Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: svchost.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 10.10.2012, 13:16   #1
Wolfizero
 
svchost.exe - Standard

svchost.exe



Hey,
seit ein paar Tagen bekomme ich vom Malewarebytes Anti-Malware Echtzeitscanner die Meldung, dass irgendein bösartiger Prozess von Svchost.exe ausgeht und gestoppt wurde. System-Scan schlägt nichts an, aber die Meldung kommt trotzdem gelegentlich. Meistens wenn ich surfe (Facebook, Youtube etc.).

Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wolfi :: PC-WOLFI [Administrator]

Schutz: Aktiviert

10.10.2012 12:23:23
mbam-log-2012-10-10 (12-23-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 635670
Laufzeit: 1 Stunde(n), 35 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und OTL

Code:
ATTFilter
OTL logfile created on: 10.10.2012 14:03:58 - Run 3
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Wolfi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 44,18% Memory free
12,00 Gb Paging File | 8,68 Gb Available in Paging File | 72,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345,48 Gb Total Space | 221,96 Gb Free Space | 64,25% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 84,73 Gb Free Space | 14,46% Space Free | Partition Type: NTFS
 
Computer Name: PC-WOLFI | User Name: Wolfi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Steam\Steam.exe (Valve Corporation)
PRC - C:\Users\Wolfi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Wolfi\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Wolfi\AppData\Local\Temp\sfareca00001.dll ()
MOD - D:\Steam\bin\libcef.dll ()
MOD - D:\Steam\bin\chromehtml.dll ()
MOD - D:\Steam\bin\avutil-51.dll ()
MOD - D:\Steam\bin\avformat-53.dll ()
MOD - D:\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 93 76 FE 44 F3 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.5.0522
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.0.16
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.0
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.enabled: true
FF - prefs.js..keyword.URL: "about:neterror?e=query&u="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "about:neterror?e=query&u="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.27 13:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:58:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.25 00:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Extensions
[2012.09.26 00:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions
[2012.02.25 16:25:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.09.16 16:16:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.25 16:25:01 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.09.26 00:38:18 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\FasterFox_Lite@BigRedBrent
[2012.09.14 11:09:46 | 000,001,632 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\tlymn0wr.default\searchplugins\firefox-add-ons.xml
[2012.09.07 23:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 23:58:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.07 23:58:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.07.11 13:38:29 | 000,135,156 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
[2012.02.25 01:26:08 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.09.04 21:36:27 | 000,009,644 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\PRINTPDF@PAVLOV.NET.XPI
[2012.09.07 23:58:22 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.18 01:12:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 16:19:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 01:12:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 01:12:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 01:12:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 01:12:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83FB607F-B364-4818-A562-3B56328C8DD9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\Shell - "" = AutoRun
O33 - MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\Shell - "" = AutoRun
O33 - MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.09 13:59:35 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012.10.09 13:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012.10.09 13:48:04 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\Documents\Adobe
[2012.09.18 11:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTL Faster Than Light
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 13:45:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.10 10:39:23 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 10:39:23 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 10:36:02 | 001,612,992 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.10 10:36:02 | 000,696,746 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.10 10:36:02 | 000,652,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.10 10:36:02 | 000,148,042 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.10 10:36:02 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.10 10:30:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 10:30:52 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 23:50:22 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.09 23:50:22 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.09 23:50:22 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.09 14:27:59 | 000,000,201 | ---- | M] () -- C:\Users\Wolfi\Desktop\Saints Row The Third.url
[2012.10.02 23:21:46 | 000,000,200 | ---- | M] () -- C:\Users\Wolfi\Desktop\Source Filmmaker.url
[2012.09.18 11:57:48 | 000,000,508 | ---- | M] () -- C:\Users\Public\Desktop\FTL.lnk
[2012.09.13 18:09:57 | 000,000,201 | ---- | M] () -- C:\Users\Wolfi\Desktop\Red Faction Armageddon.url
[2012.09.12 14:57:15 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.09 14:27:59 | 000,000,201 | ---- | C] () -- C:\Users\Wolfi\Desktop\Saints Row The Third.url
[2012.10.02 23:21:46 | 000,000,200 | ---- | C] () -- C:\Users\Wolfi\Desktop\Source Filmmaker.url
[2012.09.18 11:57:48 | 000,000,508 | ---- | C] () -- C:\Users\Public\Desktop\FTL.lnk
[2012.09.13 18:09:57 | 000,000,201 | ---- | C] () -- C:\Users\Wolfi\Desktop\Red Faction Armageddon.url
[2012.08.02 06:13:15 | 000,003,676 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\Sys2657a.DLL
[2012.06.11 12:30:08 | 000,000,244 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.24 00:36:20 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.03.24 00:36:20 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.03.15 06:22:18 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.02 06:56:25 | 001,589,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.01 04:41:52 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.01 04:41:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.25 17:40:48 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.02.25 17:39:13 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.02.25 01:28:43 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.02.25 01:28:43 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.02.25 01:28:23 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.07.03 01:28:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.minecraft
[2012.10.08 19:50:52 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.techniclauncher
[2012.04.11 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Atari
[2012.08.10 01:47:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Audacity
[2012.04.11 14:05:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Canon
[2012.03.30 14:30:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.09.27 02:43:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ICQ
[2012.07.16 00:07:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ImgBurn
[2012.05.12 21:11:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Imperium Romanum
[2012.05.30 15:50:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Kalypso Media
[2012.04.11 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Leadertech
[2012.04.13 23:46:29 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Lionhead Studios
[2012.03.08 09:04:32 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\LolClient
[2012.08.10 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Origin
[2012.05.18 00:40:35 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\runic games
[2012.05.03 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Telefónica
[2012.05.03 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TGCMLog
[2012.06.23 13:33:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\The Creative Assembly
[2012.02.25 03:38:26 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Thunderbird
[2012.08.02 06:41:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TippKönigin Demo
[2012.08.21 16:50:57 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Tropico 4
[2012.02.26 18:51:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Ubisoft
[2012.09.30 17:48:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.02.25 15:45:19 | 000,097,089 | ---- | C] ()(C:\Users\Wolfi\Documents\?? ???????.docx) -- C:\Users\Wolfi\Documents\На главную.docx
[2009.03.06 02:54:38 | 000,097,089 | ---- | M] ()(C:\Users\Wolfi\Documents\?? ???????.docx) -- C:\Users\Wolfi\Documents\На главную.docx

