:52:26.0191 4452  hkmsvc - ok
15:52:26.0222 4452  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:52:26.0237 4452  HomeGroupListener - ok
15:52:26.0253 4452  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:52:26.0253 4452  HomeGroupProvider - ok
15:52:26.0269 4452  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:52:26.0269 4452  HpSAMD - ok
15:52:26.0315 4452  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:52:26.0315 4452  HTTP - ok
15:52:26.0347 4452  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:52:26.0347 4452  hwpolicy - ok
15:52:26.0378 4452  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:52:26.0393 4452  i8042prt - ok
15:52:26.0409 4452  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:52:26.0425 4452  iaStorV - ok
15:52:26.0471 4452  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:52:26.0471 4452  IDriverT - ok
15:52:26.0534 4452  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:52:26.0565 4452  idsvc - ok
15:52:26.0612 4452  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:52:26.0612 4452  iirsp - ok
15:52:26.0627 4452  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:52:26.0643 4452  IKEEXT - ok
15:52:26.0659 4452  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:52:26.0659 4452  intelide - ok
15:52:26.0674 4452  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:52:26.0674 4452  intelppm - ok
15:52:26.0674 4452  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:52:26.0690 4452  IPBusEnum - ok
15:52:26.0705 4452  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:52:26.0705 4452  IpFilterDriver - ok
15:52:26.0737 4452  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:52:26.0737 4452  iphlpsvc - ok
15:52:26.0752 4452  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:52:26.0752 4452  IPMIDRV - ok
15:52:26.0783 4452  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:52:26.0783 4452  IPNAT - ok
15:52:26.0830 4452  [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:52:26.0861 4452  iPod Service - ok
15:52:26.0893 4452  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:52:26.0893 4452  IRENUM - ok
15:52:26.0908 4452  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:52:26.0908 4452  isapnp - ok
15:52:26.0924 4452  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:52:26.0924 4452  iScsiPrt - ok
15:52:26.0955 4452  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:52:26.0955 4452  kbdclass - ok
15:52:26.0955 4452  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:52:26.0955 4452  kbdhid - ok
15:52:26.0971 4452  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:52:26.0986 4452  KeyIso - ok
15:52:27.0017 4452  [ B3F33EAD5E5AD0704C4AE8D9CB2D4A2E ] KORGUMDS        C:\Windows\system32\Drivers\KORGUM64.SYS
15:52:27.0017 4452  KORGUMDS - ok
15:52:27.0049 4452  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:52:27.0049 4452  KSecDD - ok
15:52:27.0080 4452  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:52:27.0080 4452  KSecPkg - ok
15:52:27.0095 4452  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:52:27.0095 4452  ksthunk - ok
15:52:27.0127 4452  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:52:27.0127 4452  KtmRm - ok
15:52:27.0220 4452  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:52:27.0220 4452  LanmanServer - ok
15:52:27.0267 4452  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:52:27.0267 4452  LanmanWorkstation - ok
15:52:27.0283 4452  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:52:27.0283 4452  lltdio - ok
15:52:27.0298 4452  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:52:27.0314 4452  lltdsvc - ok
15:52:27.0314 4452  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:52:27.0314 4452  lmhosts - ok
15:52:27.0361 4452  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:52:27.0376 4452  LMS - ok
15:52:27.0392 4452  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:52:27.0392 4452  LSI_FC - ok
15:52:27.0423 4452  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:52:27.0423 4452  LSI_SAS - ok
15:52:27.0423 4452  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:52:27.0423 4452  LSI_SAS2 - ok
15:52:27.0439 4452  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:52:27.0439 4452  LSI_SCSI - ok
15:52:27.0454 4452  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:52:27.0454 4452  luafv - ok
15:52:27.0485 4452  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:52:27.0485 4452  Mcx2Svc - ok
15:52:27.0517 4452  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:52:27.0517 4452  megasas - ok
15:52:27.0517 4452  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:52:27.0517 4452  MegaSR - ok
15:52:27.0548 4452  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:52:27.0548 4452  MMCSS - ok
15:52:27.0563 4452  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:52:27.0563 4452  Modem - ok
15:52:27.0579 4452  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:52:27.0595 4452  monitor - ok
15:52:27.0626 4452  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
15:52:27.0626 4452  mouclass - ok
15:52:27.0626 4452  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:52:27.0626 4452  mouhid - ok
15:52:27.0657 4452  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:52:27.0657 4452  mountmgr - ok
15:52:27.0704 4452  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:52:27.0719 4452  MozillaMaintenance - ok
15:52:27.0719 4452  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:52:27.0735 4452  mpio - ok
15:52:27.0735 4452  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:52:27.0735 4452  mpsdrv - ok
15:52:27.0782 4452  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:52:27.0797 4452  MpsSvc - ok
15:52:27.0875 4452  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:52:27.0875 4452  MRxDAV - ok
15:52:27.0907 4452  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:52:27.0907 4452  mrxsmb - ok
15:52:27.0938 4452  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:52:27.0938 4452  mrxsmb10 - ok
15:52:27.0953 4452  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:52:27.0953 4452  mrxsmb20 - ok
15:52:27.0969 4452  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:52:27.0969 4452  msahci - ok
15:52:28.0000 4452  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:52:28.0000 4452  msdsm - ok
15:52:28.0016 4452  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:52:28.0031 4452  MSDTC - ok
15:52:28.0047 4452  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:52:28.0047 4452  Msfs - ok
15:52:28.0063 4452  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:52:28.0063 4452  mshidkmdf - ok
15:52:28.0063 4452  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:52:28.0063 4452  msisadrv - ok
15:52:28.0094 4452  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:52:28.0094 4452  MSiSCSI - ok
15:52:28.0094 4452  msiserver - ok
15:52:28.0109 4452  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:52:28.0109 4452  MSKSSRV - ok
15:52:28.0125 4452  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:52:28.0125 4452  MSPCLOCK - ok
15:52:28.0125 4452  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:52:28.0125 4452  MSPQM - ok
15:52:28.0156 4452  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:52:28.0156 4452  MsRPC - ok
15:52:28.0187 4452  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:52:28.0187 4452  mssmbios - ok
15:52:28.0203 4452  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:52:28.0203 4452  MSTEE - ok
15:52:28.0219 4452  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:52:28.0219 4452  MTConfig - ok
15:52:28.0234 4452  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
15:52:28.0234 4452  MTsensor - ok
15:52:28.0250 4452  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:52:28.0250 4452  Mup - ok
15:52:28.0297 4452  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:52:28.0297 4452  napagent - ok
15:52:28.0328 4452  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:52:28.0328 4452  NativeWifiP - ok
15:52:28.0375 4452  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:52:28.0390 4452  NDIS - ok
15:52:28.0406 4452  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:52:28.0406 4452  NdisCap - ok
15:52:28.0406 4452  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:52:28.0406 4452  NdisTapi - ok
15:52:28.0437 4452  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:52:28.0437 4452  Ndisuio - ok
15:52:28.0468 4452  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:52:28.0468 4452  NdisWan - ok
15:52:28.0499 4452  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:52:28.0499 4452  NDProxy - ok
15:52:28.0531 4452  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:52:28.0531 4452  NetBIOS - ok
15:52:28.0562 4452  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:52:28.0562 4452  NetBT - ok
15:52:28.0577 4452  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:52:28.0577 4452  Netlogon - ok
15:52:28.0593 4452  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:52:28.0609 4452  Netman - ok
15:52:28.0624 4452  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:52:28.0640 4452  netprofm - ok
15:52:28.0671 4452  [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
15:52:28.0671 4452  netr7364 - ok
15:52:28.0687 4452  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:52:28.0702 4452  NetTcpPortSharing - ok
15:52:28.0733 4452  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:52:28.0733 4452  nfrd960 - ok
15:52:28.0765 4452  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:52:28.0780 4452  NlaSvc - ok
15:52:28.0780 4452  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:52:28.0780 4452  Npfs - ok
15:52:28.0811 4452  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:52:28.0811 4452  nsi - ok
15:52:28.0827 4452  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:52:28.0827 4452  nsiproxy - ok
15:52:28.0874 4452  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:52:28.0889 4452  Ntfs - ok
15:52:28.0905 4452  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:52:28.0905 4452  Null - ok
15:52:28.0952 4452  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:52:28.0952 4452  nvraid - ok
15:52:28.0967 4452  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:52:28.0967 4452  nvstor - ok
15:52:28.0983 4452  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:52:28.0983 4452  nv_agp - ok
15:52:28.0999 4452  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:52:28.0999 4452  ohci1394 - ok
15:52:29.0077 4452  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:52:29.0092 4452  ose - ok
15:52:29.0186 4452  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:52:29.0311 4452  osppsvc - ok
15:52:29.0326 4452  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:52:29.0326 4452  p2pimsvc - ok
15:52:29.0357 4452  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:52:29.0357 4452  p2psvc - ok
15:52:29.0373 4452  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:52:29.0373 4452  Parport - ok
15:52:29.0404 4452  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:52:29.0404 4452  partmgr - ok
15:52:29.0420 4452  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:52:29.0420 4452  PcaSvc - ok
15:52:29.0435 4452  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:52:29.0435 4452  pci - ok
15:52:29.0451 4452  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:52:29.0451 4452  pciide - ok
15:52:29.0482 4452  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:52:29.0482 4452  pcmcia - ok
15:52:29.0482 4452  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:52:29.0482 4452  pcw - ok
15:52:29.0513 4452  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:52:29.0513 4452  PEAUTH - ok
15:52:29.0607 4452  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:52:29.0607 4452  PerfHost - ok
15:52:29.0638 4452  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:52:29.0685 4452  pla - ok
15:52:29.0732 4452  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:52:29.0747 4452  PlugPlay - ok
15:52:29.0763 4452  PnkBstrA - ok
15:52:29.0779 4452  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:52:29.0794 4452  PNRPAutoReg - ok
15:52:29.0794 4452  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:52:29.0794 4452  PNRPsvc - ok
15:52:29.0841 4452  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:52:29.0841 4452  PolicyAgent - ok
15:52:29.0872 4452  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:52:29.0872 4452  Power - ok
15:52:29.0903 4452  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:52:29.0903 4452  PptpMiniport - ok
15:52:29.0903 4452  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:52:29.0903 4452  Processor - ok
15:52:29.0935 4452  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:52:29.0950 4452  ProfSvc - ok
15:52:29.0950 4452  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:52:29.0950 4452  ProtectedStorage - ok
15:52:29.0997 4452  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:52:29.0997 4452  Psched - ok
15:52:30.0044 4452  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:52:30.0044 4452  ql2300 - ok
15:52:30.0059 4452  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:52:30.0059 4452  ql40xx - ok
15:52:30.0075 4452  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:52:30.0075 4452  QWAVE - ok
15:52:30.0091 4452  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:52:30.0091 4452  QWAVEdrv - ok
15:52:30.0106 4452  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:52:30.0106 4452  RasAcd - ok
15:52:30.0137 4452  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:52:30.0137 4452  RasAgileVpn - ok
15:52:30.0153 4452  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:52:30.0153 4452  RasAuto - ok
15:52:30.0184 4452  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:52:30.0184 4452  Rasl2tp - ok
15:52:30.0215 4452  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:52:30.0215 4452  RasMan - ok
15:52:30.0215 4452  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:52:30.0215 4452  RasPppoe - ok
15:52:30.0247 4452  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:52:30.0247 4452  RasSstp - ok
15:52:30.0262 4452  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:52:30.0262 4452  rdbss - ok
15:52:30.0262 4452  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:52:30.0278 4452  rdpbus - ok
15:52:30.0293 4452  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:52:30.0293 4452  RDPCDD - ok
15:52:30.0309 4452  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:52:30.0309 4452  RDPENCDD - ok
15:52:30.0309 4452  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:52:30.0309 4452  RDPREFMP - ok
15:52:30.0340 4452  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:52:30.0340 4452  RDPWD - ok
15:52:30.0403 4452  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:52:30.0403 4452  rdyboost - ok
15:52:30.0418 4452  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:52:30.0434 4452  RemoteAccess - ok
15:52:30.0434 4452  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:52:30.0449 4452  RemoteRegistry - ok
15:52:30.0496 4452  [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
15:52:30.0496 4452  RMCAST - ok
15:52:30.0512 4452  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:52:30.0512 4452  RpcEptMapper - ok
15:52:30.0527 4452  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:52:30.0527 4452  RpcLocator - ok
15:52:30.0574 4452  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:52:30.0574 4452  RpcSs - ok
15:52:30.0590 4452  [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:52:30.0605 4452  RTL8167 - ok
15:52:30.0605 4452  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:52:30.0605 4452  SamSs - ok
15:52:30.0637 4452  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:52:30.0637 4452  sbp2port - ok
15:52:30.0652 4452  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:52:30.0668 4452  SCardSvr - ok
15:52:30.0699 4452  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:52:30.0699 4452  scfilter - ok
15:52:30.0746 4452  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:52:30.0777 4452  Schedule - ok
15:52:30.0808 4452  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:52:30.0808 4452  SCPolicySvc - ok
15:52:30.0839 4452  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:52:30.0839 4452  SDRSVC - ok
15:52:30.0855 4452  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:52:30.0855 4452  secdrv - ok
15:52:30.0871 4452  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:52:30.0886 4452  seclogon - ok
15:52:30.0902 4452  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:52:30.0902 4452  SENS - ok
15:52:30.0917 4452  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:52:30.0917 4452  SensrSvc - ok
15:52:30.0949 4452  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:52:30.0949 4452  Serenum - ok
15:52:30.0964 4452  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:52:30.0964 4452  Serial - ok
15:52:30.0980 4452  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:52:30.0980 4452  sermouse - ok
15:52:31.0011 4452  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:52:31.0027 4452  SessionEnv - ok
15:52:31.0042 4452  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:52:31.0042 4452  sffdisk - ok
15:52:31.0058 4452  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:52:31.0058 4452  sffp_mmc - ok
15:52:31.0058 4452  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:52:31.0058 4452  sffp_sd - ok
15:52:31.0073 4452  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:52:31.0073 4452  sfloppy - ok
15:52:31.0089 4452  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:52:31.0105 4452  SharedAccess - ok
15:52:31.0120 4452  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:52:31.0136 4452  ShellHWDetection - ok
15:52:31.0151 4452  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:52:31.0151 4452  SiSRaid2 - ok
15:52:31.0151 4452  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:52:31.0151 4452  SiSRaid4 - ok
15:52:31.0167 4452  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:52:31.0167 4452  Smb - ok
15:52:31.0183 4452  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:52:31.0198 4452  SNMPTRAP - ok
15:52:31.0198 4452  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:52:31.0198 4452  spldr - ok
15:52:31.0245 4452  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:52:31.0245 4452  Spooler - ok
15:52:31.0307 4452  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:52:31.0354 4452  sppsvc - ok
15:52:31.0401 4452  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:52:31.0401 4452  sppuinotify - ok
15:52:31.0448 4452  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:52:31.0448 4452  srv - ok
15:52:31.0463 4452  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:52:31.0463 4452  srv2 - ok
15:52:31.0495 4452  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:52:31.0495 4452  srvnet - ok
15:52:31.0495 4452  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:52:31.0510 4452  SSDPSRV - ok
15:52:31.0510 4452  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:52:31.0526 4452  SstpSvc - ok
15:52:31.0541 4452  Steam Client Service - ok
15:52:31.0557 4452  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:52:31.0557 4452  stexstor - ok
15:52:31.0604 4452  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:52:31.0604 4452  stisvc - ok
15:52:31.0635 4452  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:52:31.0635 4452  swenum - ok
15:52:31.0651 4452  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:52:31.0666 4452  swprv - ok
15:52:31.0713 4452  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:52:31.0729 4452  SysMain - ok
15:52:31.0760 4452  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:52:31.0760 4452  TabletInputService - ok
15:52:31.0791 4452  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:52:31.0807 4452  TapiSrv - ok
15:52:31.0822 4452  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:52:31.0822 4452  TBS - ok
15:52:31.0885 4452  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:52:31.0900 4452  Tcpip - ok
15:52:31.0931 4452  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:52:31.0947 4452  TCPIP6 - ok
15:52:31.0978 4452  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:52:31.0978 4452  tcpipreg - ok
15:52:31.0994 4452  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:52:31.0994 4452  TDPIPE - ok
15:52:32.0025 4452  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:52:32.0025 4452  TDTCP - ok
15:52:32.0056 4452  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:52:32.0056 4452  tdx - ok
15:52:32.0072 4452  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:52:32.0072 4452  TermDD - ok
15:52:32.0103 4452  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:52:32.0119 4452  TermService - ok
15:52:32.0134 4452  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:52:32.0150 4452  Themes - ok
15:52:32.0165 4452  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:52:32.0165 4452  THREADORDER - ok
15:52:32.0181 4452  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:52:32.0181 4452  TrkWks - ok
15:52:32.0228 4452  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:52:32.0228 4452  TrustedInstaller - ok
15:52:32.0259 4452  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:52:32.0259 4452  tssecsrv - ok
15:52:32.0275 4452  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:52:32.0275 4452  TsUsbFlt - ok
15:52:32.0306 4452  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:52:32.0306 4452  tunnel - ok
15:52:32.0321 4452  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:52:32.0321 4452  uagp35 - ok
15:52:32.0353 4452  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:52:32.0353 4452  udfs - ok
15:52:32.0368 4452  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:52:32.0368 4452  UI0Detect - ok
15:52:32.0399 4452  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:52:32.0399 4452  uliagpkx - ok
15:52:32.0446 4452  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
15:52:32.0446 4452  umbus - ok
15:52:32.0462 4452  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:52:32.0462 4452  UmPass - ok
15:52:32.0571 4452  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:52:32.0602 4452  UNS - ok
15:52:32.0633 4452  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:52:32.0633 4452  upnphost - ok
15:52:32.0665 4452  [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:52:32.0665 4452  USBAAPL64 - ok
15:52:32.0727 4452  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:52:32.0727 4452  usbaudio - ok
15:52:32.0743 4452  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:52:32.0743 4452  usbccgp - ok
15:52:32.0774 4452  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:52:32.0774 4452  usbcir - ok
15:52:32.0789 4452  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:52:32.0789 4452  usbehci - ok
15:52:32.0789 4452  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:52:32.0789 4452  usbhub - ok
15:52:32.0805 4452  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:52:32.0805 4452  usbohci - ok
15:52:32.0836 4452  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:52:32.0836 4452  usbprint - ok
15:52:32.0867 4452  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:52:32.0867 4452  usbscan - ok
15:52:32.0867 4452  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:52:32.0867 4452  USBSTOR - ok
15:52:32.0883 4452  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:52:32.0883 4452  usbuhci - ok
15:52:32.0899 4452  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:52:32.0914 4452  UxSms - ok
15:52:32.0914 4452  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:52:32.0914 4452  VaultSvc - ok
15:52:32.0945 4452  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:52:32.0945 4452  vdrvroot - ok
15:52:32.0977 4452  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:52:32.0992 4452  vds - ok
15:52:33.0008 4452  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:52:33.0008 4452  vga - ok
15:52:33.0023 4452  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:52:33.0023 4452  VgaSave - ok
15:52:33.0039 4452  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:52:33.0039 4452  vhdmp - ok
15:52:33.0070 4452  [ 712BFD5DAC2668FBA4A2435FB06C3D00 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
15:52:33.0086 4452  VIAHdAudAddService - ok
15:52:33.0101 4452  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:52:33.0101 4452  viaide - ok
15:52:33.0117 4452  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:52:33.0117 4452  volmgr - ok
15:52:33.0148 4452  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:52:33.0148 4452  volmgrx - ok
15:52:33.0164 4452  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:52:33.0164 4452  volsnap - ok
15:52:33.0179 4452  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:52:33.0195 4452  vsmraid - ok
15:52:33.0226 4452  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:52:33.0257 4452  VSS - ok
15:52:33.0273 4452  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:52:33.0273 4452  vwifibus - ok
15:52:33.0304 4452  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:52:33.0304 4452  vwififlt - ok
15:52:33.0335 4452  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:52:33.0335 4452  W32Time - ok
15:52:33.0351 4452  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:52:33.0351 4452  WacomPen - ok
15:52:33.0382 4452  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:52:33.0382 4452  WANARP - ok
15:52:33.0382 4452  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:52:33.0382 4452  Wanarpv6 - ok
15:52:33.0429 4452  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:52:33.0460 4452  wbengine - ok
15:52:33.0491 4452  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:52:33.0491 4452  WbioSrvc - ok
15:52:33.0523 4452  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:52:33.0523 4452  wcncsvc - ok
15:52:33.0538 4452  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:52:33.0554 4452  WcsPlugInService - ok
15:52:33.0554 4452  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:52:33.0554 4452  Wd - ok
15:52:33.0569 4452  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:52:33.0569 4452  Wdf01000 - ok
15:52:33.0585 4452  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:52:33.0601 4452  WdiServiceHost - ok
15:52:33.0601 4452  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:52:33.0601 4452  WdiSystemHost - ok
15:52:33.0616 4452  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:52:33.0632 4452  WebClient - ok
15:52:33.0647 4452  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:52:33.0663 4452  Wecsvc - ok
15:52:33.0663 4452  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:52:33.0679 4452  wercplsupport - ok
15:52:33.0694 4452  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:52:33.0710 4452  WerSvc - ok
15:52:33.0710 4452  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:52:33.0710 4452  WfpLwf - ok
15:52:33.0710 4452  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:52:33.0710 4452  WIMMount - ok
15:52:33.0725 4452  WinDefend - ok
15:52:33.0725 4452  WinHttpAutoProxySvc - ok
15:52:33.0757 4452  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
         