< End of report >
         

Alt 10.10.2012, 16:23   #2
kira
/// Helfer-Team
 
svchost.exe - Standard

svchost.exe



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Hilfeleistung - geplante Vorgehensweise:
  • Problemsuche
  • Problembeseitigung/Systembereinigung
  • Verwendete Programme deinstallieren/entfernen
  • Thema abschließen: Tipps zur Computersicherheit

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

3.
Lade dir von hier -> HijackThis herunter
Keine offenen Fenster, solang bis HijackThis läuft!!-> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile "markieren" -> "kopieren"-> hier in deinem Thread (rechte Maustaste) "einfügen"
► Vista und Win7 - Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira
__________________

__________________

Alt 10.10.2012, 18:48   #3
Wolfizero
 
svchost.exe - Standard

svchost.exe



Hey,
schon mal danke für deine Aufmerksamkeit Hier die verschiedenen Logs:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 10.10.2012 19:29:36 - Run 4
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Wolfi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,22 Gb Available Physical Memory | 53,61% Memory free
12,00 Gb Paging File | 9,30 Gb Available in Paging File | 77,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345,48 Gb Total Space | 221,96 Gb Free Space | 64,25% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 84,56 Gb Free Space | 14,43% Space Free | Partition Type: NTFS
 
Computer Name: PC-WOLFI | User Name: Wolfi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.04 02:34:22 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.09.07 23:58:22 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.08 11:48:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.08.04 15:42:36 | 001,353,080 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2012.07.30 14:12:20 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfi\Desktop\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.09 09:25:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 09:25:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.01 04:56:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.03 10:29:04 | 004,657,048 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2011.03.15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.10 10:53:07 | 000,192,512 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.10.10 10:53:07 | 000,172,032 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\sfareca00001.dll
MOD - [2012.10.04 02:34:20 | 020,317,008 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2012.10.04 02:34:18 | 000,902,480 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2012.10.04 02:34:16 | 000,123,232 | ---- | M] () -- D:\Steam\bin\avutil-51.dll
MOD - [2012.10.04 02:34:14 | 000,190,816 | ---- | M] () -- D:\Steam\bin\avformat-53.dll
MOD - [2012.10.04 02:34:12 | 001,099,616 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll
MOD - [2012.09.07 23:58:21 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.10.09 15:46:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.04 02:34:22 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.07 23:58:22 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.09 09:25:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 09:25:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.01 04:56:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.02.25 01:29:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Disabled | Stopped] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.22 10:54:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.05.22 10:54:20 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.05.09 09:25:16 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 09:25:16 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.05.05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.05.05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.05.05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.05.05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.05.05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010.05.05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010.04.09 09:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.04.07 11:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.03.25 04:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.03.20 05:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009.11.20 15:26:50 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 93 76 FE 44 F3 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.5.0522
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.0.16
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.0
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.enabled: true
FF - prefs.js..keyword.URL: "about:neterror?e=query&u="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "about:neterror?e=query&u="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.27 13:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:58:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.25 00:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Extensions
[2012.09.26 00:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions
[2012.02.25 16:25:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.09.16 16:16:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.25 16:25:01 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.09.26 00:38:18 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\FasterFox_Lite@BigRedBrent
[2012.09.14 11:09:46 | 000,001,632 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\tlymn0wr.default\searchplugins\firefox-add-ons.xml
[2012.09.07 23:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 23:58:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.07 23:58:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.07.11 13:38:29 | 000,135,156 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
[2012.02.25 01:26:08 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.09.04 21:36:27 | 000,009,644 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\PRINTPDF@PAVLOV.NET.XPI
[2012.09.07 23:58:22 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.18 01:12:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 16:19:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 01:12:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 01:12:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 01:12:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 01:12:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83FB607F-B364-4818-A562-3B56328C8DD9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\Shell - "" = AutoRun
O33 - MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\Shell - "" = AutoRun
O33 - MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.09 13:59:35 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012.10.09 13:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012.10.09 13:48:04 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\Documents\Adobe
[2012.09.26 13:56:13 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.22 20:23:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 20:23:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 20:23:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 20:23:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 20:23:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 20:23:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 20:23:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 20:23:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 20:23:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 20:23:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 20:23:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 20:23:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 20:23:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 20:23:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 20:23:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.18 11:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTL Faster Than Light
[2012.09.12 19:13:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 19:13:02 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 19:13:01 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 19:13:01 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 18:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.10 10:39:23 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 10:39:23 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 10:36:02 | 001,612,992 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.10 10:36:02 | 000,696,746 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.10 10:36:02 | 000,652,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.10 10:36:02 | 000,148,042 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.10 10:36:02 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.10 10:30:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 10:30:52 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 23:50:22 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.09 23:50:22 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.09 23:50:22 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.09 15:46:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 15:46:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 14:27:59 | 000,000,201 | ---- | M] () -- C:\Users\Wolfi\Desktop\Saints Row The Third.url
[2012.10.02 23:21:46 | 000,000,200 | ---- | M] () -- C:\Users\Wolfi\Desktop\Source Filmmaker.url
[2012.09.18 11:57:48 | 000,000,508 | ---- | M] () -- C:\Users\Public\Desktop\FTL.lnk
[2012.09.13 18:09:57 | 000,000,201 | ---- | M] () -- C:\Users\Wolfi\Desktop\Red Faction Armageddon.url
[2012.09.12 14:57:15 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.09 14:27:59 | 000,000,201 | ---- | C] () -- C:\Users\Wolfi\Desktop\Saints Row The Third.url
[2012.10.02 23:21:46 | 000,000,200 | ---- | C] () -- C:\Users\Wolfi\Desktop\Source Filmmaker.url
[2012.09.18 11:57:48 | 000,000,508 | ---- | C] () -- C:\Users\Public\Desktop\FTL.lnk
[2012.09.13 18:09:57 | 000,000,201 | ---- | C] () -- C:\Users\Wolfi\Desktop\Red Faction Armageddon.url
[2012.08.02 06:13:15 | 000,003,676 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\Sys2657a.DLL
[2012.06.11 12:30:08 | 000,000,244 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.24 00:36:20 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.03.24 00:36:20 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.03.15 06:22:18 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.02 06:56:25 | 001,589,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.01 04:41:52 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.01 04:41:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.25 17:40:48 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.02.25 17:39:13 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.02.25 01:28:43 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.02.25 01:28:43 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.02.25 01:28:23 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.07.03 01:28:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.minecraft
[2012.10.08 19:50:52 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.techniclauncher
[2012.04.11 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Atari
[2012.08.10 01:47:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Audacity
[2012.04.11 14:05:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Canon
[2012.03.30 14:30:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.09.27 02:43:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ICQ
[2012.07.16 00:07:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ImgBurn
[2012.05.12 21:11:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Imperium Romanum
[2012.05.30 15:50:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Kalypso Media
[2012.04.11 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Leadertech
[2012.04.13 23:46:29 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Lionhead Studios
[2012.03.08 09:04:32 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\LolClient
[2012.08.10 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Origin
[2012.05.18 00:40:35 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\runic games
[2012.05.03 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Telefónica
[2012.05.03 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TGCMLog
[2012.06.23 13:33:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\The Creative Assembly
[2012.02.25 03:38:26 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Thunderbird
[2012.08.02 06:41:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TippKönigin Demo
[2012.08.21 16:50:57 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Tropico 4
[2012.02.26 18:51:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Ubisoft
[2012.09.30 17:48:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.02.25 15:45:19 | 000,097,089 | ---- | C] ()(C:\Users\Wolfi\Documents\?? ???????.docx) -- C:\Users\Wolfi\Documents\На главную.docx
[2009.03.06 02:54:38 | 000,097,089 | ---- | M] ()(C:\Users\Wolfi\Documents\?? ???????.docx) -- C:\Users\Wolfi\Documents\На главную.docx