Alt 28.09.2012, 15:06   #6
semmel3
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



und Der rest da es auf einmal zuviele Zeichen waren !


Code:
ATTFilter
15:52:33.0772 4452  Winmgmt - ok
15:52:33.0803 4452  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:52:33.0835 4452  WinRM - ok
15:52:33.0897 4452  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:52:33.0897 4452  WinUsb - ok
15:52:33.0913 4452  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:52:33.0928 4452  Wlansvc - ok
15:52:34.0069 4452  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:52:34.0131 4452  wlidsvc - ok
15:52:34.0162 4452  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:52:34.0162 4452  WmiAcpi - ok
15:52:34.0178 4452  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:52:34.0178 4452  wmiApSrv - ok
15:52:34.0193 4452  WMPNetworkSvc - ok
15:52:34.0209 4452  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:52:34.0209 4452  WPCSvc - ok
15:52:34.0240 4452  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:52:34.0240 4452  WPDBusEnum - ok
15:52:34.0256 4452  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:52:34.0256 4452  ws2ifsl - ok
15:52:34.0271 4452  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:52:34.0271 4452  wscsvc - ok
15:52:34.0287 4452  WSearch - ok
15:52:34.0334 4452  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:52:34.0381 4452  wuauserv - ok
15:52:34.0396 4452  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:52:34.0396 4452  WudfPf - ok
15:52:34.0427 4452  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:52:34.0427 4452  WUDFRd - ok
15:52:34.0474 4452  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:52:34.0474 4452  wudfsvc - ok
15:52:34.0490 4452  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:52:34.0505 4452  WwanSvc - ok
15:52:34.0521 4452  ================ Scan global ===============================
15:52:34.0552 4452  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:52:34.0583 4452  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:52:34.0599 4452  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:52:34.0615 4452  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:52:34.0630 4452  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:52:34.0646 4452  [Global] - ok
15:52:34.0646 4452  ================ Scan MBR ==================================
15:52:34.0677 4452  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:52:34.0833 4452  \Device\Harddisk0\DR0 - ok
15:52:34.0833 4452  ================ Scan VBR ==================================
15:52:34.0833 4452  [ C32475F7D1D17D275470482CF864CC33 ] \Device\Harddisk0\DR0\Partition1
15:52:34.0833 4452  \Device\Harddisk0\DR0\Partition1 - ok
15:52:34.0849 4452  [ ED6D8A059DE64F9F9F03396467F7B8D1 ] \Device\Harddisk0\DR0\Partition2
15:52:34.0849 4452  \Device\Harddisk0\DR0\Partition2 - ok
15:52:34.0849 4452  ============================================================
15:52:34.0849 4452  Scan finished
15:52:34.0849 4452  ============================================================
15:52:34.0849 3400  Detected object count: 1
15:52:34.0849 3400  Actual detected object count: 1
15:52:41.0853 3400  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:52:41.0853 3400  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
15:53:21.0524 0904  ============================================================
15:53:21.0524 0904  Scan started
15:53:21.0524 0904  Mode: Manual; 
15:53:21.0524 0904  ============================================================
15:53:22.0444 0904  ================ Scan system memory ========================
15:53:22.0444 0904  System memory - ok
15:53:22.0444 0904  ================ Scan services =============================
15:53:22.0569 0904  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:53:22.0569 0904  1394ohci - ok
15:53:22.0585 0904  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:53:22.0585 0904  ACPI - ok
15:53:22.0600 0904  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:53:22.0600 0904  AcpiPmi - ok
15:53:22.0647 0904  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:53:22.0647 0904  AdobeARMservice - ok
15:53:22.0866 0904  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:53:22.0866 0904  AdobeFlashPlayerUpdateSvc - ok
15:53:22.0897 0904  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:53:22.0897 0904  adp94xx - ok
15:53:22.0912 0904  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:53:22.0912 0904  adpahci - ok
15:53:22.0928 0904  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:53:22.0928 0904  adpu320 - ok
15:53:22.0944 0904  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:53:22.0944 0904  AeLookupSvc - ok
15:53:23.0006 0904  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:53:23.0006 0904  AFD - ok
15:53:23.0037 0904  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:53:23.0037 0904  agp440 - ok
15:53:23.0162 0904  [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
15:53:23.0162 0904  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
15:53:23.0162 0904  Akamai ( HiddenFile.Multi.Generic ) - warning
15:53:23.0162 0904  Akamai - detected HiddenFile.Multi.Generic (1)
15:53:23.0178 0904  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:53:23.0178 0904  ALG - ok
15:53:23.0193 0904  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:53:23.0193 0904  aliide - ok
15:53:23.0224 0904  [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:53:23.0224 0904  AMD External Events Utility - ok
15:53:23.0240 0904  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:53:23.0240 0904  amdide - ok
15:53:23.0256 0904  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:53:23.0256 0904  AmdK8 - ok
15:53:23.0396 0904  [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:53:23.0427 0904  amdkmdag - ok
15:53:23.0458 0904  [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:53:23.0458 0904  amdkmdap - ok
15:53:23.0474 0904  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:53:23.0474 0904  AmdPPM - ok
15:53:23.0490 0904  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:53:23.0490 0904  amdsata - ok
15:53:23.0505 0904  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:53:23.0505 0904  amdsbs - ok
15:53:23.0505 0904  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:53:23.0505 0904  amdxata - ok
15:53:23.0552 0904  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:53:23.0552 0904  AntiVirSchedulerService - ok
15:53:23.0552 0904  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:53:23.0552 0904  AntiVirService - ok
15:53:23.0599 0904  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:53:23.0599 0904  AppID - ok
15:53:23.0614 0904  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:53:23.0614 0904  AppIDSvc - ok
15:53:23.0646 0904  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:53:23.0646 0904  Appinfo - ok
15:53:23.0677 0904  [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:53:23.0677 0904  Apple Mobile Device - ok
15:53:23.0692 0904  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:53:23.0692 0904  arc - ok
15:53:23.0708 0904  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:53:23.0708 0904  arcsas - ok
15:53:23.0739 0904  aspnet_state - ok
15:53:23.0755 0904  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:53:23.0755 0904  AsyncMac - ok
15:53:23.0770 0904  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:53:23.0770 0904  atapi - ok
15:53:23.0817 0904  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:53:23.0817 0904  AtiHDAudioService - ok
15:53:23.0848 0904  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:53:23.0848 0904  AudioEndpointBuilder - ok
15:53:23.0864 0904  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:53:23.0864 0904  AudioSrv - ok
15:53:23.0864 0904  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:53:23.0864 0904  avgntflt - ok
15:53:23.0880 0904  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:53:23.0880 0904  avipbb - ok
15:53:23.0895 0904  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:53:23.0895 0904  avkmgr - ok
15:53:23.0911 0904  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:53:23.0911 0904  AxInstSV - ok
15:53:23.0942 0904  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:53:23.0942 0904  b06bdrv - ok
15:53:23.0942 0904  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:53:23.0942 0904  b57nd60a - ok
15:53:23.0958 0904  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:53:23.0958 0904  BDESVC - ok
15:53:23.0958 0904  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:53:23.0958 0904  Beep - ok
15:53:24.0020 0904  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:53:24.0020 0904  BFE - ok
15:53:24.0067 0904  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:53:24.0067 0904  BITS - ok
15:53:24.0082 0904  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:53:24.0082 0904  blbdrive - ok
15:53:24.0098 0904  [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:53:24.0098 0904  Bonjour Service - ok
15:53:24.0129 0904  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:53:24.0145 0904  bowser - ok
15:53:24.0160 0904  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:53:24.0160 0904  BrFiltLo - ok
15:53:24.0160 0904  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:53:24.0160 0904  BrFiltUp - ok
15:53:24.0207 0904  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:53:24.0207 0904  Browser - ok
15:53:24.0223 0904  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:53:24.0223 0904  Brserid - ok
15:53:24.0238 0904  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:53:24.0238 0904  BrSerWdm - ok
15:53:24.0238 0904  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:53:24.0238 0904  BrUsbMdm - ok
15:53:24.0254 0904  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:53:24.0254 0904  BrUsbSer - ok
15:53:24.0270 0904  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:53:24.0270 0904  BTHMODEM - ok
15:53:24.0301 0904  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:53:24.0301 0904  bthserv - ok
15:53:24.0316 0904  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:53:24.0316 0904  cdfs - ok
15:53:24.0316 0904  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:53:24.0316 0904  cdrom - ok
15:53:24.0348 0904  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:53:24.0348 0904  CertPropSvc - ok
15:53:24.0363 0904  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:53:24.0363 0904  circlass - ok
15:53:24.0379 0904  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:53:24.0394 0904  CLFS - ok
15:53:24.0410 0904  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:53:24.0410 0904  clr_optimization_v2.0.50727_32 - ok
15:53:24.0457 0904  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:53:24.0457 0904  clr_optimization_v2.0.50727_64 - ok
15:53:24.0519 0904  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:53:24.0519 0904  clr_optimization_v4.0.30319_32 - ok
15:53:24.0582 0904  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:53:24.0582 0904  clr_optimization_v4.0.30319_64 - ok
15:53:24.0582 0904  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:53:24.0582 0904  CmBatt - ok
15:53:24.0597 0904  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:53:24.0597 0904  cmdide - ok
15:53:24.0644 0904  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:53:24.0644 0904  CNG - ok
15:53:24.0644 0904  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:53:24.0644 0904  Compbatt - ok
15:53:24.0675 0904  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:53:24.0675 0904  CompositeBus - ok
15:53:24.0675 0904  COMSysApp - ok
15:53:24.0691 0904  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:53:24.0691 0904  crcdisk - ok
15:53:24.0738 0904  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:53:24.0738 0904  CryptSvc - ok
15:53:24.0769 0904  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:53:24.0769 0904  DcomLaunch - ok
15:53:24.0800 0904  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:53:24.0800 0904  defragsvc - ok
15:53:24.0831 0904  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:53:24.0831 0904  DfsC - ok
15:53:24.0862 0904  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:53:24.0862 0904  Dhcp - ok
15:53:24.0878 0904  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:53:24.0878 0904  discache - ok
15:53:24.0878 0904  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:53:24.0878 0904  Disk - ok
15:53:24.0894 0904  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:53:24.0894 0904  Dnscache - ok
15:53:24.0909 0904  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:53:24.0909 0904  dot3svc - ok
15:53:24.0940 0904  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:53:24.0940 0904  DPS - ok
15:53:24.0956 0904  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:53:24.0956 0904  drmkaud - ok
15:53:25.0003 0904  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:53:25.0003 0904  dtsoftbus01 - ok
15:53:25.0050 0904  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:53:25.0050 0904  DXGKrnl - ok
15:53:25.0050 0904  EagleX64 - ok
15:53:25.0081 0904  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:53:25.0081 0904  EapHost - ok
15:53:25.0128 0904  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:53:25.0143 0904  ebdrv - ok
15:53:25.0206 0904  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:53:25.0206 0904  EFS - ok
15:53:25.0237 0904  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:53:25.0237 0904  ehRecvr - ok
15:53:25.0268 0904  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:53:25.0268 0904  ehSched - ok
15:53:25.0284 0904  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:53:25.0284 0904  elxstor - ok
15:53:25.0299 0904  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:53:25.0299 0904  ErrDev - ok
15:53:25.0315 0904  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:53:25.0315 0904  EventSystem - ok
15:53:25.0330 0904  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:53:25.0330 0904  exfat - ok
15:53:25.0362 0904  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:53:25.0362 0904  fastfat - ok
15:53:25.0393 0904  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:53:25.0408 0904  Fax - ok
15:53:25.0424 0904  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:53:25.0424 0904  fdc - ok
15:53:25.0424 0904  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:53:25.0424 0904  fdPHost - ok
15:53:25.0440 0904  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:53:25.0440 0904  FDResPub - ok
15:53:25.0455 0904  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:53:25.0455 0904  FileInfo - ok
15:53:25.0455 0904  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:53:25.0455 0904  Filetrace - ok
15:53:25.0471 0904  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:53:25.0471 0904  flpydisk - ok
15:53:25.0502 0904  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:53:25.0518 0904  FltMgr - ok
15:53:25.0549 0904  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:53:25.0549 0904  FontCache - ok
15:53:25.0611 0904  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:53:25.0611 0904  FontCache3.0.0.0 - ok
15:53:25.0627 0904  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:53:25.0627 0904  FsDepends - ok
15:53:25.0642 0904  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:53:25.0642 0904  Fs_Rec - ok
15:53:25.0674 0904  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:53:25.0674 0904  fvevol - ok
15:53:25.0705 0904  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:53:25.0705 0904  gagp30kx - ok
15:53:25.0720 0904  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:53:25.0720 0904  GEARAspiWDM - ok
15:53:25.0752 0904  [ 79C65AC6B3274C0712B3CEDB99B9BE0B ] Gizmo Central   C:\Program Files (x86)\Gizmo\gservice.exe
15:53:25.0752 0904  Gizmo Central - ok
15:53:25.0767 0904  [ EE8829B623542D8ADC4DBA65A1133741 ] GizmoDrv        C:\Windows\system32\drivers\GizmoDrv.sys
15:53:25.0767 0904  GizmoDrv - ok
15:53:25.0798 0904  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:53:25.0798 0904  gpsvc - ok
15:53:25.0830 0904  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
15:53:25.0830 0904  hamachi - ok
15:53:25.0892 0904  [ 5F2E60AF81607A4AEDAA3801C843A51F ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
15:53:25.0892 0904  Hamachi2Svc - ok
15:53:25.0923 0904  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:53:25.0923 0904  hcw85cir - ok
15:53:25.0954 0904  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:53:25.0954 0904  HdAudAddService - ok
15:53:25.0970 0904  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:53:25.0970 0904  HDAudBus - ok
15:53:26.0001 0904  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
15:53:26.0001 0904  HECIx64 - ok
15:53:26.0001 0904  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:53:26.0001 0904  HidBatt - ok
15:53:26.0017 0904  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:53:26.0017 0904  HidBth - ok
15:53:26.0017 0904  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:53:26.0017 0904  HidIr - ok
15:53:26.0032 0904  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:53:26.0032 0904  hidserv - ok
15:53:26.0048 0904  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:53:26.0048 0904  HidUsb - ok
15:53:26.0064 0904  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:53:26.0064 0904  hkmsvc - ok
15:53:26.0095 0904  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:53:26.0110 0904  HomeGroupListener - ok
15:53:26.0110 0904  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:53:26.0110 0904  HomeGroupProvider - ok
15:53:26.0126 0904  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:53:26.0126 0904  HpSAMD - ok
15:53:26.0173 0904  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:53:26.0173 0904  HTTP - ok
15:53:26.0204 0904  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:53:26.0204 0904  hwpolicy - ok
15:53:26.0235 0904  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:53:26.0235 0904  i8042prt - ok
15:53:26.0251 0904  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:53:26.0251 0904  iaStorV - ok
15:53:26.0298 0904  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:53:26.0298 0904  IDriverT - ok
15:53:26.0344 0904  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:53:26.0360 0904  idsvc - ok
15:53:26.0360 0904  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:53:26.0360 0904  iirsp - ok
15:53:26.0391 0904  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:53:26.0391 0904  IKEEXT - ok
15:53:26.0407 0904  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:53:26.0407 0904  intelide - ok
15:53:26.0422 0904  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:53:26.0422 0904  intelppm - ok
15:53:26.0422 0904  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:53:26.0422 0904  IPBusEnum - ok
15:53:26.0438 0904  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:53:26.0438 0904  IpFilterDriver - ok
15:53:26.0469 0904  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:53:26.0469 0904  iphlpsvc - ok
15:53:26.0485 0904  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:53:26.0485 0904  IPMIDRV - ok
15:53:26.0516 0904  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:53:26.0516 0904  IPNAT - ok
15:53:26.0563 0904  [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:53:26.0563 0904  iPod Service - ok
15:53:26.0594 0904  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:53:26.0594 0904  IRENUM - ok
15:53:26.0610 0904  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:53:26.0610 0904  isapnp - ok
15:53:26.0610 0904  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:53:26.0610 0904  iScsiPrt - ok
15:53:26.0641 0904  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:53:26.0641 0904  kbdclass - ok
15:53:26.0641 0904  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:53:26.0641 0904  kbdhid - ok
15:53:26.0656 0904  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:53:26.0656 0904  KeyIso - ok
15:53:26.0688 0904  [ B3F33EAD5E5AD0704C4AE8D9CB2D4A2E ] KORGUMDS        C:\Windows\system32\Drivers\KORGUM64.SYS
15:53:26.0688 0904  KORGUMDS - ok
15:53:26.0734 0904  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:53:26.0734 0904  KSecDD - ok
15:53:26.0766 0904  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:53:26.0766 0904  KSecPkg - ok
15:53:26.0781 0904  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:53:26.0781 0904  ksthunk - ok
15:53:26.0812 0904  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:53:26.0812 0904  KtmRm - ok
15:53:26.0828 0904  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:53:26.0828 0904  LanmanServer - ok
15:53:26.0859 0904  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:53:26.0859 0904  LanmanWorkstation - ok
15:53:26.0890 0904  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:53:26.0890 0904  lltdio - ok
15:53:26.0906 0904  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:53:26.0906 0904  lltdsvc - ok
15:53:26.0906 0904  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:53:26.0906 0904  lmhosts - ok
15:53:26.0968 0904  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:53:26.0968 0904  LMS - ok
15:53:26.0984 0904  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:53:27.0000 0904  LSI_FC - ok
15:53:27.0015 0904  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:53:27.0015 0904  LSI_SAS - ok
15:53:27.0015 0904  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:53:27.0015 0904  LSI_SAS2 - ok
15:53:27.0031 0904  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:53:27.0031 0904  LSI_SCSI - ok
15:53:27.0046 0904  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:53:27.0046 0904  luafv - ok
15:53:27.0093 0904  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:53:27.0093 0904  Mcx2Svc - ok
15:53:27.0093 0904  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:53:27.0093 0904  megasas - ok
15:53:27.0109 0904  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:53:27.0109 0904  MegaSR - ok
15:53:27.0124 0904  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:53:27.0124 0904  MMCSS - ok
15:53:27.0156 0904  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:53:27.0156 0904  Modem - ok
15:53:27.0171 0904  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:53:27.0171 0904  monitor - ok
15:53:27.0202 0904  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
15:53:27.0202 0904  mouclass - ok
15:53:27.0218 0904  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:53:27.0218 0904  mouhid - ok
15:53:27.0280 0904  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:53:27.0280 0904  mountmgr - ok
15:53:27.0312 0904  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:53:27.0312 0904  MozillaMaintenance - ok
15:53:27.0327 0904  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:53:27.0327 0904  mpio - ok
15:53:27.0343 0904  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:53:27.0343 0904  mpsdrv - ok
15:53:27.0374 0904  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:53:27.0374 0904  MpsSvc - ok
15:53:27.0405 0904  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:53:27.0405 0904  MRxDAV - ok
15:53:27.0436 0904  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:53:27.0436 0904  mrxsmb - ok
15:53:27.0452 0904  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:53:27.0452 0904  mrxsmb10 - ok
15:53:27.0483 0904  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:53:27.0483 0904  mrxsmb20 - ok
15:53:27.0499 0904  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:53:27.0499 0904  msahci - ok
15:53:27.0514 0904  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:53:27.0514 0904  msdsm - ok
15:53:27.0530 0904  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:53:27.0546 0904  MSDTC - ok