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 10.10.2012 19:29:36 - Run 4
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Wolfi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,22 Gb Available Physical Memory | 53,61% Memory free
12,00 Gb Paging File | 9,30 Gb Available in Paging File | 77,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345,48 Gb Total Space | 221,96 Gb Free Space | 64,25% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 84,56 Gb Free Space | 14,43% Space Free | Partition Type: NTFS
 
Computer Name: PC-WOLFI | User Name: Wolfi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Adobe Flash CS\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Adobe Flash CS\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E6B76D-9920-4099-8EB6-21BA098CE229}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0849B073-4931-4061-90FE-2FD5C01540A8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{13E75419-112E-467B-8332-58DDE22B9F08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1ACF9A4E-A14E-44D4-A7B5-E43B60FBAD7F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2AE49884-A2B8-463F-A053-4500E93E061C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2FD9B2BB-2ECA-46D9-8AF1-FEACE2E9E5A8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4A1110FC-7091-4C22-AB92-569614FFD916}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5D4B17C0-F83C-4188-9BAB-886B619CD427}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{61E458DA-A81B-4395-8776-176B482C1333}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6F09D18F-EE6F-488D-903F-96B2B4CF246E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{71F2E870-4567-4D0D-BDDD-2D8A82C81295}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{74162BF3-E4F1-418B-89E4-3E2FFD6CD071}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8224D1B4-4F2E-4DA7-A720-C705D771EEBD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86998370-E2F8-4754-9DC1-37260A552024}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8844FD62-688D-4EE1-9289-069D5DB713AE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9F63BAD5-9B40-4187-9F99-A6254BFF5EDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0F94210-213A-46EE-AC58-A84E6342386E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A927111E-BBD9-4745-BEDA-1E1F5172BCEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AC7B52D5-24B5-43CB-82DA-F02581764AC8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B16D0FBF-93B6-4307-B1E7-953AFE60F47C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B26B1853-CEB0-4658-9498-8CC3C53FB851}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B56ADBD9-7CFA-4649-B907-2AD035A1E660}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B743C773-FB47-4C49-8101-82CB286F8379}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E19B6822-ACC1-4695-B0CB-E2735726EEDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F37A74F9-6412-4043-B785-D5C9DA128064}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0073C6D4-D07D-4875-BCFC-1DAD42AE97F1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{008A2CBA-9AA2-49D8-88C4-D20343E2A4E5}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{0144475A-ED98-483C-90D2-9802CDEC536C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{014D0055-E525-413E-AACA-72B790AF2199}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{01A45502-C2DA-4D55-9AA2-5AF6DD352218}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gamesettings.exe | 
"{03DC5774-FA5F-4A30-9AEC-A58749FEDA9A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the political machine 2012\polmachine2012.exe | 
"{04902E8E-A5DA-436B-801A-E01554EDD4FA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{0492443C-76B0-442A-9A0E-8F2095A736CA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe | 
"{0723FC4A-5C6C-4993-8C06-379BDF53EFC5}" = protocol=6 | dir=in | app=d:\anno 2070\initengine.exe | 
"{09A571EC-D738-44C0-9E43-D73700E15AFE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0CA4D085-6580-4CBD-A438-C145A380D854}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CF11F4C-FE1C-45AD-9C12-B8484B31D5E3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe | 
"{0E5A53B7-587B-4048-9F6F-4811FA36A887}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{10DD58DE-A86B-4D25-9400-53BE8C28A886}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{13494E73-480E-4252-B4E0-3EE4672C75A6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe | 
"{14514991-F02B-4136-8850-7379579FB4CB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{151FAD04-B0B7-43E2-97DC-63FF1C01EDC8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{165A47E2-212C-4775-8F31-ED46F02084A2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"{1828394B-395C-4205-AA6E-ACD9DF4B33DD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{185CDE3C-B0E4-4167-A82F-599846D08986}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{19DD1F29-0551-4243-BA93-D59D353E2109}" = protocol=17 | dir=in | app=d:\anno 2070\autopatcher.exe | 
"{1C00C80A-5553-403F-BEB1-34AD6A7BBE90}" = protocol=17 | dir=in | app=d:\anno 2070\anno5.exe | 
"{1DA09E2A-68D2-4878-8499-7388E6CD72ED}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 
"{228A7B55-180E-4FED-B4F6-12EE2CF176AD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{22C88470-0AB8-426F-89B9-75F8D95EEB28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{230448DC-0546-455D-AA3F-1191124A4C49}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{2465CB4C-16A9-42A8-9298-E9FD9D5E11FE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{28131CE5-0D16-409C-899F-D6C65C6112DF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm | 
"{2B53C749-76C2-48C2-886F-95C4E7461138}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe | 
"{2EE60D94-772D-4857-BF51-BF62B4E44F44}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman2\runlauncher.bat | 
"{2FBC7262-8AE9-4647-82D8-BFEBAE915B7D}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{3002465A-8C4C-4BE3-988D-7E460B6824C1}" = protocol=17 | dir=in | app=d:\two worlds\twoworlds.exe | 
"{301400DB-DFC5-4744-835D-D49A9F6E9C99}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman blood money\configure.exe | 