15:53:27.0561 0904  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:53:27.0561 0904  Msfs - ok
15:53:27.0577 0904  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:53:27.0577 0904  mshidkmdf - ok
15:53:27.0577 0904  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:53:27.0577 0904  msisadrv - ok
15:53:27.0608 0904  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:53:27.0608 0904  MSiSCSI - ok
15:53:27.0608 0904  msiserver - ok
15:53:27.0624 0904  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:53:27.0624 0904  MSKSSRV - ok
15:53:27.0624 0904  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:53:27.0624 0904  MSPCLOCK - ok
15:53:27.0639 0904  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:53:27.0639 0904  MSPQM - ok
15:53:27.0670 0904  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:53:27.0670 0904  MsRPC - ok
15:53:27.0702 0904  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:53:27.0702 0904  mssmbios - ok
15:53:27.0717 0904  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:53:27.0717 0904  MSTEE - ok
15:53:27.0733 0904  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:53:27.0733 0904  MTConfig - ok
15:53:27.0748 0904  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
15:53:27.0748 0904  MTsensor - ok
15:53:27.0748 0904  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:53:27.0748 0904  Mup - ok
15:53:27.0795 0904  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:53:27.0811 0904  napagent - ok
15:53:27.0826 0904  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:53:27.0826 0904  NativeWifiP - ok
15:53:27.0858 0904  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:53:27.0858 0904  NDIS - ok
15:53:27.0873 0904  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:53:27.0889 0904  NdisCap - ok
15:53:27.0889 0904  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:53:27.0889 0904  NdisTapi - ok
15:53:27.0920 0904  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:53:27.0920 0904  Ndisuio - ok
15:53:27.0951 0904  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:53:27.0951 0904  NdisWan - ok
15:53:27.0982 0904  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:53:27.0982 0904  NDProxy - ok
15:53:27.0998 0904  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:53:27.0998 0904  NetBIOS - ok
15:53:28.0014 0904  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:53:28.0029 0904  NetBT - ok
15:53:28.0029 0904  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:53:28.0029 0904  Netlogon - ok
15:53:28.0045 0904  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:53:28.0045 0904  Netman - ok
15:53:28.0060 0904  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:53:28.0060 0904  netprofm - ok
15:53:28.0107 0904  [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
15:53:28.0107 0904  netr7364 - ok
15:53:28.0123 0904  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:53:28.0123 0904  NetTcpPortSharing - ok
15:53:28.0138 0904  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:53:28.0138 0904  nfrd960 - ok
15:53:28.0185 0904  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:53:28.0185 0904  NlaSvc - ok
15:53:28.0201 0904  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:53:28.0201 0904  Npfs - ok
15:53:28.0216 0904  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:53:28.0216 0904  nsi - ok
15:53:28.0232 0904  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:53:28.0232 0904  nsiproxy - ok
15:53:28.0279 0904  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:53:28.0294 0904  Ntfs - ok
15:53:28.0294 0904  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:53:28.0294 0904  Null - ok
15:53:28.0341 0904  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:53:28.0341 0904  nvraid - ok
15:53:28.0357 0904  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:53:28.0357 0904  nvstor - ok
15:53:28.0357 0904  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:53:28.0357 0904  nv_agp - ok
15:53:28.0372 0904  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:53:28.0372 0904  ohci1394 - ok
15:53:28.0435 0904  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:53:28.0435 0904  ose - ok
15:53:28.0560 0904  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:53:28.0575 0904  osppsvc - ok
15:53:28.0591 0904  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:53:28.0591 0904  p2pimsvc - ok
15:53:28.0622 0904  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:53:28.0622 0904  p2psvc - ok
15:53:28.0638 0904  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:53:28.0638 0904  Parport - ok
15:53:28.0669 0904  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:53:28.0669 0904  partmgr - ok
15:53:28.0684 0904  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:53:28.0684 0904  PcaSvc - ok
15:53:28.0684 0904  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:53:28.0684 0904  pci - ok
15:53:28.0700 0904  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:53:28.0700 0904  pciide - ok
15:53:28.0716 0904  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:53:28.0716 0904  pcmcia - ok
15:53:28.0731 0904  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:53:28.0731 0904  pcw - ok
15:53:28.0747 0904  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:53:28.0747 0904  PEAUTH - ok
15:53:28.0825 0904  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:53:28.0825 0904  PerfHost - ok
15:53:28.0856 0904  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:53:28.0872 0904  pla - ok
15:53:28.0903 0904  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:53:28.0918 0904  PlugPlay - ok
15:53:28.0918 0904  PnkBstrA - ok
15:53:28.0934 0904  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:53:28.0934 0904  PNRPAutoReg - ok
15:53:28.0934 0904  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:53:28.0934 0904  PNRPsvc - ok
15:53:29.0012 0904  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:53:29.0012 0904  PolicyAgent - ok
15:53:29.0028 0904  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:53:29.0028 0904  Power - ok
15:53:29.0043 0904  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:53:29.0043 0904  PptpMiniport - ok
15:53:29.0059 0904  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:53:29.0059 0904  Processor - ok
15:53:29.0090 0904  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:53:29.0090 0904  ProfSvc - ok
15:53:29.0090 0904  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:53:29.0090 0904  ProtectedStorage - ok
15:53:29.0121 0904  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:53:29.0121 0904  Psched - ok
15:53:29.0152 0904  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:53:29.0168 0904  ql2300 - ok
15:53:29.0184 0904  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:53:29.0184 0904  ql40xx - ok
15:53:29.0184 0904  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:53:29.0199 0904  QWAVE - ok
15:53:29.0215 0904  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:53:29.0215 0904  QWAVEdrv - ok
15:53:29.0230 0904  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:53:29.0230 0904  RasAcd - ok
15:53:29.0246 0904  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:53:29.0262 0904  RasAgileVpn - ok
15:53:29.0277 0904  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:53:29.0277 0904  RasAuto - ok
15:53:29.0308 0904  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:53:29.0308 0904  Rasl2tp - ok
15:53:29.0324 0904  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:53:29.0324 0904  RasMan - ok
15:53:29.0340 0904  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:53:29.0340 0904  RasPppoe - ok
15:53:29.0355 0904  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:53:29.0355 0904  RasSstp - ok
15:53:29.0371 0904  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:53:29.0371 0904  rdbss - ok
15:53:29.0386 0904  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:53:29.0386 0904  rdpbus - ok
15:53:29.0386 0904  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:53:29.0386 0904  RDPCDD - ok
15:53:29.0402 0904  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:53:29.0402 0904  RDPENCDD - ok
15:53:29.0402 0904  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:53:29.0402 0904  RDPREFMP - ok
15:53:29.0433 0904  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:53:29.0433 0904  RDPWD - ok
15:53:29.0464 0904  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:53:29.0464 0904  rdyboost - ok
15:53:29.0480 0904  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:53:29.0480 0904  RemoteAccess - ok
15:53:29.0496 0904  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:53:29.0496 0904  RemoteRegistry - ok
15:53:29.0527 0904  [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
15:53:29.0542 0904  RMCAST - ok
15:53:29.0542 0904  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:53:29.0542 0904  RpcEptMapper - ok
15:53:29.0558 0904  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:53:29.0574 0904  RpcLocator - ok
15:53:29.0605 0904  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:53:29.0605 0904  RpcSs - ok
15:53:29.0636 0904  [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:53:29.0636 0904  RTL8167 - ok
15:53:29.0636 0904  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:53:29.0636 0904  SamSs - ok
15:53:29.0667 0904  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:53:29.0667 0904  sbp2port - ok
15:53:29.0683 0904  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:53:29.0683 0904  SCardSvr - ok
15:53:29.0714 0904  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:53:29.0714 0904  scfilter - ok
15:53:29.0761 0904  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:53:29.0761 0904  Schedule - ok
15:53:29.0808 0904  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:53:29.0808 0904  SCPolicySvc - ok
15:53:29.0823 0904  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:53:29.0823 0904  SDRSVC - ok
15:53:29.0839 0904  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:53:29.0839 0904  secdrv - ok
15:53:29.0870 0904  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:53:29.0870 0904  seclogon - ok
15:53:29.0901 0904  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:53:29.0901 0904  SENS - ok
15:53:29.0901 0904  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:53:29.0901 0904  SensrSvc - ok
15:53:29.0932 0904  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:53:29.0932 0904  Serenum - ok
15:53:29.0948 0904  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:53:29.0948 0904  Serial - ok
15:53:29.0948 0904  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:53:29.0948 0904  sermouse - ok
15:53:29.0979 0904  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:53:29.0979 0904  SessionEnv - ok
15:53:30.0010 0904  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:53:30.0010 0904  sffdisk - ok
15:53:30.0010 0904  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:53:30.0010 0904  sffp_mmc - ok
15:53:30.0026 0904  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:53:30.0026 0904  sffp_sd - ok
15:53:30.0026 0904  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:53:30.0042 0904  sfloppy - ok
15:53:30.0073 0904  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:53:30.0073 0904  SharedAccess - ok
15:53:30.0104 0904  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:53:30.0104 0904  ShellHWDetection - ok
15:53:30.0120 0904  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:53:30.0120 0904  SiSRaid2 - ok
15:53:30.0120 0904  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:53:30.0120 0904  SiSRaid4 - ok
15:53:30.0135 0904  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:53:30.0135 0904  Smb - ok
15:53:30.0151 0904  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:53:30.0151 0904  SNMPTRAP - ok
15:53:30.0166 0904  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:53:30.0166 0904  spldr - ok
15:53:30.0213 0904  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:53:30.0213 0904  Spooler - ok
15:53:30.0260 0904  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:53:30.0276 0904  sppsvc - ok
15:53:30.0276 0904  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:53:30.0276 0904  sppuinotify - ok
15:53:30.0354 0904  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:53:30.0354 0904  srv - ok
15:53:30.0385 0904  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:53:30.0385 0904  srv2 - ok
15:53:30.0400 0904  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:53:30.0400 0904  srvnet - ok
15:53:30.0416 0904  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:53:30.0416 0904  SSDPSRV - ok
15:53:30.0432 0904  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:53:30.0432 0904  SstpSvc - ok
15:53:30.0447 0904  Steam Client Service - ok
15:53:30.0463 0904  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:53:30.0463 0904  stexstor - ok
15:53:30.0478 0904  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:53:30.0478 0904  stisvc - ok
15:53:30.0525 0904  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:53:30.0525 0904  swenum - ok
15:53:30.0541 0904  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:53:30.0541 0904  swprv - ok
15:53:30.0572 0904  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:53:30.0572 0904  SysMain - ok
15:53:30.0603 0904  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:53:30.0603 0904  TabletInputService - ok
15:53:30.0634 0904  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:53:30.0650 0904  TapiSrv - ok
15:53:30.0650 0904  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:53:30.0650 0904  TBS - ok
15:53:30.0712 0904  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:53:30.0712 0904  Tcpip - ok
15:53:30.0744 0904  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:53:30.0759 0904  TCPIP6 - ok
15:53:30.0790 0904  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:53:30.0790 0904  tcpipreg - ok
15:53:30.0806 0904  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:53:30.0806 0904  TDPIPE - ok
15:53:30.0837 0904  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:53:30.0837 0904  TDTCP - ok
15:53:30.0884 0904  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:53:30.0884 0904  tdx - ok
15:53:30.0884 0904  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:53:30.0884 0904  TermDD - ok
15:53:30.0931 0904  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:53:30.0931 0904  TermService - ok
15:53:30.0946 0904  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:53:30.0946 0904  Themes - ok
15:53:30.0962 0904  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:53:30.0978 0904  THREADORDER - ok
15:53:30.0978 0904  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:53:30.0993 0904  TrkWks - ok
15:53:31.0040 0904  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:53:31.0040 0904  TrustedInstaller - ok
15:53:31.0071 0904  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:53:31.0071 0904  tssecsrv - ok
15:53:31.0087 0904  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:53:31.0087 0904  TsUsbFlt - ok
15:53:31.0102 0904  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:53:31.0102 0904  tunnel - ok
15:53:31.0134 0904  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:53:31.0134 0904  uagp35 - ok
15:53:31.0165 0904  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:53:31.0165 0904  udfs - ok
15:53:31.0180 0904  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:53:31.0180 0904  UI0Detect - ok
15:53:31.0196 0904  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:53:31.0196 0904  uliagpkx - ok
15:53:31.0227 0904  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
15:53:31.0227 0904  umbus - ok
15:53:31.0243 0904  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:53:31.0243 0904  UmPass - ok
15:53:31.0321 0904  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:53:31.0336 0904  UNS - ok
15:53:31.0368 0904  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:53:31.0368 0904  upnphost - ok
15:53:31.0399 0904  [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:53:31.0399 0904  USBAAPL64 - ok
15:53:31.0430 0904  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:53:31.0430 0904  usbaudio - ok
15:53:31.0446 0904  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:53:31.0446 0904  usbccgp - ok
15:53:31.0477 0904  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:53:31.0477 0904  usbcir - ok
15:53:31.0477 0904  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:53:31.0477 0904  usbehci - ok
15:53:31.0492 0904  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:53:31.0492 0904  usbhub - ok
15:53:31.0508 0904  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:53:31.0508 0904  usbohci - ok
15:53:31.0524 0904  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:53:31.0524 0904  usbprint - ok
15:53:31.0539 0904  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:53:31.0539 0904  usbscan - ok
15:53:31.0555 0904  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:53:31.0555 0904  USBSTOR - ok
15:53:31.0570 0904  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:53:31.0570 0904  usbuhci - ok
15:53:31.0586 0904  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:53:31.0586 0904  UxSms - ok
15:53:31.0602 0904  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:53:31.0602 0904  VaultSvc - ok
15:53:31.0602 0904  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:53:31.0602 0904  vdrvroot - ok
15:53:31.0633 0904  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:53:31.0633 0904  vds - ok
15:53:31.0648 0904  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:53:31.0648 0904  vga - ok
15:53:31.0664 0904  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:53:31.0664 0904  VgaSave - ok
15:53:31.0680 0904  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:53:31.0680 0904  vhdmp - ok
15:53:31.0711 0904  [ 712BFD5DAC2668FBA4A2435FB06C3D00 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
15:53:31.0726 0904  VIAHdAudAddService - ok
15:53:31.0742 0904  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:53:31.0742 0904  viaide - ok
15:53:31.0758 0904  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:53:31.0758 0904  volmgr - ok
15:53:31.0789 0904  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:53:31.0789 0904  volmgrx - ok
15:53:31.0804 0904  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:53:31.0804 0904  volsnap - ok
15:53:31.0820 0904  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:53:31.0820 0904  vsmraid - ok
15:53:31.0867 0904  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:53:31.0867 0904  VSS - ok
15:53:31.0882 0904  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:53:31.0882 0904  vwifibus - ok
15:53:31.0898 0904  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:53:31.0898 0904  vwififlt - ok
15:53:31.0914 0904  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:53:31.0914 0904  W32Time - ok
15:53:31.0929 0904  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:53:31.0929 0904  WacomPen - ok
15:53:31.0929 0904  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:53:31.0929 0904  WANARP - ok
15:53:31.0945 0904  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:53:31.0945 0904  Wanarpv6 - ok
15:53:31.0976 0904  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:53:31.0976 0904  wbengine - ok
15:53:31.0992 0904  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:53:31.0992 0904  WbioSrvc - ok
15:53:32.0023 0904  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:53:32.0038 0904  wcncsvc - ok
15:53:32.0054 0904  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:53:32.0054 0904  WcsPlugInService - ok
15:53:32.0070 0904  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:53:32.0070 0904  Wd - ok
15:53:32.0085 0904  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:53:32.0085 0904  Wdf01000 - ok
15:53:32.0101 0904  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:53:32.0101 0904  WdiServiceHost - ok
15:53:32.0101 0904  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:53:32.0101 0904  WdiSystemHost - ok
15:53:32.0132 0904  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:53:32.0132 0904  WebClient - ok
15:53:32.0148 0904  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:53:32.0148 0904  Wecsvc - ok
15:53:32.0163 0904  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:53:32.0163 0904  wercplsupport - ok
15:53:32.0179 0904  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:53:32.0179 0904  WerSvc - ok
15:53:32.0194 0904  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:53:32.0194 0904  WfpLwf - ok
15:53:32.0194 0904  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:53:32.0194 0904  WIMMount - ok
15:53:32.0210 0904  WinDefend - ok
15:53:32.0210 0904  WinHttpAutoProxySvc - ok
15:53:32.0257 0904  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:53:32.0257 0904  Winmgmt - ok
15:53:32.0288 0904  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:53:32.0304 0904  WinRM - ok
15:53:32.0319 0904  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:53:32.0319 0904  WinUsb - ok
15:53:32.0335 0904  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:53:32.0350 0904  Wlansvc - ok
15:53:32.0460 0904  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:53:32.0460 0904  wlidsvc - ok
15:53:32.0475 0904  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:53:32.0475 0904  WmiAcpi - ok
15:53:32.0491 0904  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:53:32.0491 0904  wmiApSrv - ok
15:53:32.0506 0904  WMPNetworkSvc - ok
15:53:32.0522 0904  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:53:32.0522 0904  WPCSvc - ok
15:53:32.0538 0904  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:53:32.0538 0904  WPDBusEnum - ok
15:53:32.0553 0904  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:53:32.0553 0904  ws2ifsl - ok
15:53:32.0584 0904  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:53:32.0584 0904  wscsvc - ok
15:53:32.0584 0904  WSearch - ok
15:53:32.0631 0904  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:53:32.0647 0904  wuauserv - ok
15:53:32.0647 0904  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:53:32.0647 0904  WudfPf - ok
15:53:32.0694 0904  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:53:32.0694 0904  WUDFRd - ok
15:53:32.0725 0904  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:53:32.0725 0904  wudfsvc - ok
15:53:32.0740 0904  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:53:32.0740 0904  WwanSvc - ok
15:53:32.0740 0904  ================ Scan global ===============================
15:53:32.0772 0904  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:53:32.0803 0904  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:53:32.0803 0904  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:53:32.0834 0904  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:53:32.0865 0904  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:53:32.0865 0904  [Global] - ok
15:53:32.0865 0904  ================ Scan MBR ==================================
15:53:32.0881 0904  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:53:33.0052 0904  \Device\Harddisk0\DR0 - ok
15:53:33.0052 0904  ================ Scan VBR ==================================
15:53:33.0052 0904  [ C32475F7D1D17D275470482CF864CC33 ] \Device\Harddisk0\DR0\Partition1
15:53:33.0052 0904  \Device\Harddisk0\DR0\Partition1 - ok
15:53:33.0068 0904  [ ED6D8A059DE64F9F9F03396467F7B8D1 ] \Device\Harddisk0\DR0\Partition2
15:53:33.0068 0904  \Device\Harddisk0\DR0\Partition2 - ok
15:53:33.0084 0904  ============================================================
15:53:33.0084 0904  Scan finished
15:53:33.0084 0904  ============================================================
15:53:33.0084 1352  Detected object count: 1
15:53:33.0084 1352  Actual detected object count: 1
         