"{30E306D4-BBF1-4AB2-8CA4-FD2F1E903ED9}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{3114460A-B081-44AC-B2BA-53F98233F3D1}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{31B5E2E0-BE99-4ED8-9544-287CD73B3D82}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\torchlight\torchlight.exe | 
"{322E1043-7E57-4A6E-9ABF-3F82D662C2F8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe | 
"{3368A6F7-AA51-4630-BAC0-82D5ACB2ECDD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{34521C0E-F87F-4DAB-BA84-84473DEC1446}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{35323261-D1C6-491B-A89F-C5374922C83E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe | 
"{38F354C1-DB49-4247-BD0B-79E74A924465}" = protocol=6 | dir=in | app=d:\icq\icq7m\icq.exe | 
"{3AB4C0F2-5479-44B0-A6C3-34EEBB8B76D0}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{3C1074CC-2E66-4BC3-8F5D-1A723FC0C0DF}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{3E0762F4-1714-488A-8E13-4D6BC57AB1D3}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gu.exe | 
"{3F9FD808-323A-4FE6-9EA8-1472A222FD63}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\imperium romanum\imperium romanum.exe | 
"{4049FE4A-7B95-41CE-855A-5CD95010D9F8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{458DB30D-43AD-4A9A-A0E6-D62E561601D9}" = protocol=6 | dir=in | app=d:\anno 2070\anno5.exe | 
"{467B9D8D-9250-4E11-A99C-CC2004E478E3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\patrician iv\patrician4.exe | 
"{46C75FC4-BCFE-43F4-B53A-4909A885C665}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman2\runlauncher.bat | 
"{47194BFF-CFC4-4788-82F4-9E86A5642321}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\rf4_launcher.exe | 
"{489EAF5F-5AFA-4EFB-A3B6-8AFD1D0D49D6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\engine.exe | 
"{4EDF9206-459E-4EA8-8AF2-A30A1CB666BA}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{5088EA3D-7B39-4BB3-B249-10F70DC05CD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{52D7960D-8A61-4CFE-B4C2-2FA8D9EEE55A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{53302656-749D-4640-91F0-220CF418E8A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5418367E-3DDA-41EC-A1C3-06BA4855C8F4}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\uplaybrowser.exe | 
"{54D77DE2-9ED1-483B-B299-C95C1E092EA0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\patrician iv\patrician4.exe | 
"{551118C7-347F-4B19-9EE5-B53789103138}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\l.a.noire\lanlauncher.exe | 
"{56DD69A2-8060-4CC1-BCEC-DBD356E02393}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{5710FBD7-4DD9-4BD0-AEE1-6CACF3C55A78}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{58E0DC02-9BF4-4D3E-8DFD-E91DF75398FE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{591FBEA6-7947-42ED-877D-776872DBB2E5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe | 
"{5AFF78D3-9D26-4D9F-A659-AA8E8764F903}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{5B158C22-7E6C-43FE-8B35-E7E7D67B54D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{5FDD8310-19F0-43E0-B08B-D6D888C91A4B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe | 
"{61085538-7391-433D-ACB9-8F6B842C5B92}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\uplaybrowser.exe | 
"{6242742C-7143-4F7A-8C11-0266D6F9C9D8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\cities in motion\cities in motion.exe | 
"{62462263-2621-4D13-9A08-885634B14FA6}" = protocol=6 | dir=in | app=d:\resident evil 5\re5dx10.exe | 
"{649B5B54-2875-44C2-BADB-F96E5AC34CA6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{656253DF-1549-4BB5-BE3D-DBBA20D69CAF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{657E23A9-D6F8-4974-AD52-00D39E2BE1E9}" = protocol=6 | dir=in | app=d:\pinnacle\videospin\programs\videospin.exe | 
"{663F30FF-1FE3-4331-8D25-50143470AB32}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe | 
"{695528CC-332D-4C9F-945E-5A8CA4C777D6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm | 
"{6AC0168C-544F-4D1A-B2EF-13DC2639EA36}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{6B6BA0DF-2065-432F-BBB9-0FF723A5EB1B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{6D0F725A-D005-425A-B96C-E9423204FB4C}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 
"{6D907B43-B5B8-4E02-9364-9D35AB13662D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{7097219D-066D-4CA2-BD81-1559AFA36F0D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{70C39E82-2FD3-494C-B953-4B5814DD1AFF}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{72AA1573-D1C5-4FB8-9EE5-78D3E6EBFAC8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | 
"{73669CAD-DB95-4025-BFBC-BBC661F3DBF7}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\prince of persia.exe | 
"{7390DE9F-BB98-4831-8B0B-5E883EDFEA06}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{7406AD3B-DC0C-4499-A6FD-4FF7C594884A}" = protocol=17 | dir=in | app=d:\diablo 3\diablo iii\diablo iii.exe | 
"{74E6ED46-875A-4D86-85D3-C493DC0AA64B}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{752EA565-B7BD-402C-B0E5-6C48B4F7F275}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the political machine 2012\polmachine2012.exe | 
"{754C197F-A507-4D31-B687-7CB8539D27AC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\alan wake\alanwake.exe | 
"{77D451ED-1610-4625-937B-D1E0C81F5CB6}" = protocol=17 | dir=in | app=d:\resident evil 5\re5dx10.exe | 
"{7A3EA388-2581-426A-B49D-4C9FEB2AEEEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7A514C5F-8D65-4820-A787-7042E3E3BAD7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{7AE59DD1-FA6A-498A-9553-61B5926B97B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7BD4CC07-EF5E-418C-A47A-2239A4465375}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe | 
"{7C552102-9955-4F9D-9F6A-40CD051A36BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7D2D7CF2-6690-4856-A338-B9CE348A5244}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7FB3A6C3-E514-4EAE-AF54-29D9D041A269}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\thief_2\thief2.exe | 
"{80C00119-99A9-4881-9E81-79138C48FF94}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"{8178E302-C9B8-43B4-955C-1B0F255907E8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\impostors.exe | 