So Vielen Dank schonmal für die Unterstützung

Alt 28.09.2012, 15:52   #7
M-K-D-B
/// TB-Ausbilder
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



Servus,



so gehts weiter:




Schritt 1
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.





Schritt 2
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.





Wie läuft dein Rechner derzeit?
Gibt es noch Probleme?






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die beiden Logdateien von OTL,
  • die Beantwortung meiner Fragen.

Alt 28.09.2012, 17:16   #8
semmel3
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



so schritt 1 :
Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 09/28/2012 um 18:13:37 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Semmel3 - SEMMEL3-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Semmel3\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\searchplugins\Plusnetwork.xml
Ordner Gelöscht : C:\Users\Semmel3\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\Semmel3\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\Conduit
Ordner Gelöscht : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\ConduitCommon
Ordner Gelöscht : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\CT2653012
Ordner Gelöscht : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Ordner Gelöscht : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchplusnetwork.com/?sp=vit4 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\prefs.js

C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2653012..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2653012.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2653012.AppTrackingLastCheckTime", "Tue Dec 13 2011 21:15:37 GMT+0100");
Gelöscht : user_pref("CT2653012.BrowserCompStateIsOpen_129514968327663878", true);
Gelöscht : user_pref("CT2653012.BrowserCompStateIsOpen_129653180391256971", true);
Gelöscht : user_pref("CT2653012.CTID", "CT2653012");
Gelöscht : user_pref("CT2653012.CurrentServerDate", "13-12-2011");
Gelöscht : user_pref("CT2653012.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2653012.DialogsGetterLastCheckTime", "Sun Dec 11 2011 17:58:19 GMT+0100");
Gelöscht : user_pref("CT2653012.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2653012.FirstServerDate", "12-4-2011");
Gelöscht : user_pref("CT2653012.FirstTime", true);
Gelöscht : user_pref("CT2653012.FirstTimeFF3", true);
Gelöscht : user_pref("CT2653012.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2653012.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2653012.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2653012.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2653012.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2653012.Initialize", true);
Gelöscht : user_pref("CT2653012.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2653012.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2653012.InstalledDate", "Tue Apr 12 2011 22:50:49 GMT+0200");
Gelöscht : user_pref("CT2653012.InvalidateCache", false);
Gelöscht : user_pref("CT2653012.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2653012.IsGrouping", false);
Gelöscht : user_pref("CT2653012.IsMulticommunity", false);
Gelöscht : user_pref("CT2653012.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2653012.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2653012.LanguagePackLastCheckTime", "Mon Dec 12 2011 20:07:20 GMT+0100");
Gelöscht : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2653012.LastLogin_2.7.1.3", "Sat Apr 30 2011 13:43:56 GMT+0200");
Gelöscht : user_pref("CT2653012.LastLogin_3.3.3.2", "Thu Jun 30 2011 22:59:13 GMT+0200");
Gelöscht : user_pref("CT2653012.LastLogin_3.6.0.10", "Tue Sep 27 2011 21:08:13 GMT+0200");
Gelöscht : user_pref("CT2653012.LastLogin_3.7.0.6", "Tue Nov 08 2011 22:16:19 GMT+0100");
Gelöscht : user_pref("CT2653012.LastLogin_3.8.0.8", "Mon Dec 05 2011 20:42:20 GMT+0100");
Gelöscht : user_pref("CT2653012.LastLogin_3.8.1.0", "Tue Dec 13 2011 21:15:37 GMT+0100");
Gelöscht : user_pref("CT2653012.LatestVersion", "3.8.1.0");
Gelöscht : user_pref("CT2653012.Locale", "en");
Gelöscht : user_pref("CT2653012.LoginCache", 4);
Gelöscht : user_pref("CT2653012.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2653012.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2653012.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2653012.RadioIsPodcast", false);
Gelöscht : user_pref("CT2653012.RadioLastCheckTime", "Tue Dec 13 2011 17:59:52 GMT+0100");
Gelöscht : user_pref("CT2653012.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2653012.RadioLastUpdateServer", "129438915777300000");
Gelöscht : user_pref("CT2653012.RadioMediaID", "21806912");
Gelöscht : user_pref("CT2653012.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2653012.RadioMenuSelectedID", "EBRadioMenu_CT265301221806912");
Gelöscht : user_pref("CT2653012.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2653012.RadioStationName", "California%20Rock%20-%20Rock");
Gelöscht : user_pref("CT2653012.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Gelöscht : user_pref("CT2653012.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2653012.SearchBoxWidth", 150);
Gelöscht : user_pref("CT2653012.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2653012.SearchEngineBeforeUnload", "Yahoo");
Gelöscht : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Gelöscht : user_pref("CT2653012.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Mon Dec 12 2011 17:58:21 GMT+0100");
Gelöscht : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2653012.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2653012.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2653012.ServiceMapLastCheckTime", "Mon Dec 12 2011 21:17:48 GMT+0100");
Gelöscht : user_pref("CT2653012.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2653012.SettingsLastCheckTime", "Tue Dec 13 2011 13:17:27 GMT+0100");
Gelöscht : user_pref("CT2653012.SettingsLastUpdate", "1323706893");
Gelöscht : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Thu Dec 08 2011 17:58:18 GMT+0100");
Gelöscht : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1312887586");
Gelöscht : user_pref("CT2653012.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
Gelöscht : user_pref("CT2653012.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2653012.UserID", "UN98209596837378296");
Gelöscht : user_pref("CT2653012.ValidationData_Search", 0);
Gelöscht : user_pref("CT2653012.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2653012.alertChannelId", "1045667");
Gelöscht : user_pref("CT2653012.backendstorage.cb_firstuse0100", "31");
Gelöscht : user_pref("CT2653012.backendstorage.cbfirsttime", "576564204E6F7620303920323031312031383A32313A34342[...]
Gelöscht : user_pref("CT2653012.backendstorage.ct2653012ads1", "25374225323261647325323225334125354225374225323[...]
Gelöscht : user_pref("CT2653012.backendstorage.ct2653012current_term", "426C75652B466F756E646174696F6E2B2D2B457[...]
Gelöscht : user_pref("CT2653012.backendstorage.ct2653012sdate", "3230");
Gelöscht : user_pref("CT2653012.backendstorage.facebook_mode", "32");
Gelöscht : user_pref("CT2653012.backendstorage.facebook_user_locale", "6465");
Gelöscht : user_pref("CT2653012.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Gelöscht : user_pref("CT2653012.backendstorage.url_history", "687474703A2F2F7777772E796F75747562652E636F6D2F776[...]
Gelöscht : user_pref("CT2653012.backendstorage.url_history_time", "31333233383031343031313832");
Gelöscht : user_pref("CT2653012.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2653012.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2653012.components.1000234", false);
Gelöscht : user_pref("CT2653012.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Tue Dec 13 2011 21:15:37 GMT+0100");
Gelöscht : user_pref("CT2653012.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2653012.initDone", true);
Gelöscht : user_pref("CT2653012.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2653012.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2653012.myStuffEnabled", true);
Gelöscht : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2653012.oldAppsList", "129199665576502590,129199665576658841,111,129518362214439676,129[...]
Gelöscht : user_pref("CT2653012.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2653012.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2653012.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2653012.testingCtid", "");
Gelöscht : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Mon Dec 12 2011 21:17:48 GMT+0100");
Gelöscht : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Mon Dec 05 2011 12:42:19 GMT+0100");
Gelöscht : user_pref("CT2653012.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2653012.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2653012&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d8[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "veoh_web_player");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Semmel3\\AppData\\Roaming\\Mozilla\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2653012");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "veoh_web_player");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2653012");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 07 2011 11:10:43 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 14:17:07 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 30 2011 14:16:59 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{590a3c05-19db-4f14-a5dc-8babac194955}");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "3089e1ab-5016-420f-b8e3-8493fa09e5a9");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.killedEngine", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Dec 12 2011 14:33:3[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Dec 12 2011 17:58:30 GMT+010[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Dec 12 2011 21:17:49 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "06737bc5-3fc2-42fc-9423-979089138e7d");
Gelöscht : user_pref("CommunityToolbar.undefined", "");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchplusnetwork.com/?sp=vit4");
Gelöscht : user_pref("keyword.URL", "hxxp://www.searchplusnetwork.com/?sp=vit4&q=");

*************************

AdwCleaner[R1].txt - [19354 octets] - [28/09/2012 15:42:10]
AdwCleaner[S1].txt - [19930 octets] - [28/09/2012 18:13:37]

########## EOF - C:\AdwCleaner[S1].txt - [19991 octets] ##########
         
schritt 2 :

OTL-Text:

Code:
ATTFilter
OTL logfile created on: 28.09.2012 18:19:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Semmel3\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 78,79% Memory free
15,92 Gb Paging File | 14,01 Gb Available in Paging File | 88,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1432,80 Gb Free Space | 76,91% Space Free | Partition Type: NTFS
Drive D: | 4,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SEMMEL3-PC | User Name: Semmel3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Semmel3\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Semmel3\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Gizmo Central) -- C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KORGUMDS) -- C:\Windows\SysNative\drivers\KORGUM64.SYS (KORG INC.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (GizmoDrv) -- C:\Windows\SysNative\drivers\gizmodrv.sys (Arainia Solutions LLC)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 1E 10 43 96 49 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = hxxp://starwebsearch.com/index.php?from=4&q={searchTerms}
IE - HKCU\..\SearchScopes\{FCBEBBEA-AD82-4B47-8174-B91EEF715793}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.25 19:31:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 11:10:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.18 15:37:57 | 000,000,000 | ---D | M]
 
[2011.01.08 20:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Extensions
[2012.09.28 18:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions
[2011.04.19 16:00:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.15 19:17:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\ich@maltegoetz.de
[2011.08.28 13:19:22 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\youtube2mp3@mondayx.de.xpi
[2012.08.07 14:29:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.08.05 13:18:02 | 000,002,125 | ---- | M] () -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\searchplugins\GoogleFeed.xml
[2012.05.15 15:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.08 11:10:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.13 16:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 20:08:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 16:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 16:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 16:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 16:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Semmel3\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E8E9CFC-3CD5-464C-9C0A-C8674660156B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AACA96B-FDA6-4FD6-BE38-B7A3B95D772A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3E2BEF1-762D-4321-B489-A8635273DA18}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.06.27 00:29:39 | 000,000,022 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d7c2763a-816f-11e1-8180-20cf30bbd32d}\Shell - "" = AutoRun
O33 - MountPoints2\{d7c2763a-816f-11e1-8180-20cf30bbd32d}\Shell\AutoRun\command - "" = E:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.28 15:52:10 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\89412721.sys
[2012.09.28 15:36:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Semmel3\Desktop\aswMBR.exe
[2012.09.28 13:59:31 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.09.28 13:25:08 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\AppData\Roaming\Malwarebytes
[2012.09.28 13:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.28 13:24:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.28 13:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.28 13:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.26 12:35:22 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.22 14:24:30 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 14:24:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 14:24:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 14:24:29 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 14:24:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 14:24:29 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 14:24:29 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.20 16:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012.09.20 16:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012.09.20 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Guild Wars 2
[2012.09.12 13:04:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 13:04:02 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 13:04:01 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 13:04:01 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.08.30 10:26:35 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Games for Windows - LIVE Demos
[2012.08.30 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Spartan
[2012.08.30 03:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Wonderful End of the World Trial
[2012.08.30 02:55:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012.08.30 02:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012.08.30 02:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.28 18:19:15 | 001,541,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.28 18:19:15 | 000,669,456 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.28 18:19:15 | 000,628,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.28 18:19:15 | 000,137,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.28 18:19:15 | 000,112,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.28 18:14:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.28 18:14:26 | 2115,280,895 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.28 17:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.28 15:55:18 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 15:55:18 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 15:52:10 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\89412721.sys
[2012.09.28 15:50:18 | 000,000,512 | ---- | M] () -- C:\Users\Semmel3\Desktop\MBR.dat
[2012.09.28 15:36:56 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Semmel3\Desktop\aswMBR.exe
[2012.09.28 13:24:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.20 16:10:52 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.09.10 02:42:27 | 000,435,725 | ---- | M] () -- C:\Users\Semmel3\Desktop\sicherung arbeit.odt
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.28 15:50:18 | 000,000,512 | ---- | C] () -- C:\Users\Semmel3\Desktop\MBR.dat
[2012.09.28 13:24:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.20 16:10:52 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.09.10 02:41:34 | 000,435,725 | ---- | C] () -- C:\Users\Semmel3\Desktop\sicherung arbeit.odt
[2012.08.30 02:55:03 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.04.09 23:07:33 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2012.04.08 22:37:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.04.08 22:37:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.04.08 22:37:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.25 05:41:08 | 000,007,597 | ---- | C] () -- C:\Users\Semmel3\AppData\Local\Resmon.ResmonCfg
[2011.06.10 17:20:40 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.06.10 17:20:40 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011.01.19 12:07:17 | 000,000,095 | ---- | C] () -- C:\Users\Semmel3\AppData\Local\fusioncache.dat
[2011.01.18 08:15:22 | 001,540,406 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.18 08:12:35 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.18 08:12:33 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.18 08:12:31 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.01.17 18:45:14 | 000,000,600 | ---- | C] () -- C:\Users\Semmel3\AppData\Roaming\winscp.rnd
[2011.01.08 20:27:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.08 19:57:20 | 000,027,504 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.01.08 19:56:10 | 000,019,533 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.01.08 19:56:10 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

Extras: 

Code:
ATTFilter
OTL Extras logfile created on: 28.09.2012 18:19:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Semmel3\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 78,79% Memory free
15,92 Gb Paging File | 14,01 Gb Available in Paging File | 88,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1432,80 Gb Free Space | 76,91% Space Free | Partition Type: NTFS
Drive D: | 4,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SEMMEL3-PC | User Name: Semmel3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D89D08-76C7-437F-8061-2218A66A6BCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{04A5FF94-E827-48BF-B14E-F95B15AF5774}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0C5CA600-5847-4EAC-ACF2-AD51F93986D4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0ED68441-E2BB-412B-AE60-BB2C46B7EBEA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{168E2F66-B90D-45DE-8DCF-82F614CC0313}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{289483AB-06BD-41FA-85EB-DD4E326EF51A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{298CF00C-9ABA-4CE4-B648-A9EC39FB8E8E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2B79A649-7AD2-46C4-ABF5-D57EA3BBF4E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2EFDB6D1-8CE8-4853-BD7F-B3AA3ACF899F}" = lport=49168 | protocol=6 | dir=in | name=akamai netsession interface | 
"{2F44BCC5-BC13-4AAB-A782-E0F3A77620C3}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{442AB8F5-8D04-4252-A35D-38FE1A62473C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{48EB8F4D-37D4-458C-88DB-0B783695834D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D5DA65E-7F51-40BA-BE6B-955009B2EE4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{65097C6C-A337-40E0-9E08-4ECED3F820B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F62DFE7-4177-4C3E-92D5-78D239CDE950}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6FD666CF-C087-4D88-8E09-8121B7B39402}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{702D77F1-7D87-421D-97B8-28062361C9DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{75D71D67-CD46-4C0C-955F-A8DEFCF3452F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{87D3A8EF-A493-4720-827D-05332F152405}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8A2EDED2-4748-44D4-B6E4-49AAB74C0C5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8BA8EC31-8549-49D2-9409-21D110A9FE5C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9B429D87-9F66-4AB3-8D4B-8F072F0170B0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{9F95ED39-CBFE-4A70-AF92-7F3494A882CE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A6A19C95-0AF3-4A31-B4FA-326CEEB3B9D5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BB7D3CC5-F113-4EA9-BDCE-B50AEAC77845}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7A59223-BD9C-4A53-BF77-7DDC7DE6B14B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CA40648F-6BFE-4452-A214-9965DCBE0395}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D693F4FA-7A32-427D-8301-FBC4CB8D61C9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D6A69205-67ED-4E11-8C1D-87330448C510}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC1D6C78-CDF7-4A7E-8669-AE475B30D4A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DF50F3F9-B392-4CE5-8D8C-56012292325C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E03AC141-0602-421B-83E0-D5C1C390AC65}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FF266D2B-7CF5-48B6-89F3-DB6D162E94B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015E7DFA-E039-4FBE-AE12-1A8ED924A7D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mother99\counter-strike source\hl2.exe | 
"{01DCB31E-28CF-4F69-BE48-3A636FB95B97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{02DF55F6-A590-45F2-8FBA-D727A0849359}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforever.exe | 
"{17FE9864-EB12-4313-A356-54736DCB7CED}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{1F0B4EE5-998F-416A-9ABC-5860758BA037}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforeverlauncher.exe | 
"{21ACC931-BD3B-4235-B48B-846A65DAA4E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{261228B9-79B5-4D50-B3BF-2E803EF65CB3}" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"{28DF8BD9-2BF0-451D-9DB7-309ECEE92925}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2A0FB448-974D-4C13-BDD5-FE10BD88A5EA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{2C8CB090-7317-4F67-9951-2E7616A13B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"{2DEC89C9-F931-4504-9136-566581529314}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{2E6BC299-95C0-44C9-B0CF-1F13C1DB57B6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{32FC71EB-BC3E-495A-9914-AC3C1334FC02}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3327864F-7518-4BCC-81FE-A72C20BD5030}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{3371047D-8F44-4806-A723-AF4F9044C32C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{34001BB9-C9D4-441E-A3B1-69DBDAAF3B03}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{34F2F701-A54F-47E7-B80A-A66C043836FD}" = dir=out | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe | 
"{3DAC82E0-0CF2-4A6A-8655-1E4389680F2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{3DAF56D8-1C8B-4D5C-8343-C4522737B079}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{422C7F1F-642C-42CD-AD6C-BD950A8C3A43}" = dir=out | app=%programfiles% (x86)\ableton\live 8.0.1\program\live 8.0.1.exe | 
"{4569CEF6-0B7C-459D-8600-A1C307209F08}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4B5817BD-DC1C-401C-9260-C4EECD167806}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{4C0BA5C5-C186-424A-ABCE-4E668D1E4DEC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{55EBB7A0-751C-47DD-ABD6-AFB6055622FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{58F8A5AD-F819-4CBB-AC22-072E07CAFA70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C971D68-FEB1-4392-88AC-B1C774FDE96F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6330180B-4586-4FE0-A04E-17466155463B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{65C734C7-615E-4438-9CE9-C170BBC1585D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6757E155-B5E4-4748-AEFB-E96A6341304A}" = dir=out | app=%programfiles%\native instruments\reaktor 5\reaktor5.exe | 
"{6A51DDB3-9494-4140-A4D8-B27E816F2EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforeverlauncher.exe | 
"{6BD32769-3A93-43AA-A6D8-90BA0D2A286B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{6EBB6EE0-91F2-4680-AF9B-E0D8E885307E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{6F15A31A-9F99-4519-8302-C566723E23F4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7064779A-0ABE-4BC5-A4DD-04F020047003}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{728E728E-B6B9-47D7-9F27-D0373FD48326}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{73EF78C8-F550-41F3-B6BA-D20F94DA022C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{7B23F193-88A5-40CB-95C8-B65B43074179}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C1FD9F9-7C13-4F91-8639-1548BE5C5C82}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7D2F7435-9471-4FF3-A6CA-A1BD136AE8AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{7E1F5B54-AD24-433F-9F24-305AF53FF1A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7E96EF0E-EE3C-4E26-B7F4-8DDD8F650859}" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"{8113BE97-2ED9-42C0-9DD1-4A18ED10EC25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{82A02444-7EBD-4500-BECF-A588DA71F250}" = protocol=17 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"{845B7CFA-FD50-4BE3-8C1D-39FEAFEDC103}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | 
"{8C4CB877-771A-4CE7-AD9E-3E869B965DFD}" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"{8E330D6E-04C7-4510-B7CA-CC104731661E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F3AC6DE-ADD3-4FD2-9201-B12264B954F2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{8F78629F-4686-4631-8061-36F6B4933D46}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | 
"{9CA29403-EE7B-4D35-B5E6-7CC214B94BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{A4ADDAAE-C62E-4864-838F-F94363EEEFA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A6E4640D-431B-40E1-ABA2-44DEFA051E83}" = dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe | 
"{A7B133E6-9153-46EF-80CD-890E79743E4D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{A88E3071-9214-4E19-9EB9-EEC10C3EC0F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A8E15104-9B7A-4763-9FB7-3CB2E3D3D587}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{A8F14CDA-D3E0-49B8-B400-D1AA3FDCCECD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B229312B-FBF9-46CA-B9DA-197150D9093C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{B3469B3F-83C4-4394-B030-2B1D54BC533A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{B3F0851E-EB6A-4B58-B6B2-1E6C656B03B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B7C93736-8A85-4D43-8AAE-AABE4374C2D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDCAA190-6FEA-4EB0-9B25-CDFF8010CD75}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{C395F7AD-AF9D-47D0-9D79-D8196FD1DBF1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C4482D10-9D9B-4EF5-BEC2-6AE5B1837AE9}" = dir=in | app=%programfiles% (x86)\ableton\live 8.0.1\program\live 8.0.1.exe | 
"{C6518FB6-635E-44DC-BCF5-5C9B263FDB3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\lutziie\counter-strike source\hl2.exe | 
"{CDD7517F-7532-41F1-9CB9-9A82D31E201F}" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"{CF7E1DCD-33A8-4C1B-B6EA-0BA4957CE895}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mother99\counter-strike source\hl2.exe | 
"{D157192D-4512-47F0-BE76-229950D9DC46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\lutziie\counter-strike source\hl2.exe | 
"{D8708315-2EF8-4910-8859-F6E44A8F8B1E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{DDF15E72-F345-42EF-A491-9F26A3E9B315}" = protocol=6 | dir=out | app=system | 
"{E03FFC84-8678-4B4B-BE28-9B07B29393BF}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{E2E6AD6E-366F-469E-8882-F0BDA9E08627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E420B9D9-B609-4A31-8AFF-4A7294D513DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{E9D970F2-7628-4F20-A057-DC1A649AFD8D}" = dir=in | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe | 
"{EA636CA8-5B82-4E63-AF83-B67FC317B1FE}" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"{EE444846-1B82-443C-967B-37B21CD7041C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforever.exe | 
"{F3670743-85E8-41CD-8F81-12DF95937434}" = protocol=6 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"{F567067A-522A-436D-8D18-14AFFA54F38F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{F6550485-E251-4C51-8B1B-4F556F4D56E5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{F7979907-8D14-4549-B410-A52FEC061BFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FF0519E5-EFC7-4792-B708-3CDE278C5440}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"TCP Query User{06A4D315-D932-4EA5-8BCD-0F44D1F50DC7}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{0ABB63E0-BACF-4065-A686-EAC9A531BA0D}C:\users\semmel3\desktop\mw2\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.dat | 
"TCP Query User{0AECF25A-D03D-4166-8D08-6D5B723A9B62}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{25FE0EB9-6785-43BD-BE95-159190BC7892}C:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe | 
"TCP Query User{2A14BF8F-7052-4586-AF0E-6DECAA7A486A}C:\users\semmel3\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{310EC278-9CA6-463A-82BA-3A8D6F967EA6}C:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe | 
"TCP Query User{37F940C5-F7C0-40B2-A2A7-99E9EA6DB03A}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"TCP Query User{4314FCE3-2D1B-403D-9F12-3F6FAAB04564}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{4E26B57E-2DAB-49C0-9472-3B0428DA8F61}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"TCP Query User{74BEB245-C2B0-4475-AB16-9A7B135AB5AD}C:\program files (x86)\activision\modern warfare 2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mpold.exe | 
"TCP Query User{77C8A727-1195-4E3A-94C1-6741E3814BFC}C:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{7C695C05-029E-4092-8EF5-4775028636B5}C:\users\semmel3\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\temp\gw2.exe | 
"TCP Query User{956CDBDE-2F32-413B-87D4-7F99E011C527}C:\users\semmel3\desktop\mw2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.exe | 
"TCP Query User{AC551760-E41B-49A2-93B6-A3B7566C3BB9}C:\users\semmel3\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{B5D8E2AA-7FE2-485E-8BDC-F8A6571309E4}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"TCP Query User{BA266FE6-E0C4-482F-B7D6-DC9A96C39F8A}C:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe | 
"TCP Query User{C339BDCE-C350-4563-AE8F-59720E5248A3}C:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe" = protocol=6 | dir=in | app=c:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe | 
"TCP Query User{CF95CF45-BD46-4407-94DF-4084540069B6}C:\users\semmel3\desktop\mw2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mpold.exe | 
"TCP Query User{D11C0AD1-5038-4D67-B7C5-9EDFA41C041B}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"TCP Query User{D70AA586-AB0B-4074-BECF-EC4C3BB7E9F6}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"TCP Query User{DE121CE7-A433-4EFD-8D23-C2E0FA4E4DD4}C:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe | 
"TCP Query User{E5746666-6631-4E1A-8F59-79A75F2EB617}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"TCP Query User{F02F160F-6A38-4630-9EDD-DFDE21C23202}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{F3BE3F8F-D78B-492D-AE54-4369A91D68B1}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{FDD9264B-55AE-4207-A3A4-CAF460A15081}C:\program files (x86)\activision\modern warfare 2\iw4m.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4m.exe | 
"TCP Query User{FFB03BEC-5704-49E0-B8D5-C57C08130E2F}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{0077A4C1-42B2-4CEC-BB14-D99D8E8CABF9}C:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe | 
"UDP Query User{0096B6F4-1115-46D0-B347-B33C881EBE7C}C:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe | 
"UDP Query User{04816270-EF81-4A16-90D4-8D097BA3C543}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"UDP Query User{0A33625F-9A19-42D4-A492-BBB8F8D29CD3}C:\users\semmel3\desktop\mw2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mpold.exe | 
"UDP Query User{113A8EA1-7C69-4BDF-8F73-FFFB0CB7DF10}C:\program files (x86)\activision\modern warfare 2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mpold.exe | 
"UDP Query User{138C4001-8B85-4293-AB8F-41E7DC53173C}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{359FA801-D0D1-467F-95DB-BFD2F5C2B431}C:\users\semmel3\desktop\mw2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.exe | 
"UDP Query User{377B05DC-60E4-4FB4-9D51-8CED59B8A4E4}C:\users\semmel3\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{39C04FD3-5D52-4BC9-9F5B-1F5DBD83CA3C}C:\users\semmel3\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{3ECB84A6-8F05-47A5-A72D-377BE5D83AA8}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{3F68D25C-A7AD-41CF-8547-86FE540281AA}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{5DF9A99E-D1A6-456B-8155-EA045B186FE0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{6C5C2639-064F-4202-B1E9-EF2B35E9603B}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"UDP Query User{6DC76822-25EA-4A77-AC8A-C156CD5C731E}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"UDP Query User{7BFF630B-2153-48F7-A016-B291B43459A9}C:\users\semmel3\desktop\mw2\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.dat | 
"UDP Query User{7E4CF59E-761D-4295-8C9C-6207AC7841FD}C:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{8AE10A56-C960-46D6-90AE-8A8CE0D65179}C:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe | 
"UDP Query User{97EBEDCD-5D5D-45F6-94E5-4F790885BCDD}C:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe | 
"UDP Query User{A77EB67B-DB34-4015-B2B9-2710E32B51DF}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"UDP Query User{BF193D71-C053-4355-9DF3-532DB3F231FD}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"UDP Query User{CDDB15D7-486A-46DE-9520-6F53B9FC60BC}C:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe" = protocol=17 | dir=in | app=c:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe | 
"UDP Query User{CFD885F0-8527-40DA-944E-D74F61DC361A}C:\program files (x86)\activision\modern warfare 2\iw4m.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4m.exe | 
"UDP Query User{D5F2F23D-9464-4FA9-BD38-529125B8EFEC}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"UDP Query User{E0343B7F-BD3D-41A1-9414-0E6046224FE4}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{F4924D05-D9CC-4871-B0CF-D9867B235B68}C:\users\semmel3\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\temp\gw2.exe | 
"UDP Query User{F6B94F14-8759-4CC3-B8FC-DFD7A2AC1249}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E086923-AAA3-4F98-A6E2-48B64CE27553}" = Native Instruments Reaktor Factory Selection
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5941D535-34BF-BB6E-E52B-F464E4E955FF}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A2DDE39D-BA16-4DBB-9C96-A6703142DCF3}" = Native Instruments Komplete 7 Players
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0FC9E28-1CE6-4A40-BEF1-C6E6EDFCA070}" = Native Instruments Kontakt Factory Selection
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D7D6AA2C-DD2C-53F1-1F1D-5AC3CDE1B90C}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{04475621-9BF8-EF82-4691-1C8FD9D40FD2}" = CCC Help Polish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07A733AA-2D8C-1E0E-ED9B-B4CA59AE86B3}" = Catalyst Control Center
"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AADBEB8-3F11-7FB7-6DDC-EE2276C1A80E}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{2C3F42F5-935B-E64C-13D7-4369B0D66DE9}" = CCC Help Greek
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37CE847B-3279-1A39-CA09-FBF330B5EC97}" = CCC Help Czech
"{3C15E8E2-3463-584F-D4F8-D95878737EAB}" = CCC Help Norwegian
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{420500EA-4038-AADB-DD76-90D0311E5867}" = CCC Help Spanish
"{43403BCA-6051-A108-682C-5BABB69D3919}" = CCC Help Hungarian
"{441717E8-ADF5-4724-8B90-FA8DE7B73F91}" = KORG KAOSSILATOR PRO Editor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{549ECD2C-5ACD-0598-56E6-BF88F6B5CE9E}" = CCC Help Portuguese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BAD1D5F-157F-C4D7-05B8-7B2D08874DFA}" = CCC Help German
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{6E9484D8-F1F5-8737-3C35-C2ACB8BC9BF8}" = CCC Help Danish
"{6EB6BC61-0079-80B7-9AE8-A28E02F81E04}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DDE8F9-FAD1-4C64-84DF-DF287EAE6FAE}" = CCC Help Turkish
"{7C53D4FA-0F42-3B24-686B-2AB688C8B112}" = Catalyst Control Center Localization All
"{810AC1C1-CB19-45EA-B5C9-77B654F9CA07}" = TQ Defiler.NET
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{85F76CD3-92C2-6422-202C-ADC655E83940}" = CCC Help Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.POWERPOINT_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.POWERPOINT_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92E71E47-7BDE-2A10-A9C2-373DCAE4EEB9}" = CCC Help Chinese Traditional
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9693675A-7108-247D-A369-AF08C8E32CFD}" = CCC Help English
"{9971CC5F-9E89-6024-72CD-2F9B33305B7F}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E8426B6-0027-8C7E-9729-E86053D9A3D5}" = CCC Help Finnish
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B3CB5BA3-3E98-4E85-944E-B03D055F8450}" = KORG USB-MIDI Driver Tools for Windows
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B66F4972-5C17-90A5-95AB-0C4DAEFC92A4}" = CCC Help Korean
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{DB689397-D3C2-BD23-A83E-FCA68454F0FE}" = CCC Help Dutch
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EAD24F4A-8BB8-EAC5-A995-3D9A96DF3FA4}" = CCC Help French
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BC0231-25D6-B4BF-5D9E-633220A2C09A}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F501FACA-3AFB-FAC4-825D-F6D1343F0C69}" = Catalyst Control Center Graphics Previews Common
"{F7657E34-0046-9515-61D9-7AAFC84C4AC8}" = CCC Help Thai
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Akamai" = Akamai NetSession Interface Service
"ArtMoney SE_is1" = ArtMoney SE v7.35
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"DAEMON Tools Pro" = DAEMON Tools Pro
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup" = DivX-Setup
"Free Studio_is1" = Free Studio version 5.3.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"Gizmo Central" = Gizmo Central
"Guild Wars 2" = Guild Wars 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Live 8.2.2" = Live 8.2.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Komplete 7 Players" = Native Instruments Komplete 7 Players
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kontakt Factory Selection" = Native Instruments Kontakt Factory Selection
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Service Center" = Native Instruments Service Center
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.91
"Steam App 12840" = DiRT 2
"Steam App 240" = Counter-Strike: Source
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 7200" = TrackMania United
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"winscp3_is1" = WinSCP 4.2.9
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 21:29:23 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 29.08.2012 21:29:26 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 29.08.2012 21:29:28 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 30.08.2012 08:59:39 | Computer Name = Semmel3-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MiracleWOW.exe, Version: 1.0.0.25,
 Zeitstempel: 0x4feb47ba  Name des fehlerhaften Moduls: MiracleWOW.exe, Version: 1.0.0.25,
 Zeitstempel: 0x4feb47ba  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0011230e  ID des fehlerhaften
 Prozesses: 0x13dc  Startzeit der fehlerhaften Anwendung: 0x01cd86af48afecfa  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\World of Warcraft\MiracleWOW.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\World of Warcraft\MiracleWOW.exe
Berichtskennung:
 8e46102f-f2a2-11e1-9b7e-20cf30bbd32d
 
Error - 30.08.2012 20:49:42 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.0.4619 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ad4    Startzeit: 
01cd861145029f28    Endzeit: 24    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 be4eec46-f305-11e1-9b7e-20cf30bbd32d  
 
Error - 31.08.2012 11:45:42 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 10.09.2012 16:17:34 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e64    Startzeit: 
01cd8f528cec3d54    Endzeit: 28    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 8cbe742e-fb84-11e1-b400-20cf30bbd32d  
 
Error - 10.09.2012 21:13:43 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: a40    Startzeit: 
01cd8f9151442b30    Endzeit: 25    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 ec13e286-fbad-11e1-b400-20cf30bbd32d  
 
Error - 20.09.2012 11:40:15 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ff8    Startzeit: 
01cd973efe2a6a71    Endzeit: 22    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 77276dc8-0339-11e2-ba4e-20cf30bbd32d  
 
Error - 22.09.2012 08:23:39 | Computer Name = Semmel3-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: update.exe_Avira Free Antivirus, 
Version: 12.3.14.31, Zeitstempel: 0x4fe31944  Name des fehlerhaften Moduls: aepack.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x5050b518  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x037037d4  ID des fehlerhaften Prozesses: 0x13ec  Startzeit der fehlerhaften Anwendung:
 0x01cd98bca88de599  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir
 Desktop\update.exe  Pfad des fehlerhaften Moduls: aepack.dll  Berichtskennung: 56684367-04b0-11e2-b47c-20cf30bbd32d
 
[ System Events ]
Error - 23.09.2012 06:48:24 | Computer Name = Semmel3-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.101
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.09.2012 14:15:18 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 24.09.2012 15:42:35 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.09.2012 10:22:26 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27.09.2012 07:26:48 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 27.09.2012 07:26:48 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.09.2012 09:02:27 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 28.09.2012 10:33:04 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 28.09.2012 12:17:30 | Computer Name = Semmel3-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 28.09.2012 12:18:01 | Computer Name = Semmel3-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
 
< End of report >
         
< End of report >


Probleme gab es nur kleine wie Abstürze von Firefox oder Hänger . Hauptsächlich die Geschwindigkeit hat sich in letzter Zeit stark reduziert deswegen bin ich darauf gekommen ! Rechner läuft aber abgesehn davon relativ gut !