"{81EB973D-4EA5-4A9F-B213-8CB4BC515286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{846B8D27-0403-4AC7-A1CE-6278758D7F61}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{856EE23C-D5CB-4CF6-9389-1DBE8789D30B}" = protocol=17 | dir=in | app=d:\resident evil 5\re5dx9.exe | 
"{86DFD388-851C-442D-9107-4552D37A1F2B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\from dust\from_dust.exe | 
"{86FECD19-515B-400D-8154-1A04C6256B5A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\cities in motion\cities in motion.exe | 
"{87632627-E137-4501-B1FC-2DADC29F9BD3}" = protocol=17 | dir=in | app=d:\two worlds\twoworlds_radeon.exe | 
"{87D7D60B-ADE0-4ACE-AE12-19DB24A7BB43}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe | 
"{89C936CD-7FC6-4C19-940B-1EF68E68E812}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B7733BE-DC17-481F-BE76-158793944CDA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\alan wake\alanwake.exe | 
"{8CC3178B-9FDA-49D5-85FC-E1AFDED7ED2A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{8D1EC934-7869-42C7-8201-835A094A2BAE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{8E059A45-7144-4EEF-905D-43D00494509A}" = dir=in | app=c:\itunes\itunes.exe | 
"{8E3DE856-1723-44B7-B527-3621E7A00777}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\victoria 2\victoria2.exe | 
"{8F1EF474-5083-49BD-A128-83E69C056C97}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{9126900F-488F-4F4F-B4B1-806C622F005D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{959F69B5-1F35-4916-B26E-56A10D9DE7E9}" = protocol=17 | dir=in | app=d:\pinnacle\videospin\programs\rm.exe | 
"{988FB616-9F87-41BC-82EB-D0C05C1A106A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{98E91137-6554-48AD-B976-12E6D0FFB055}" = protocol=6 | dir=out | app=system | 
"{9AE1CFAB-59E7-4500-AC70-DAC491185837}" = protocol=6 | dir=in | app=d:\diablo 3\diablo iii\diablo iii.exe | 
"{9C845E0F-B314-4B0F-B5A2-5B4D9B112B5D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{9DEE38F8-50E1-481A-BC13-373B537AEFF8}" = protocol=6 | dir=in | app=d:\two worlds\twoworlds.exe | 
"{9E60A133-86C5-47F8-AAC0-039C1738C971}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\prince of persia.exe | 
"{9EF6A113-796A-4EA9-97B0-EA08DE6FE984}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{9F7D7138-A40B-4927-9184-727A867F7384}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{A0831ECD-BBA7-4FCE-8D11-1422ABC12C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A2EE8AAB-DD23-4503-9EC9-9CA3253B8274}" = protocol=17 | dir=in | app=d:\icq\icq7m\icq.exe | 
"{A4B85B34-029D-4981-8EC4-D421FB17BEED}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe | 
"{A8E03B93-0C5A-4292-8416-DAB39BDD7E44}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A928E70E-19BA-4DB1-959F-FFDC53AA98C7}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gamesettings.exe | 
"{A9EAD30A-8048-4A88-95C4-9D65F04068FF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{AA4CDA7C-8DFE-448A-8C26-D3D5863B61FF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{AA92C90A-9242-401D-B021-D6792DA66A50}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hearts of iron 3\hoi3game.exe | 
"{AB9A8A1E-DBC7-4B7C-B3A4-7216836E3E20}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{B0D58702-0FBC-4CB2-8D1D-242BAF4F67C8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeons\dungeonsstarter.exe | 
"{B16D291E-C4AC-439C-BF6B-46BCB4326926}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe | 
"{B4D23D31-5C55-4121-AC77-3274D2D760C8}" = protocol=6 | dir=in | app=d:\anno 2070\autopatcher.exe | 
"{B5890599-B10D-449B-835D-112D2E2E044E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B6638A1B-3D97-4213-9FB7-87D2666522D6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\impostors.exe | 
"{B6E1D826-F854-49B7-B7C3-0D251918BE4D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B938CE19-0290-4AAC-9ACF-8DDD3C058C83}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | 
"{B9CD2372-D64D-4565-8319-43C55064954A}" = protocol=17 | dir=in | app=d:\icq\icq7m\icq.exe | 
"{BABD614B-5235-494A-A914-52CA0B2DDC79}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\l.a.noire\lanlauncher.exe | 
"{BB057E1D-17A3-48B4-8937-35225DC89CF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BEF229ED-F949-415E-AC7D-2037FC309D2F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\thief_2\thief2.exe | 
"{C0E52C2B-851F-48CA-8E27-0404C3F2E96A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C0F3015E-1864-4787-84FD-62B69A9152FC}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{C1525E13-E6BC-40CA-8B26-8984181C0E9C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{C2EDDA48-55BE-4F83-8950-B3455270EA27}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\rf4_launcher.exe | 
"{C338194A-9308-4956-84FF-53514141415A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hearts of iron 3\hoi3game.exe | 
"{C3A0E6B2-B64C-45BE-9C1E-2CA3D97662A8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{C3CAB425-35E5-4242-86D6-7FA972D062C6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\torchlight\torchlight.exe | 
"{C5D49879-5960-441E-AEF7-4F1C10D0872D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C5D7E97B-23A5-4893-BF94-854E50B09879}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{C785F6BD-FD0D-4C26-9EA5-105759A4DB0F}" = protocol=6 | dir=in | app=d:\pinnacle\videospin\programs\rm.exe | 
"{CA5CD6C8-BD88-4448-8ABE-B8F0376E0061}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CACED957-856B-40C5-BC37-815BF7C9B2F2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{CC63FA32-4459-4E7A-8AC8-825982EF980D}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gu.exe | 
"{CCB97EC8-81BD-4CE2-B984-F5C1B38241DE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{CDEC305F-3331-4E72-85CD-479E3222D8A0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman blood money\configure.exe | 
"{CE194D10-8E8B-400F-A75F-82CC6ADD8A58}" = protocol=6 | dir=in | app=d:\resident evil 5\re5dx9.exe | 
"{CF096E76-0A5D-480C-AD99-06D1B9CD5D01}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{D1770717-C192-49A6-9C32-30C3A717E456}" = protocol=6 | dir=in | app=d:\two worlds\twoworlds_radeon.exe | 