Alt 28.09.2012, 17:30   #9
semmel3
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



schritt 2 :

OTL-Text:

Code:
ATTFilter
OTL logfile created on: 28.09.2012 18:19:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Semmel3\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 78,79% Memory free
15,92 Gb Paging File | 14,01 Gb Available in Paging File | 88,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1432,80 Gb Free Space | 76,91% Space Free | Partition Type: NTFS
Drive D: | 4,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SEMMEL3-PC | User Name: Semmel3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Semmel3\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Semmel3\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Gizmo Central) -- C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KORGUMDS) -- C:\Windows\SysNative\drivers\KORGUM64.SYS (KORG INC.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (GizmoDrv) -- C:\Windows\SysNative\drivers\gizmodrv.sys (Arainia Solutions LLC)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 1E 10 43 96 49 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = hxxp://starwebsearch.com/index.php?from=4&q={searchTerms}
IE - HKCU\..\SearchScopes\{FCBEBBEA-AD82-4B47-8174-B91EEF715793}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.25 19:31:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 11:10:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.18 15:37:57 | 000,000,000 | ---D | M]
 
[2011.01.08 20:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Extensions
[2012.09.28 18:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions
[2011.04.19 16:00:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.15 19:17:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\ich@maltegoetz.de
[2011.08.28 13:19:22 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\youtube2mp3@mondayx.de.xpi
[2012.08.07 14:29:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.08.05 13:18:02 | 000,002,125 | ---- | M] () -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\searchplugins\GoogleFeed.xml
[2012.05.15 15:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.08 11:10:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.13 16:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 20:08:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 16:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 16:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 16:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 16:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Semmel3\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E8E9CFC-3CD5-464C-9C0A-C8674660156B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AACA96B-FDA6-4FD6-BE38-B7A3B95D772A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3E2BEF1-762D-4321-B489-A8635273DA18}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.06.27 00:29:39 | 000,000,022 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d7c2763a-816f-11e1-8180-20cf30bbd32d}\Shell - "" = AutoRun
O33 - MountPoints2\{d7c2763a-816f-11e1-8180-20cf30bbd32d}\Shell\AutoRun\command - "" = E:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.28 15:52:10 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\89412721.sys
[2012.09.28 15:36:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Semmel3\Desktop\aswMBR.exe
[2012.09.28 13:59:31 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.09.28 13:25:08 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\AppData\Roaming\Malwarebytes
[2012.09.28 13:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.28 13:24:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.28 13:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.28 13:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.26 12:35:22 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.22 14:24:30 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 14:24:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 14:24:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 14:24:29 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 14:24:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 14:24:29 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 14:24:29 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.20 16:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012.09.20 16:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012.09.20 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Guild Wars 2
[2012.09.12 13:04:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 13:04:02 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 13:04:01 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 13:04:01 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.08.30 10:26:35 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Games for Windows - LIVE Demos
[2012.08.30 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Spartan
[2012.08.30 03:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Wonderful End of the World Trial
[2012.08.30 02:55:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012.08.30 02:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012.08.30 02:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.28 18:19:15 | 001,541,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.28 18:19:15 | 000,669,456 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.28 18:19:15 | 000,628,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.28 18:19:15 | 000,137,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.28 18:19:15 | 000,112,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.28 18:14:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.28 18:14:26 | 2115,280,895 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.28 17:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.28 15:55:18 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 15:55:18 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 15:52:10 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\89412721.sys
[2012.09.28 15:50:18 | 000,000,512 | ---- | M] () -- C:\Users\Semmel3\Desktop\MBR.dat
[2012.09.28 15:36:56 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Semmel3\Desktop\aswMBR.exe
[2012.09.28 13:24:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.20 16:10:52 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.09.10 02:42:27 | 000,435,725 | ---- | M] () -- C:\Users\Semmel3\Desktop\sicherung arbeit.odt
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.28 15:50:18 | 000,000,512 | ---- | C] () -- C:\Users\Semmel3\Desktop\MBR.dat
[2012.09.28 13:24:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.20 16:10:52 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.09.10 02:41:34 | 000,435,725 | ---- | C] () -- C:\Users\Semmel3\Desktop\sicherung arbeit.odt
[2012.08.30 02:55:03 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.04.09 23:07:33 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2012.04.08 22:37:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.04.08 22:37:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.04.08 22:37:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.25 05:41:08 | 000,007,597 | ---- | C] () -- C:\Users\Semmel3\AppData\Local\Resmon.ResmonCfg
[2011.06.10 17:20:40 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.06.10 17:20:40 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011.01.19 12:07:17 | 000,000,095 | ---- | C] () -- C:\Users\Semmel3\AppData\Local\fusioncache.dat
[2011.01.18 08:15:22 | 001,540,406 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.18 08:12:35 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.18 08:12:33 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.18 08:12:31 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.01.17 18:45:14 | 000,000,600 | ---- | C] () -- C:\Users\Semmel3\AppData\Roaming\winscp.rnd
[2011.01.08 20:27:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.08 19:57:20 | 000,027,504 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.01.08 19:56:10 | 000,019,533 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.01.08 19:56:10 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

Extras: 

Code:
ATTFilter
OTL Extras logfile created on: 28.09.2012 18:19:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Semmel3\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 78,79% Memory free
15,92 Gb Paging File | 14,01 Gb Available in Paging File | 88,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1432,80 Gb Free Space | 76,91% Space Free | Partition Type: NTFS
Drive D: | 4,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SEMMEL3-PC | User Name: Semmel3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D89D08-76C7-437F-8061-2218A66A6BCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{04A5FF94-E827-48BF-B14E-F95B15AF5774}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0C5CA600-5847-4EAC-ACF2-AD51F93986D4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0ED68441-E2BB-412B-AE60-BB2C46B7EBEA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{168E2F66-B90D-45DE-8DCF-82F614CC0313}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{289483AB-06BD-41FA-85EB-DD4E326EF51A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{298CF00C-9ABA-4CE4-B648-A9EC39FB8E8E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2B79A649-7AD2-46C4-ABF5-D57EA3BBF4E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2EFDB6D1-8CE8-4853-BD7F-B3AA3ACF899F}" = lport=49168 | protocol=6 | dir=in | name=akamai netsession interface | 
"{2F44BCC5-BC13-4AAB-A782-E0F3A77620C3}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{442AB8F5-8D04-4252-A35D-38FE1A62473C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{48EB8F4D-37D4-458C-88DB-0B783695834D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D5DA65E-7F51-40BA-BE6B-955009B2EE4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{65097C6C-A337-40E0-9E08-4ECED3F820B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F62DFE7-4177-4C3E-92D5-78D239CDE950}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6FD666CF-C087-4D88-8E09-8121B7B39402}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{702D77F1-7D87-421D-97B8-28062361C9DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{75D71D67-CD46-4C0C-955F-A8DEFCF3452F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{87D3A8EF-A493-4720-827D-05332F152405}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8A2EDED2-4748-44D4-B6E4-49AAB74C0C5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8BA8EC31-8549-49D2-9409-21D110A9FE5C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9B429D87-9F66-4AB3-8D4B-8F072F0170B0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{9F95ED39-CBFE-4A70-AF92-7F3494A882CE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A6A19C95-0AF3-4A31-B4FA-326CEEB3B9D5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BB7D3CC5-F113-4EA9-BDCE-B50AEAC77845}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7A59223-BD9C-4A53-BF77-7DDC7DE6B14B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CA40648F-6BFE-4452-A214-9965DCBE0395}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D693F4FA-7A32-427D-8301-FBC4CB8D61C9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D6A69205-67ED-4E11-8C1D-87330448C510}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC1D6C78-CDF7-4A7E-8669-AE475B30D4A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DF50F3F9-B392-4CE5-8D8C-56012292325C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E03AC141-0602-421B-83E0-D5C1C390AC65}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FF266D2B-7CF5-48B6-89F3-DB6D162E94B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015E7DFA-E039-4FBE-AE12-1A8ED924A7D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mother99\counter-strike source\hl2.exe | 
"{01DCB31E-28CF-4F69-BE48-3A636FB95B97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{02DF55F6-A590-45F2-8FBA-D727A0849359}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforever.exe | 
"{17FE9864-EB12-4313-A356-54736DCB7CED}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{1F0B4EE5-998F-416A-9ABC-5860758BA037}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforeverlauncher.exe | 
"{21ACC931-BD3B-4235-B48B-846A65DAA4E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{261228B9-79B5-4D50-B3BF-2E803EF65CB3}" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"{28DF8BD9-2BF0-451D-9DB7-309ECEE92925}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2A0FB448-974D-4C13-BDD5-FE10BD88A5EA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{2C8CB090-7317-4F67-9951-2E7616A13B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"{2DEC89C9-F931-4504-9136-566581529314}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{2E6BC299-95C0-44C9-B0CF-1F13C1DB57B6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{32FC71EB-BC3E-495A-9914-AC3C1334FC02}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3327864F-7518-4BCC-81FE-A72C20BD5030}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{3371047D-8F44-4806-A723-AF4F9044C32C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{34001BB9-C9D4-441E-A3B1-69DBDAAF3B03}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{34F2F701-A54F-47E7-B80A-A66C043836FD}" = dir=out | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe | 
"{3DAC82E0-0CF2-4A6A-8655-1E4389680F2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{3DAF56D8-1C8B-4D5C-8343-C4522737B079}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{422C7F1F-642C-42CD-AD6C-BD950A8C3A43}" = dir=out | app=%programfiles% (x86)\ableton\live 8.0.1\program\live 8.0.1.exe | 
"{4569CEF6-0B7C-459D-8600-A1C307209F08}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4B5817BD-DC1C-401C-9260-C4EECD167806}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{4C0BA5C5-C186-424A-ABCE-4E668D1E4DEC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{55EBB7A0-751C-47DD-ABD6-AFB6055622FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{58F8A5AD-F819-4CBB-AC22-072E07CAFA70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C971D68-FEB1-4392-88AC-B1C774FDE96F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6330180B-4586-4FE0-A04E-17466155463B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{65C734C7-615E-4438-9CE9-C170BBC1585D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6757E155-B5E4-4748-AEFB-E96A6341304A}" = dir=out | app=%programfiles%\native instruments\reaktor 5\reaktor5.exe | 
"{6A51DDB3-9494-4140-A4D8-B27E816F2EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforeverlauncher.exe | 
"{6BD32769-3A93-43AA-A6D8-90BA0D2A286B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{6EBB6EE0-91F2-4680-AF9B-E0D8E885307E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{6F15A31A-9F99-4519-8302-C566723E23F4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7064779A-0ABE-4BC5-A4DD-04F020047003}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{728E728E-B6B9-47D7-9F27-D0373FD48326}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{73EF78C8-F550-41F3-B6BA-D20F94DA022C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{7B23F193-88A5-40CB-95C8-B65B43074179}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C1FD9F9-7C13-4F91-8639-1548BE5C5C82}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7D2F7435-9471-4FF3-A6CA-A1BD136AE8AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{7E1F5B54-AD24-433F-9F24-305AF53FF1A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7E96EF0E-EE3C-4E26-B7F4-8DDD8F650859}" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"{8113BE97-2ED9-42C0-9DD1-4A18ED10EC25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{82A02444-7EBD-4500-BECF-A588DA71F250}" = protocol=17 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"{845B7CFA-FD50-4BE3-8C1D-39FEAFEDC103}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | 
"{8C4CB877-771A-4CE7-AD9E-3E869B965DFD}" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"{8E330D6E-04C7-4510-B7CA-CC104731661E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F3AC6DE-ADD3-4FD2-9201-B12264B954F2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{8F78629F-4686-4631-8061-36F6B4933D46}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | 
"{9CA29403-EE7B-4D35-B5E6-7CC214B94BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{A4ADDAAE-C62E-4864-838F-F94363EEEFA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A6E4640D-431B-40E1-ABA2-44DEFA051E83}" = dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe | 
"{A7B133E6-9153-46EF-80CD-890E79743E4D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{A88E3071-9214-4E19-9EB9-EEC10C3EC0F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A8E15104-9B7A-4763-9FB7-3CB2E3D3D587}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{A8F14CDA-D3E0-49B8-B400-D1AA3FDCCECD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B229312B-FBF9-46CA-B9DA-197150D9093C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{B3469B3F-83C4-4394-B030-2B1D54BC533A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{B3F0851E-EB6A-4B58-B6B2-1E6C656B03B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B7C93736-8A85-4D43-8AAE-AABE4374C2D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDCAA190-6FEA-4EB0-9B25-CDFF8010CD75}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{C395F7AD-AF9D-47D0-9D79-D8196FD1DBF1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C4482D10-9D9B-4EF5-BEC2-6AE5B1837AE9}" = dir=in | app=%programfiles% (x86)\ableton\live 8.0.1\program\live 8.0.1.exe | 
"{C6518FB6-635E-44DC-BCF5-5C9B263FDB3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\lutziie\counter-strike source\hl2.exe | 
"{CDD7517F-7532-41F1-9CB9-9A82D31E201F}" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"{CF7E1DCD-33A8-4C1B-B6EA-0BA4957CE895}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mother99\counter-strike source\hl2.exe | 
"{D157192D-4512-47F0-BE76-229950D9DC46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\lutziie\counter-strike source\hl2.exe | 
"{D8708315-2EF8-4910-8859-F6E44A8F8B1E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{DDF15E72-F345-42EF-A491-9F26A3E9B315}" = protocol=6 | dir=out | app=system | 
"{E03FFC84-8678-4B4B-BE28-9B07B29393BF}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{E2E6AD6E-366F-469E-8882-F0BDA9E08627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E420B9D9-B609-4A31-8AFF-4A7294D513DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{E9D970F2-7628-4F20-A057-DC1A649AFD8D}" = dir=in | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe | 
"{EA636CA8-5B82-4E63-AF83-B67FC317B1FE}" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"{EE444846-1B82-443C-967B-37B21CD7041C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforever.exe | 
"{F3670743-85E8-41CD-8F81-12DF95937434}" = protocol=6 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"{F567067A-522A-436D-8D18-14AFFA54F38F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{F6550485-E251-4C51-8B1B-4F556F4D56E5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{F7979907-8D14-4549-B410-A52FEC061BFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FF0519E5-EFC7-4792-B708-3CDE278C5440}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"TCP Query User{06A4D315-D932-4EA5-8BCD-0F44D1F50DC7}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{0ABB63E0-BACF-4065-A686-EAC9A531BA0D}C:\users\semmel3\desktop\mw2\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.dat | 
"TCP Query User{0AECF25A-D03D-4166-8D08-6D5B723A9B62}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{25FE0EB9-6785-43BD-BE95-159190BC7892}C:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe | 
"TCP Query User{2A14BF8F-7052-4586-AF0E-6DECAA7A486A}C:\users\semmel3\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{310EC278-9CA6-463A-82BA-3A8D6F967EA6}C:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe | 
"TCP Query User{37F940C5-F7C0-40B2-A2A7-99E9EA6DB03A}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"TCP Query User{4314FCE3-2D1B-403D-9F12-3F6FAAB04564}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{4E26B57E-2DAB-49C0-9472-3B0428DA8F61}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"TCP Query User{74BEB245-C2B0-4475-AB16-9A7B135AB5AD}C:\program files (x86)\activision\modern warfare 2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mpold.exe | 
"TCP Query User{77C8A727-1195-4E3A-94C1-6741E3814BFC}C:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{7C695C05-029E-4092-8EF5-4775028636B5}C:\users\semmel3\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\temp\gw2.exe | 
"TCP Query User{956CDBDE-2F32-413B-87D4-7F99E011C527}C:\users\semmel3\desktop\mw2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.exe | 
"TCP Query User{AC551760-E41B-49A2-93B6-A3B7566C3BB9}C:\users\semmel3\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{B5D8E2AA-7FE2-485E-8BDC-F8A6571309E4}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"TCP Query User{BA266FE6-E0C4-482F-B7D6-DC9A96C39F8A}C:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe | 
"TCP Query User{C339BDCE-C350-4563-AE8F-59720E5248A3}C:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe" = protocol=6 | dir=in | app=c:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe | 
"TCP Query User{CF95CF45-BD46-4407-94DF-4084540069B6}C:\users\semmel3\desktop\mw2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mpold.exe | 
"TCP Query User{D11C0AD1-5038-4D67-B7C5-9EDFA41C041B}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"TCP Query User{D70AA586-AB0B-4074-BECF-EC4C3BB7E9F6}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"TCP Query User{DE121CE7-A433-4EFD-8D23-C2E0FA4E4DD4}C:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe | 
"TCP Query User{E5746666-6631-4E1A-8F59-79A75F2EB617}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"TCP Query User{F02F160F-6A38-4630-9EDD-DFDE21C23202}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{F3BE3F8F-D78B-492D-AE54-4369A91D68B1}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{FDD9264B-55AE-4207-A3A4-CAF460A15081}C:\program files (x86)\activision\modern warfare 2\iw4m.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4m.exe | 
"TCP Query User{FFB03BEC-5704-49E0-B8D5-C57C08130E2F}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{0077A4C1-42B2-4CEC-BB14-D99D8E8CABF9}C:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe | 
"UDP Query User{0096B6F4-1115-46D0-B347-B33C881EBE7C}C:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe | 
"UDP Query User{04816270-EF81-4A16-90D4-8D097BA3C543}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"UDP Query User{0A33625F-9A19-42D4-A492-BBB8F8D29CD3}C:\users\semmel3\desktop\mw2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mpold.exe | 
"UDP Query User{113A8EA1-7C69-4BDF-8F73-FFFB0CB7DF10}C:\program files (x86)\activision\modern warfare 2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mpold.exe | 
"UDP Query User{138C4001-8B85-4293-AB8F-41E7DC53173C}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{359FA801-D0D1-467F-95DB-BFD2F5C2B431}C:\users\semmel3\desktop\mw2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.exe | 
"UDP Query User{377B05DC-60E4-4FB4-9D51-8CED59B8A4E4}C:\users\semmel3\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{39C04FD3-5D52-4BC9-9F5B-1F5DBD83CA3C}C:\users\semmel3\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{3ECB84A6-8F05-47A5-A72D-377BE5D83AA8}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{3F68D25C-A7AD-41CF-8547-86FE540281AA}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{5DF9A99E-D1A6-456B-8155-EA045B186FE0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{6C5C2639-064F-4202-B1E9-EF2B35E9603B}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"UDP Query User{6DC76822-25EA-4A77-AC8A-C156CD5C731E}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"UDP Query User{7BFF630B-2153-48F7-A016-B291B43459A9}C:\users\semmel3\desktop\mw2\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.dat | 
"UDP Query User{7E4CF59E-761D-4295-8C9C-6207AC7841FD}C:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{8AE10A56-C960-46D6-90AE-8A8CE0D65179}C:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe | 
"UDP Query User{97EBEDCD-5D5D-45F6-94E5-4F790885BCDD}C:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe | 
"UDP Query User{A77EB67B-DB34-4015-B2B9-2710E32B51DF}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"UDP Query User{BF193D71-C053-4355-9DF3-532DB3F231FD}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"UDP Query User{CDDB15D7-486A-46DE-9520-6F53B9FC60BC}C:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe" = protocol=17 | dir=in | app=c:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe | 
"UDP Query User{CFD885F0-8527-40DA-944E-D74F61DC361A}C:\program files (x86)\activision\modern warfare 2\iw4m.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4m.exe | 
"UDP Query User{D5F2F23D-9464-4FA9-BD38-529125B8EFEC}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"UDP Query User{E0343B7F-BD3D-41A1-9414-0E6046224FE4}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{F4924D05-D9CC-4871-B0CF-D9867B235B68}C:\users\semmel3\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\temp\gw2.exe | 
"UDP Query User{F6B94F14-8759-4CC3-B8FC-DFD7A2AC1249}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E086923-AAA3-4F98-A6E2-48B64CE27553}" = Native Instruments Reaktor Factory Selection
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5941D535-34BF-BB6E-E52B-F464E4E955FF}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A2DDE39D-BA16-4DBB-9C96-A6703142DCF3}" = Native Instruments Komplete 7 Players
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0FC9E28-1CE6-4A40-BEF1-C6E6EDFCA070}" = Native Instruments Kontakt Factory Selection
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D7D6AA2C-DD2C-53F1-1F1D-5AC3CDE1B90C}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{04475621-9BF8-EF82-4691-1C8FD9D40FD2}" = CCC Help Polish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07A733AA-2D8C-1E0E-ED9B-B4CA59AE86B3}" = Catalyst Control Center
"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AADBEB8-3F11-7FB7-6DDC-EE2276C1A80E}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{2C3F42F5-935B-E64C-13D7-4369B0D66DE9}" = CCC Help Greek
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37CE847B-3279-1A39-CA09-FBF330B5EC97}" = CCC Help Czech
"{3C15E8E2-3463-584F-D4F8-D95878737EAB}" = CCC Help Norwegian
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{420500EA-4038-AADB-DD76-90D0311E5867}" = CCC Help Spanish
"{43403BCA-6051-A108-682C-5BABB69D3919}" = CCC Help Hungarian
"{441717E8-ADF5-4724-8B90-FA8DE7B73F91}" = KORG KAOSSILATOR PRO Editor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{549ECD2C-5ACD-0598-56E6-BF88F6B5CE9E}" = CCC Help Portuguese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BAD1D5F-157F-C4D7-05B8-7B2D08874DFA}" = CCC Help German
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{6E9484D8-F1F5-8737-3C35-C2ACB8BC9BF8}" = CCC Help Danish
"{6EB6BC61-0079-80B7-9AE8-A28E02F81E04}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DDE8F9-FAD1-4C64-84DF-DF287EAE6FAE}" = CCC Help Turkish
"{7C53D4FA-0F42-3B24-686B-2AB688C8B112}" = Catalyst Control Center Localization All
"{810AC1C1-CB19-45EA-B5C9-77B654F9CA07}" = TQ Defiler.NET
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{85F76CD3-92C2-6422-202C-ADC655E83940}" = CCC Help Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.POWERPOINT_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.POWERPOINT_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92E71E47-7BDE-2A10-A9C2-373DCAE4EEB9}" = CCC Help Chinese Traditional
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9693675A-7108-247D-A369-AF08C8E32CFD}" = CCC Help English
"{9971CC5F-9E89-6024-72CD-2F9B33305B7F}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E8426B6-0027-8C7E-9729-E86053D9A3D5}" = CCC Help Finnish
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B3CB5BA3-3E98-4E85-944E-B03D055F8450}" = KORG USB-MIDI Driver Tools for Windows
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B66F4972-5C17-90A5-95AB-0C4DAEFC92A4}" = CCC Help Korean
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{DB689397-D3C2-BD23-A83E-FCA68454F0FE}" = CCC Help Dutch
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EAD24F4A-8BB8-EAC5-A995-3D9A96DF3FA4}" = CCC Help French
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BC0231-25D6-B4BF-5D9E-633220A2C09A}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F501FACA-3AFB-FAC4-825D-F6D1343F0C69}" = Catalyst Control Center Graphics Previews Common
"{F7657E34-0046-9515-61D9-7AAFC84C4AC8}" = CCC Help Thai
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Akamai" = Akamai NetSession Interface Service
"ArtMoney SE_is1" = ArtMoney SE v7.35
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"DAEMON Tools Pro" = DAEMON Tools Pro
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup" = DivX-Setup
"Free Studio_is1" = Free Studio version 5.3.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"Gizmo Central" = Gizmo Central
"Guild Wars 2" = Guild Wars 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Live 8.2.2" = Live 8.2.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Komplete 7 Players" = Native Instruments Komplete 7 Players
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kontakt Factory Selection" = Native Instruments Kontakt Factory Selection
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Service Center" = Native Instruments Service Center
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.91
"Steam App 12840" = DiRT 2
"Steam App 240" = Counter-Strike: Source
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 7200" = TrackMania United
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"winscp3_is1" = WinSCP 4.2.9
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 21:29:23 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 29.08.2012 21:29:26 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 29.08.2012 21:29:28 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 30.08.2012 08:59:39 | Computer Name = Semmel3-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MiracleWOW.exe, Version: 1.0.0.25,
 Zeitstempel: 0x4feb47ba  Name des fehlerhaften Moduls: MiracleWOW.exe, Version: 1.0.0.25,
 Zeitstempel: 0x4feb47ba  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0011230e  ID des fehlerhaften
 Prozesses: 0x13dc  Startzeit der fehlerhaften Anwendung: 0x01cd86af48afecfa  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\World of Warcraft\MiracleWOW.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\World of Warcraft\MiracleWOW.exe
Berichtskennung:
 8e46102f-f2a2-11e1-9b7e-20cf30bbd32d
 
Error - 30.08.2012 20:49:42 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.0.4619 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ad4    Startzeit: 
01cd861145029f28    Endzeit: 24    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 be4eec46-f305-11e1-9b7e-20cf30bbd32d  
 
Error - 31.08.2012 11:45:42 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 10.09.2012 16:17:34 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e64    Startzeit: 
01cd8f528cec3d54    Endzeit: 28    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 8cbe742e-fb84-11e1-b400-20cf30bbd32d  
 
Error - 10.09.2012 21:13:43 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: a40    Startzeit: 
01cd8f9151442b30    Endzeit: 25    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 ec13e286-fbad-11e1-b400-20cf30bbd32d  
 
Error - 20.09.2012 11:40:15 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ff8    Startzeit: 
01cd973efe2a6a71    Endzeit: 22    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 77276dc8-0339-11e2-ba4e-20cf30bbd32d  
 
Error - 22.09.2012 08:23:39 | Computer Name = Semmel3-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: update.exe_Avira Free Antivirus, 
Version: 12.3.14.31, Zeitstempel: 0x4fe31944  Name des fehlerhaften Moduls: aepack.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x5050b518  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x037037d4  ID des fehlerhaften Prozesses: 0x13ec  Startzeit der fehlerhaften Anwendung:
 0x01cd98bca88de599  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir
 Desktop\update.exe  Pfad des fehlerhaften Moduls: aepack.dll  Berichtskennung: 56684367-04b0-11e2-b47c-20cf30bbd32d
 
[ System Events ]
Error - 23.09.2012 06:48:24 | Computer Name = Semmel3-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.101
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.09.2012 14:15:18 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 24.09.2012 15:42:35 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.09.2012 10:22:26 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27.09.2012 07:26:48 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 27.09.2012 07:26:48 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.09.2012 09:02:27 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 28.09.2012 10:33:04 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 28.09.2012 12:17:30 | Computer Name = Semmel3-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 28.09.2012 12:18:01 | Computer Name = Semmel3-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
 
< End of report >
         
< End of report >


Probleme gab es nur kleine wie Abstürze von Firefox oder Hänger . Hauptsächlich die Geschwindigkeit hat sich in letzter Zeit stark reduziert deswegen bin ich darauf gekommen ! Rechner läuft aber abgesehn davon relativ gut !

Alt 28.09.2012, 17:31   #10
semmel3
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



Sorry für die Doppel Post hängt mit mienem Firefox zusammen ... !


Extras:


Code:
ATTFilter
OTL Extras logfile created on: 28.09.2012 18:19:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Semmel3\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 78,79% Memory free
15,92 Gb Paging File | 14,01 Gb Available in Paging File | 88,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1432,80 Gb Free Space | 76,91% Space Free | Partition Type: NTFS
Drive D: | 4,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SEMMEL3-PC | User Name: Semmel3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D89D08-76C7-437F-8061-2218A66A6BCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{04A5FF94-E827-48BF-B14E-F95B15AF5774}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0C5CA600-5847-4EAC-ACF2-AD51F93986D4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0ED68441-E2BB-412B-AE60-BB2C46B7EBEA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{168E2F66-B90D-45DE-8DCF-82F614CC0313}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{289483AB-06BD-41FA-85EB-DD4E326EF51A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{298CF00C-9ABA-4CE4-B648-A9EC39FB8E8E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2B79A649-7AD2-46C4-ABF5-D57EA3BBF4E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2EFDB6D1-8CE8-4853-BD7F-B3AA3ACF899F}" = lport=49168 | protocol=6 | dir=in | name=akamai netsession interface | 
"{2F44BCC5-BC13-4AAB-A782-E0F3A77620C3}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{442AB8F5-8D04-4252-A35D-38FE1A62473C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{48EB8F4D-37D4-458C-88DB-0B783695834D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D5DA65E-7F51-40BA-BE6B-955009B2EE4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{65097C6C-A337-40E0-9E08-4ECED3F820B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F62DFE7-4177-4C3E-92D5-78D239CDE950}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6FD666CF-C087-4D88-8E09-8121B7B39402}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{702D77F1-7D87-421D-97B8-28062361C9DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{75D71D67-CD46-4C0C-955F-A8DEFCF3452F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{87D3A8EF-A493-4720-827D-05332F152405}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8A2EDED2-4748-44D4-B6E4-49AAB74C0C5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8BA8EC31-8549-49D2-9409-21D110A9FE5C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9B429D87-9F66-4AB3-8D4B-8F072F0170B0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{9F95ED39-CBFE-4A70-AF92-7F3494A882CE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A6A19C95-0AF3-4A31-B4FA-326CEEB3B9D5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BB7D3CC5-F113-4EA9-BDCE-B50AEAC77845}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7A59223-BD9C-4A53-BF77-7DDC7DE6B14B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CA40648F-6BFE-4452-A214-9965DCBE0395}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D693F4FA-7A32-427D-8301-FBC4CB8D61C9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D6A69205-67ED-4E11-8C1D-87330448C510}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC1D6C78-CDF7-4A7E-8669-AE475B30D4A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DF50F3F9-B392-4CE5-8D8C-56012292325C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E03AC141-0602-421B-83E0-D5C1C390AC65}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FF266D2B-7CF5-48B6-89F3-DB6D162E94B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015E7DFA-E039-4FBE-AE12-1A8ED924A7D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mother99\counter-strike source\hl2.exe | 
"{01DCB31E-28CF-4F69-BE48-3A636FB95B97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{02DF55F6-A590-45F2-8FBA-D727A0849359}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforever.exe | 
"{17FE9864-EB12-4313-A356-54736DCB7CED}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{1F0B4EE5-998F-416A-9ABC-5860758BA037}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforeverlauncher.exe | 
"{21ACC931-BD3B-4235-B48B-846A65DAA4E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{261228B9-79B5-4D50-B3BF-2E803EF65CB3}" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"{28DF8BD9-2BF0-451D-9DB7-309ECEE92925}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2A0FB448-974D-4C13-BDD5-FE10BD88A5EA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{2C8CB090-7317-4F67-9951-2E7616A13B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"{2DEC89C9-F931-4504-9136-566581529314}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{2E6BC299-95C0-44C9-B0CF-1F13C1DB57B6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{32FC71EB-BC3E-495A-9914-AC3C1334FC02}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3327864F-7518-4BCC-81FE-A72C20BD5030}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{3371047D-8F44-4806-A723-AF4F9044C32C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{34001BB9-C9D4-441E-A3B1-69DBDAAF3B03}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{34F2F701-A54F-47E7-B80A-A66C043836FD}" = dir=out | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe | 
"{3DAC82E0-0CF2-4A6A-8655-1E4389680F2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{3DAF56D8-1C8B-4D5C-8343-C4522737B079}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{422C7F1F-642C-42CD-AD6C-BD950A8C3A43}" = dir=out | app=%programfiles% (x86)\ableton\live 8.0.1\program\live 8.0.1.exe | 
"{4569CEF6-0B7C-459D-8600-A1C307209F08}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4B5817BD-DC1C-401C-9260-C4EECD167806}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{4C0BA5C5-C186-424A-ABCE-4E668D1E4DEC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{55EBB7A0-751C-47DD-ABD6-AFB6055622FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{58F8A5AD-F819-4CBB-AC22-072E07CAFA70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C971D68-FEB1-4392-88AC-B1C774FDE96F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6330180B-4586-4FE0-A04E-17466155463B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{65C734C7-615E-4438-9CE9-C170BBC1585D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6757E155-B5E4-4748-AEFB-E96A6341304A}" = dir=out | app=%programfiles%\native instruments\reaktor 5\reaktor5.exe | 
"{6A51DDB3-9494-4140-A4D8-B27E816F2EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforeverlauncher.exe | 
"{6BD32769-3A93-43AA-A6D8-90BA0D2A286B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{6EBB6EE0-91F2-4680-AF9B-E0D8E885307E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{6F15A31A-9F99-4519-8302-C566723E23F4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7064779A-0ABE-4BC5-A4DD-04F020047003}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{728E728E-B6B9-47D7-9F27-D0373FD48326}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{73EF78C8-F550-41F3-B6BA-D20F94DA022C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{7B23F193-88A5-40CB-95C8-B65B43074179}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C1FD9F9-7C13-4F91-8639-1548BE5C5C82}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7D2F7435-9471-4FF3-A6CA-A1BD136AE8AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{7E1F5B54-AD24-433F-9F24-305AF53FF1A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7E96EF0E-EE3C-4E26-B7F4-8DDD8F650859}" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"{8113BE97-2ED9-42C0-9DD1-4A18ED10EC25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{82A02444-7EBD-4500-BECF-A588DA71F250}" = protocol=17 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"{845B7CFA-FD50-4BE3-8C1D-39FEAFEDC103}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | 
"{8C4CB877-771A-4CE7-AD9E-3E869B965DFD}" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"{8E330D6E-04C7-4510-B7CA-CC104731661E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F3AC6DE-ADD3-4FD2-9201-B12264B954F2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{8F78629F-4686-4631-8061-36F6B4933D46}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | 
"{9CA29403-EE7B-4D35-B5E6-7CC214B94BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{A4ADDAAE-C62E-4864-838F-F94363EEEFA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A6E4640D-431B-40E1-ABA2-44DEFA051E83}" = dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe | 
"{A7B133E6-9153-46EF-80CD-890E79743E4D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{A88E3071-9214-4E19-9EB9-EEC10C3EC0F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A8E15104-9B7A-4763-9FB7-3CB2E3D3D587}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{A8F14CDA-D3E0-49B8-B400-D1AA3FDCCECD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B229312B-FBF9-46CA-B9DA-197150D9093C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{B3469B3F-83C4-4394-B030-2B1D54BC533A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{B3F0851E-EB6A-4B58-B6B2-1E6C656B03B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B7C93736-8A85-4D43-8AAE-AABE4374C2D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDCAA190-6FEA-4EB0-9B25-CDFF8010CD75}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{C395F7AD-AF9D-47D0-9D79-D8196FD1DBF1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C4482D10-9D9B-4EF5-BEC2-6AE5B1837AE9}" = dir=in | app=%programfiles% (x86)\ableton\live 8.0.1\program\live 8.0.1.exe | 
"{C6518FB6-635E-44DC-BCF5-5C9B263FDB3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\lutziie\counter-strike source\hl2.exe | 
"{CDD7517F-7532-41F1-9CB9-9A82D31E201F}" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"{CF7E1DCD-33A8-4C1B-B6EA-0BA4957CE895}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mother99\counter-strike source\hl2.exe | 
"{D157192D-4512-47F0-BE76-229950D9DC46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\lutziie\counter-strike source\hl2.exe | 
"{D8708315-2EF8-4910-8859-F6E44A8F8B1E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{DDF15E72-F345-42EF-A491-9F26A3E9B315}" = protocol=6 | dir=out | app=system | 
"{E03FFC84-8678-4B4B-BE28-9B07B29393BF}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{E2E6AD6E-366F-469E-8882-F0BDA9E08627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E420B9D9-B609-4A31-8AFF-4A7294D513DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{E9D970F2-7628-4F20-A057-DC1A649AFD8D}" = dir=in | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe | 
"{EA636CA8-5B82-4E63-AF83-B67FC317B1FE}" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"{EE444846-1B82-443C-967B-37B21CD7041C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforever.exe | 
"{F3670743-85E8-41CD-8F81-12DF95937434}" = protocol=6 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"{F567067A-522A-436D-8D18-14AFFA54F38F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{F6550485-E251-4C51-8B1B-4F556F4D56E5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{F7979907-8D14-4549-B410-A52FEC061BFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FF0519E5-EFC7-4792-B708-3CDE278C5440}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"TCP Query User{06A4D315-D932-4EA5-8BCD-0F44D1F50DC7}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{0ABB63E0-BACF-4065-A686-EAC9A531BA0D}C:\users\semmel3\desktop\mw2\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.dat | 
"TCP Query User{0AECF25A-D03D-4166-8D08-6D5B723A9B62}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{25FE0EB9-6785-43BD-BE95-159190BC7892}C:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe | 
"TCP Query User{2A14BF8F-7052-4586-AF0E-6DECAA7A486A}C:\users\semmel3\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{310EC278-9CA6-463A-82BA-3A8D6F967EA6}C:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe | 
"TCP Query User{37F940C5-F7C0-40B2-A2A7-99E9EA6DB03A}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"TCP Query User{4314FCE3-2D1B-403D-9F12-3F6FAAB04564}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{4E26B57E-2DAB-49C0-9472-3B0428DA8F61}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"TCP Query User{74BEB245-C2B0-4475-AB16-9A7B135AB5AD}C:\program files (x86)\activision\modern warfare 2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mpold.exe | 
"TCP Query User{77C8A727-1195-4E3A-94C1-6741E3814BFC}C:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{7C695C05-029E-4092-8EF5-4775028636B5}C:\users\semmel3\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\temp\gw2.exe | 
"TCP Query User{956CDBDE-2F32-413B-87D4-7F99E011C527}C:\users\semmel3\desktop\mw2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.exe | 
"TCP Query User{AC551760-E41B-49A2-93B6-A3B7566C3BB9}C:\users\semmel3\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{B5D8E2AA-7FE2-485E-8BDC-F8A6571309E4}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"TCP Query User{BA266FE6-E0C4-482F-B7D6-DC9A96C39F8A}C:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe | 
"TCP Query User{C339BDCE-C350-4563-AE8F-59720E5248A3}C:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe" = protocol=6 | dir=in | app=c:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe | 
"TCP Query User{CF95CF45-BD46-4407-94DF-4084540069B6}C:\users\semmel3\desktop\mw2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mpold.exe | 
"TCP Query User{D11C0AD1-5038-4D67-B7C5-9EDFA41C041B}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"TCP Query User{D70AA586-AB0B-4074-BECF-EC4C3BB7E9F6}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"TCP Query User{DE121CE7-A433-4EFD-8D23-C2E0FA4E4DD4}C:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe | 
"TCP Query User{E5746666-6631-4E1A-8F59-79A75F2EB617}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"TCP Query User{F02F160F-6A38-4630-9EDD-DFDE21C23202}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{F3BE3F8F-D78B-492D-AE54-4369A91D68B1}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{FDD9264B-55AE-4207-A3A4-CAF460A15081}C:\program files (x86)\activision\modern warfare 2\iw4m.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4m.exe | 
"TCP Query User{FFB03BEC-5704-49E0-B8D5-C57C08130E2F}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{0077A4C1-42B2-4CEC-BB14-D99D8E8CABF9}C:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe | 
"UDP Query User{0096B6F4-1115-46D0-B347-B33C881EBE7C}C:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe | 
"UDP Query User{04816270-EF81-4A16-90D4-8D097BA3C543}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"UDP Query User{0A33625F-9A19-42D4-A492-BBB8F8D29CD3}C:\users\semmel3\desktop\mw2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mpold.exe | 
"UDP Query User{113A8EA1-7C69-4BDF-8F73-FFFB0CB7DF10}C:\program files (x86)\activision\modern warfare 2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mpold.exe | 
"UDP Query User{138C4001-8B85-4293-AB8F-41E7DC53173C}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{359FA801-D0D1-467F-95DB-BFD2F5C2B431}C:\users\semmel3\desktop\mw2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.exe | 
"UDP Query User{377B05DC-60E4-4FB4-9D51-8CED59B8A4E4}C:\users\semmel3\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{39C04FD3-5D52-4BC9-9F5B-1F5DBD83CA3C}C:\users\semmel3\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{3ECB84A6-8F05-47A5-A72D-377BE5D83AA8}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{3F68D25C-A7AD-41CF-8547-86FE540281AA}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{5DF9A99E-D1A6-456B-8155-EA045B186FE0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{6C5C2639-064F-4202-B1E9-EF2B35E9603B}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"UDP Query User{6DC76822-25EA-4A77-AC8A-C156CD5C731E}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"UDP Query User{7BFF630B-2153-48F7-A016-B291B43459A9}C:\users\semmel3\desktop\mw2\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.dat | 
"UDP Query User{7E4CF59E-761D-4295-8C9C-6207AC7841FD}C:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{8AE10A56-C960-46D6-90AE-8A8CE0D65179}C:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe | 
"UDP Query User{97EBEDCD-5D5D-45F6-94E5-4F790885BCDD}C:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe | 
"UDP Query User{A77EB67B-DB34-4015-B2B9-2710E32B51DF}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"UDP Query User{BF193D71-C053-4355-9DF3-532DB3F231FD}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"UDP Query User{CDDB15D7-486A-46DE-9520-6F53B9FC60BC}C:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe" = protocol=17 | dir=in | app=c:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe | 
"UDP Query User{CFD885F0-8527-40DA-944E-D74F61DC361A}C:\program files (x86)\activision\modern warfare 2\iw4m.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4m.exe | 
"UDP Query User{D5F2F23D-9464-4FA9-BD38-529125B8EFEC}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"UDP Query User{E0343B7F-BD3D-41A1-9414-0E6046224FE4}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{F4924D05-D9CC-4871-B0CF-D9867B235B68}C:\users\semmel3\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\temp\gw2.exe | 
"UDP Query User{F6B94F14-8759-4CC3-B8FC-DFD7A2AC1249}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E086923-AAA3-4F98-A6E2-48B64CE27553}" = Native Instruments Reaktor Factory Selection
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5941D535-34BF-BB6E-E52B-F464E4E955FF}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A2DDE39D-BA16-4DBB-9C96-A6703142DCF3}" = Native Instruments Komplete 7 Players
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0FC9E28-1CE6-4A40-BEF1-C6E6EDFCA070}" = Native Instruments Kontakt Factory Selection
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D7D6AA2C-DD2C-53F1-1F1D-5AC3CDE1B90C}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{04475621-9BF8-EF82-4691-1C8FD9D40FD2}" = CCC Help Polish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07A733AA-2D8C-1E0E-ED9B-B4CA59AE86B3}" = Catalyst Control Center
"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AADBEB8-3F11-7FB7-6DDC-EE2276C1A80E}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{2C3F42F5-935B-E64C-13D7-4369B0D66DE9}" = CCC Help Greek
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37CE847B-3279-1A39-CA09-FBF330B5EC97}" = CCC Help Czech
"{3C15E8E2-3463-584F-D4F8-D95878737EAB}" = CCC Help Norwegian
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{420500EA-4038-AADB-DD76-90D0311E5867}" = CCC Help Spanish
"{43403BCA-6051-A108-682C-5BABB69D3919}" = CCC Help Hungarian
"{441717E8-ADF5-4724-8B90-FA8DE7B73F91}" = KORG KAOSSILATOR PRO Editor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{549ECD2C-5ACD-0598-56E6-BF88F6B5CE9E}" = CCC Help Portuguese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BAD1D5F-157F-C4D7-05B8-7B2D08874DFA}" = CCC Help German
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{6E9484D8-F1F5-8737-3C35-C2ACB8BC9BF8}" = CCC Help Danish
"{6EB6BC61-0079-80B7-9AE8-A28E02F81E04}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DDE8F9-FAD1-4C64-84DF-DF287EAE6FAE}" = CCC Help Turkish
"{7C53D4FA-0F42-3B24-686B-2AB688C8B112}" = Catalyst Control Center Localization All
"{810AC1C1-CB19-45EA-B5C9-77B654F9CA07}" = TQ Defiler.NET
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{85F76CD3-92C2-6422-202C-ADC655E83940}" = CCC Help Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.POWERPOINT_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.POWERPOINT_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92E71E47-7BDE-2A10-A9C2-373DCAE4EEB9}" = CCC Help Chinese Traditional
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9693675A-7108-247D-A369-AF08C8E32CFD}" = CCC Help English
"{9971CC5F-9E89-6024-72CD-2F9B33305B7F}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E8426B6-0027-8C7E-9729-E86053D9A3D5}" = CCC Help Finnish
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B3CB5BA3-3E98-4E85-944E-B03D055F8450}" = KORG USB-MIDI Driver Tools for Windows
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B66F4972-5C17-90A5-95AB-0C4DAEFC92A4}" = CCC Help Korean
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{DB689397-D3C2-BD23-A83E-FCA68454F0FE}" = CCC Help Dutch
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EAD24F4A-8BB8-EAC5-A995-3D9A96DF3FA4}" = CCC Help French
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BC0231-25D6-B4BF-5D9E-633220A2C09A}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F501FACA-3AFB-FAC4-825D-F6D1343F0C69}" = Catalyst Control Center Graphics Previews Common
"{F7657E34-0046-9515-61D9-7AAFC84C4AC8}" = CCC Help Thai
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Akamai" = Akamai NetSession Interface Service
"ArtMoney SE_is1" = ArtMoney SE v7.35
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"DAEMON Tools Pro" = DAEMON Tools Pro
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup" = DivX-Setup
"Free Studio_is1" = Free Studio version 5.3.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"Gizmo Central" = Gizmo Central
"Guild Wars 2" = Guild Wars 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Live 8.2.2" = Live 8.2.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Komplete 7 Players" = Native Instruments Komplete 7 Players
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kontakt Factory Selection" = Native Instruments Kontakt Factory Selection
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Service Center" = Native Instruments Service Center
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.91
"Steam App 12840" = DiRT 2
"Steam App 240" = Counter-Strike: Source
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 7200" = TrackMania United
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"winscp3_is1" = WinSCP 4.2.9
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 21:29:23 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 29.08.2012 21:29:26 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 29.08.2012 21:29:28 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 30.08.2012 08:59:39 | Computer Name = Semmel3-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MiracleWOW.exe, Version: 1.0.0.25,
 Zeitstempel: 0x4feb47ba  Name des fehlerhaften Moduls: MiracleWOW.exe, Version: 1.0.0.25,
 Zeitstempel: 0x4feb47ba  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0011230e  ID des fehlerhaften
 Prozesses: 0x13dc  Startzeit der fehlerhaften Anwendung: 0x01cd86af48afecfa  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\World of Warcraft\MiracleWOW.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\World of Warcraft\MiracleWOW.exe
Berichtskennung:
 8e46102f-f2a2-11e1-9b7e-20cf30bbd32d
 
Error - 30.08.2012 20:49:42 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.0.4619 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ad4    Startzeit: 
01cd861145029f28    Endzeit: 24    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 be4eec46-f305-11e1-9b7e-20cf30bbd32d  
 
Error - 31.08.2012 11:45:42 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 10.09.2012 16:17:34 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e64    Startzeit: 
01cd8f528cec3d54    Endzeit: 28    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 8cbe742e-fb84-11e1-b400-20cf30bbd32d  
 
Error - 10.09.2012 21:13:43 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: a40    Startzeit: 
01cd8f9151442b30    Endzeit: 25    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 ec13e286-fbad-11e1-b400-20cf30bbd32d  
 
Error - 20.09.2012 11:40:15 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ff8    Startzeit: 
01cd973efe2a6a71    Endzeit: 22    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 77276dc8-0339-11e2-ba4e-20cf30bbd32d  
 
Error - 22.09.2012 08:23:39 | Computer Name = Semmel3-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: update.exe_Avira Free Antivirus, 
Version: 12.3.14.31, Zeitstempel: 0x4fe31944  Name des fehlerhaften Moduls: aepack.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x5050b518  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x037037d4  ID des fehlerhaften Prozesses: 0x13ec  Startzeit der fehlerhaften Anwendung:
 0x01cd98bca88de599  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir
 Desktop\update.exe  Pfad des fehlerhaften Moduls: aepack.dll  Berichtskennung: 56684367-04b0-11e2-b47c-20cf30bbd32d
 
[ System Events ]
Error - 23.09.2012 06:48:24 | Computer Name = Semmel3-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.101
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.09.2012 14:15:18 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 24.09.2012 15:42:35 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.09.2012 10:22:26 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27.09.2012 07:26:48 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 27.09.2012 07:26:48 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.09.2012 09:02:27 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 28.09.2012 10:33:04 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description = 
 
Error - 28.09.2012 12:17:30 | Computer Name = Semmel3-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 28.09.2012 12:18:01 | Computer Name = Semmel3-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
 
< End of report >
         

Alt 28.09.2012, 18:51   #11
M-K-D-B
/// TB-Ausbilder
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



Servus,



Schritt 1
  • Folge folgendem Pfad: Start -> Systemsteuerung -> Programme deinstallieren
  • Suche in der Liste Software mit dem folgenden Namen
    • uTorrent
    und deinstalliere das Programm.
  • Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.





Schritt 2
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = hxxp://starwebsearch.com/index.php?from=4&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3

:commands
[Emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 3
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 4

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET.

Alt 30.09.2012, 14:36   #12
semmel3
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



Schritt 2 :

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3 removed from extensions.enabledItems
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Semmel3
->Temp folder emptied: 1280842942 bytes
->Temporary Internet Files folder emptied: 167635482 bytes
->Java cache emptied: 3498251 bytes
->FireFox cache emptied: 71068862 bytes
->Flash cache emptied: 159537 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1677002 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85029 bytes
RecycleBin emptied: 25186809184 bytes
 
Total Files Cleaned = 25.474,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09302012_124054

Files\Folders moved on Reboot...
C:\Users\Semmel3\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Schritt 3 :

es wurden keine infizierten Objekte gefunden

Code:
ATTFilter
gMalwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Semmel3 :: SEMMEL3-PC [Administrator]

30.09.2012 12:46:55
mbam-log-2012-09-30 (12-46-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201129
Laufzeit: 2 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Schritt 4 :

Code:
ATTFilter
C:\Users\Semmel3\AppData\Roaming\BrowserCompanion\tbhcn.exe	Win32/BrowserCompanion application
C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe	a variant of Win32/SoftonicDownloader.E application
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_operation7.exe	Win32/SoftonicDownloader application
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_photoscape.exe	a variant of Win32/SoftonicDownloader.D application
C:\Users\Semmel3\Downloads\YouTubeDownloaderSetup33.exe	a variant of Win32/Toolbar.Widgi application
         

So sieht ja schon ganz gut aus !

Alt 30.09.2012, 18:37   #13
M-K-D-B
/// TB-Ausbilder
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



Servus,


Lass die Finger von Softonic. Damit handelst du dir nämlich nur lauter Müll ein (wie aktuell z. B.).

Bald haben wir es geschafft.



Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:files
C:\Users\Semmel3\AppData\Roaming\BrowserCompanion
C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_operation7.exe
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_photoscape.exe
C:\Users\Semmel3\Downloads\YouTubeDownloaderSetup33.exe
         
:Commands
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des OTL-Fix,
  • die Logdatei von SecurityCheck.

Alt 01.10.2012, 06:55   #14
semmel3
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



Ok alles kla Softonic wird nie mehr verwendet

Code:
ATTFilter
All processes killed
========== FILES ==========
C:\Users\Semmel3\AppData\Roaming\BrowserCompanion folder moved successfully.
C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe moved successfully.
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_operation7.exe moved successfully.
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_photoscape.exe moved successfully.
C:\Users\Semmel3\Downloads\YouTubeDownloaderSetup33.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Semmel3
->Temp folder emptied: 37191774 bytes
->Temporary Internet Files folder emptied: 268219 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 538119257 bytes
->Flash cache emptied: 1849 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 549,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10012012_074148

Files\Folders moved on Reboot...
C:\Users\Semmel3\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
und das 2te:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.51  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 8 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.65.0.1400  
 Java(TM) 6 Update 29  
 Java version out of Date! 
 Adobe Flash Player 11.4.402.265  
 Adobe Reader X 10.1.1 Adobe Reader out of Date!  
 Mozilla Firefox (15.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Vielen Dank für die ganzen Bemühungen !!

Alt 01.10.2012, 16:09   #15
M-K-D-B
/// TB-Ausbilder
 
Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Standard

Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?



Servus,



Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.



Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.





Schritt 2
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 3
Ich würde dir empfehlen, 1 mal pro Woche auch mit diesem Scanner dein System zu prüfen.
Möchtest Du ESET denoch deinstallieren,
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
         
und drücke OK.





Schritt 4
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:commands
[Clearallrestorepoints]
[Reboot]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 5
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.





Schritt 6
Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.





Schritt 7
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich diesen Thread aus meinen Abos löschen kann.

Antwort

Themen zu Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?
7-zip, administrator, adware.skymedia, anti-malware, autostart, battle.net, black, browser, datei, dateien, document, explorer, files, forum, gen, google, helper, infizierte, install, install.exe, log-datei, malwarebytes, microsoft, nichts, office, plug-in, probleme, pub.blappers, revo uninstaller, richtlinie, service, software, speicher, systemstart, tbhcn.exe, thbcn, trojan.hoaxsms, uninstall.exe, unlock, vdeck.exe, version



Ähnliche Themen: Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?


  1. 4 infizierte Datein gefunden
    Log-Analyse und Auswertung - 27.01.2015 (37)
  2. Full Scan Malwarebytes Anti-Malware findet 2 infizierte Datein
    Log-Analyse und Auswertung - 04.10.2013 (1)
  3. datein von busa
    Mülltonne - 21.05.2013 (8)
  4. BSI Trojaner februar 2013, datein verschlüsselt mögliche rettung der Datein
    Log-Analyse und Auswertung - 25.02.2013 (9)
  5. Malwarebytes Anti-Malware 10 infizierte Datein
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (5)
  6. (thbcn.exe) Computer hängt sich dauernt auf.
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (39)
  7. Datein wiederherstellen
    Log-Analyse und Auswertung - 13.06.2012 (1)
  8. Noch 30 infizierte Datein/Programme auf PC inkl: Keylogger und Verschlüsselungstrojaner
    Mülltonne - 11.06.2012 (1)
  9. PDF Datein öffnen?
    Netzwerk und Hardware - 19.07.2011 (3)
  10. MSN Verschickt *****.com.zip datein
    Log-Analyse und Auswertung - 16.10.2007 (5)
  11. Datein umbennen
    Alles rund um Windows - 02.02.2007 (3)
  12. Verzögerter Systemstart durch Ausführung kryptischer Datein
    Plagegeister aller Art und deren Bekämpfung - 10.12.2006 (7)
  13. 309 infizierte datein! NetSky.P & Alcra.B
    Plagegeister aller Art und deren Bekämpfung - 27.10.2005 (1)
  14. habe 2 infizierte Datein
    Plagegeister aller Art und deren Bekämpfung - 04.04.2005 (4)
  15. temp Datein
    Alles rund um Windows - 01.02.2005 (2)
  16. Mein Log !!! Verdacht auf infizierte Datein !!
    Log-Analyse und Auswertung - 27.01.2005 (6)
  17. Win Datein fehlen
    Alles rund um Windows - 01.09.2004 (3)

Zum Thema Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? - Ich war abei meinen Systemstart malwieder in ordnung zu bringen und stoß auf eine datei namens thbcn womit ich nichts anfangen konnte. Ich hab daraufhin versucht mich in google schlau - Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?...
Archiv
Du betrachtest: Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.