"{D19C0B65-35D9-438F-9436-1E08D5DF47C8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D5AB008C-11F5-4B30-9E09-0539C4CFAC82}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{D6D143EC-62F6-461B-B758-F7E2BDDFF50B}" = protocol=17 | dir=in | app=d:\pinnacle\videospin\programs\videospin.exe | 
"{D794F617-945D-4CF2-AE46-52EF094A60D2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\victoria 2\victoria2.exe | 
"{D8963AED-F6B2-47CC-A6A0-114A1ABD7D05}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe | 
"{DB6C79A8-AEF3-476C-9676-9B94128531F3}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{DB907A39-CEE2-4867-86D3-3040155597DE}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{DC0F6F22-345A-4B1B-9EFB-A018CE5B5838}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{DC8054DE-65BD-4C3D-8A69-B4021AA580CC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{DDCC3543-4FFB-4204-BEEF-2257EC20BB67}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{DE8A9BF4-5329-4EC3-9204-276EBDB14F60}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DEC6A77E-3069-4D44-AE36-656CE98F2F90}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | 
"{DF747036-D7C4-43F6-9882-AE9C5ABDE28A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\config.exe | 
"{E1DF95DA-A0BD-4473-815E-34BE17543B86}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\config.exe | 
"{E1E06B5E-B77E-4747-975D-064BEF071590}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
"{E3866EA7-414A-4690-90DB-C45385E98360}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
"{E3D03C56-980D-46D2-9598-FEAB3EBFA334}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{E3E700EA-D83B-4730-AA84-9976134A2B7D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe | 
"{E4EDFF16-EC0D-4FA4-8D9A-F1D237DC21AB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\engine.exe | 
"{EEBC9A66-2AC1-44FE-A2D2-541421148376}" = protocol=6 | dir=in | app=d:\pinnacle\videospin\programs\umi.exe | 
"{F0052071-863B-46BA-B072-18A8F73F0BA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F031BE4A-79A0-48BE-A9FC-6959EDC04708}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\crazy machines\crazymachines.exe | 
"{F08092E7-D90F-46AF-8DD6-21300F011EE9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{F10CFF4F-9FCE-4C46-ABBD-2B2489CB05DF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeons\dungeonsstarter.exe | 
"{F183DB4E-4D9E-4285-800B-7A253C700048}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\crazy machines\crazymachines.exe | 
"{F2DA9BC0-1666-4C3F-8143-584EB08077A7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\from dust\from_dust.exe | 
"{F314B65E-9767-49C0-ACB7-539A3E892FCE}" = protocol=17 | dir=in | app=d:\anno 2070\initengine.exe | 
"{F36AE389-6B10-4EC6-934F-376896E676F1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | 
"{F4CA3172-5A14-403C-9872-A2B308A1DAD1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F4F71649-2C2F-49AE-9731-A36537D633AA}" = protocol=17 | dir=in | app=d:\pinnacle\videospin\programs\umi.exe | 
"{F6A6C0D8-6CF3-434C-83B1-68A43E5C5CD0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F7097C52-5278-423A-A549-255856590281}" = protocol=6 | dir=in | app=d:\icq\icq7m\icq.exe | 
"{F82DAE5F-23E9-44FA-8B13-36EF43938D23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F89F0A31-A311-46CB-950A-6487F7BD4D64}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{F8EFFE68-7AC5-448A-9C21-88ADE2F0D754}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{F9B6E1A6-498A-4141-AB01-CEDBA5048346}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{FA3ACE92-42D6-4735-A063-620CB003BCD7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{FCC0C9F7-8098-41FE-AF7D-2EC977079F00}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{FEA202CE-6989-430F-8E18-85446F836D00}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\imperium romanum\imperium romanum.exe | 
"{FF74942E-9AEA-4892-81E0-28351EE2AB0B}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{FFC078D8-9FAF-4B7D-A533-4C843ECEBC28}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe | 
"TCP Query User{15F11C01-A3BF-4C43-A707-93F672BEBEF7}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{16CF19D8-C059-4E1B-BE18-F97590595ECE}D:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{1B13663D-A854-46B4-B212-506F20D00C93}D:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{338022F7-6BA1-4477-841F-DE6315750D02}D:\dawn of wa\soulstorm.exe" = protocol=6 | dir=in | app=d:\dawn of wa\soulstorm.exe | 
"TCP Query User{4FD0B6CF-DD5E-4ECF-BA63-5896B01ABC2D}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{6375CEB8-85AA-48AC-BD80-95C3883DB977}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{7FCF50CD-05E6-4DE3-A307-63D93CF008B8}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{8DF3D9BC-B84F-4111-A9CD-7F58B2DD1C53}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{A4E46F89-2A38-48FC-B01C-E6EC6A4764E5}D:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{A77BA938-FB58-43FF-B64F-FEAB9595E05D}D:\fallout 3\fallout3ng.exe" = protocol=6 | dir=in | app=d:\fallout 3\fallout3ng.exe | 
"TCP Query User{AF8787B6-5157-4A94-B57D-1FEC91921AF1}D:\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=d:\downloads\diablo-iii-setup-dede.exe | 
"TCP Query User{BF207AA7-C5B5-4274-BED0-103B957B3B1E}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"TCP Query User{D2B34067-6ECC-4CBA-8240-0797226603CA}D:\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fable 3\fable3.exe | 
"TCP Query User{D38E2CE7-D7E1-4963-A0DE-09174B0D940C}D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"TCP Query User{DCA5BD22-0F0B-43FF-85A8-3AE37FD68D27}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{E574B8CF-6611-4F24-9461-6848F115E762}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{FA94D70F-C45E-4988-8205-56A466AC9977}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{25F9137B-87E9-4B0F-AECB-E770DEE00555}D:\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fable 3\fable3.exe | 
"UDP Query User{2C690DDC-3C12-43BA-AA7B-7C279662835B}D:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{31A2DC65-7AE2-4F83-B30A-29C45864AC7F}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{3F468FFF-5F77-4074-BD17-6E120AA841A9}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"UDP Query User{61492429-1879-4329-99AD-2264F6947E2D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{6ECDFC15-AB77-4CA7-9C5A-5F5E1A658EB2}D:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{77DACE47-2F73-4E45-9A97-53BC9D9B8C1F}D:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{8008B67E-3976-4E5F-AC46-9C057C88165E}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{8401A586-1E21-4FE9-95E8-7A9800086BDB}D:\dawn of wa\soulstorm.exe" = protocol=17 | dir=in | app=d:\dawn of wa\soulstorm.exe | 
"UDP Query User{9E405F8C-AB35-4288-93A5-722A2A5D2CA1}D:\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=d:\downloads\diablo-iii-setup-dede.exe | 
"UDP Query User{AD5D6CA6-3755-4148-A69A-738FB72CF853}D:\fallout 3\fallout3ng.exe" = protocol=17 | dir=in | app=d:\fallout 3\fallout3ng.exe | 
"UDP Query User{CB365FE0-44B8-4DC3-B1BF-4F6F32F9E82E}D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"UDP Query User{E00A21EC-2355-482C-9417-ACD2B63BED44}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{EE0D233D-8022-4C2E-BB8D-B2A359E7BDFD}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{EEEF2CB4-46EB-4D44-8A34-11994BCCF84D}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{F7459F8E-7D86-48E9-A4AE-60E87B89064B}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{F85DFF7E-4F96-41ED-A1D3-BBEE1F58258E}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{4f94b43a-8a00-4ac4-bb94-269cf24aef97}.sdb" = Dungeon Keeper 2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1" = FTL version 1.01
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.21f
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{82D040D1-F95B-4C96-AF5C-B6A1E138EC6E}" = ¹–ë‚̉S
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}" = Snagit 10.0.2
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.50 (February 21st, 2012) Version v2012.buil
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE5C9428-3DA7-4A0C-B5E0-16031B5DC030}_is1" = The Guild 2 - Renaissance
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}" = Prince of Persia The Forgotten Sands™
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{THEGUILDREN-0010-2010-300520102330}_is1" = Patch v4.15
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.1.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diablo III" = Diablo III
"Dungeon Keeper 2_is1" = Dungeon Keeper 2
"Earth 2160" = Earth 2160
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.05.00.00
"ImgBurn" = ImgBurn
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"o.tel.o" = o.tel.o
"o2DE" = Mobile Connection Manager
"OpenAL" = OpenAL
"Origin" = Origin
"Pharaoh Gold Bundle_is1" = Pharaoh Gold Bundle
"PunkBusterSvc" = PunkBuster Services
"Recettear: An Item Shop's Tale_is1" = Recettear: An Item Shop's Tale
"Rockstar Games Social Club" = Rockstar Games Social Club
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 105400" = Fable III
"Steam App 105600" = Terraria
"Steam App 108710" = Alan Wake
"Steam App 110800" = L.A. Noire
"Steam App 1840" = Source Filmmaker
"Steam App 18420" = Crazy Machines
"Steam App 200550" = DUNGEONS - The Dark Lord (Steam Special Edition)
"Steam App 204300" = Awesomenauts
"Steam App 21100" = F.E.A.R. 3
"Steam App 211120" = The Political Machine 2012
"Steam App 21170" = Gotham City Impostors
"Steam App 211740" = Thief 2
"Steam App 23400" = Imperium Romanum: Gold Edition
"Steam App 25890" = Hearts of Iron III
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33220" = Tom Clancy's Splinter Cell: Conviction
"Steam App 33460" = From Dust
"Steam App 41510" = Torchlight Demo
"Steam App 42910" = Magicka
"Steam App 42960" = Victoria II
"Steam App 47890" = The Sims(TM) 3
"Steam App 49400" = Magic: The Gathering - Duels of the Planeswalkers
"Steam App 55110" = Red Faction: Armageddon
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 55230" = Saints Row: The Third
"Steam App 57400" = Batman: Arkham City™
"Steam App 57620" = Patrician IV: Steam Special Edition
"Steam App 57650" = DUNGEONS - Steam Special Edition
"Steam App 57690" = Tropico 4
"Steam App 6850" = Hitman 2: Silent Assassin
"Steam App 6860" = Hitman: Blood Money
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 73010" = Cities in Motion
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91310" = Dead Island
"Thief - Deadly Shadows_is1" = Thief - Deadly Shadows
"TippKönigin Demo_is1" = TippKönigin Demo 5.5
"Two Worlds" = Two Worlds
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Zeus and Poseidon_is1" = Zeus and Poseidon
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.10.2012 17:12:45 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 06.10.2012 11:30:14 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 06.10.2012 12:39:38 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 07.10.2012 06:51:20 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 07.10.2012 07:18:02 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 08.10.2012 03:27:23 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.10.2012 05:23:31 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.10.2012 15:31:07 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.10.2012 16:07:54 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.10.2012 10:35:24 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ OSession Events ]
Error - 12.03.2012 19:01:47 | Computer Name = PC-Wolfi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2604
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.06.2012 08:45:52 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 18.06.2012 08:45:52 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 19.06.2012 10:11:07 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 19.06.2012 10:11:07 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 20.06.2012 07:42:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 20.06.2012 07:42:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 21.06.2012 09:58:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 21.06.2012 09:58:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 21.06.2012 11:24:53 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 21.06.2012 11:24:53 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >
         
install.txt
Code:
ATTFilter
7-Zip 9.20		18.05.2012		
Adobe AIR	Adobe Systems Incorporated	30.03.2012		3.2.0.2070
Adobe Community Help	Adobe Systems Incorporated.	30.03.2012		3.4.980
Adobe Download Assistant	Adobe Systems Incorporated	30.03.2012		1.0.6
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	09.10.2012	6,00MB	11.4.402.287
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.10.2012	6,00MB	11.4.402.287
Adobe Flash Professional CS5.5	Adobe Systems Incorporated	30.03.2012	2,03GB	11.5
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	15.08.2012	122MB	10.1.4
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	29.02.2012		11.6.4.634
Alan Wake	Remedy Entertainment	20.07.2012		
ANNO 2070	Ubisoft	26.02.2012		1.0.0.0
Apple Application Support	Apple Inc.	31.03.2012	61,0MB	2.1.7
Apple Mobile Device Support	Apple Inc.	31.03.2012	24,9MB	5.1.1.4
Apple Software Update	Apple Inc.	31.03.2012	2,38MB	2.1.3.127
Audacity 1.3.14 (Unicode)	Audacity Team	01.03.2012	40,4MB	
Avira Free Antivirus	Avira	12.09.2012	109MB	12.0.0.1199
Awesomenauts		07.08.2012		
Batman: Arkham City™	Rocksteady	17.06.2012		
Battlefield 3™	Electronic Arts	01.03.2012		1.0.0.0
Battlelog Web Plugins	EA Digital Illusions CE AB	01.07.2012		1.122.0
Bonjour	Apple Inc.	31.03.2012	2,04MB	3.0.0.10
CanoScan LiDE 70		11.04.2012		
CCleaner	Piriform	24.09.2012		3.23
Cheat Engine 6.1	Dark Byte	06.03.2012	23,5MB	
Cities in Motion		11.05.2012		
Civ3 Conquests v1.22 Full		14.06.2012		
Civilization III		14.06.2012		
Civilization III v1.21f		14.06.2012		
Civilization III: Conquests		14.06.2012		
Crazy Machines	Viva-Media	26.05.2012		
Creative Audio-Systemsteuerung	Creative Technology Limited	25.02.2012		2.00
Creative Software AutoUpdate	Creative Technology Limited	25.02.2012		1.40
Creative Sound Blaster Properties x64 Edition		25.02.2012		
Dawn of War - Soulstorm	THQ	03.06.2012		1.00.0000
Dead Island	Techland	02.03.2012		
Deus Ex: Human Revolution	Eidos Montreal	04.03.2012		
Diablo III	Blizzard Entertainment	11.07.2012		1.0.3.10485
Dual-Core Optimizer	AMD	18.06.2012	86,0KB	1.1.4.0169
Dungeon Keeper 2		25.02.2012		
Dungeon Keeper 2	GOG.com	16.05.2012		
DUNGEONS - Steam Special Edition	Realmforge Studios	30.05.2012		
DUNGEONS - The Dark Lord (Steam Special Edition)		30.05.2012		
Earth 2160	Zuxxez Entertainment AG	25.04.2012		1.37 En
Empire: Total War	The Creative Assembly	21.03.2012		
ESN Sonar	ESN Social Software AB	01.07.2012		0.70.4
F.E.A.R. 3	Day 1 Studios	20.07.2012		
Fable III		10.04.2012		
FIFA 12	Electronic Arts	06.06.2012		1.6.0.0
Fraps		14.04.2012		
From Dust		14.05.2012		
FTL version 1.01	Subset Games	18.09.2012	154MB	1.01
FUSSBALL MANAGER 12	Electronic Arts	22.03.2012	6,58GB	1.0.0.3
Gotham City Impostors		30.03.2012		
Hearts of Iron III	Paradox Interactive	26.02.2012		
Hitman 2: Silent Assassin	Eidos	24.05.2012		
Hitman: Blood Money	Eidos	16.05.2012		
HUAWEI DataCard Driver 4.05.00.00	Huawei technologies Co., Ltd.	08.05.2012		4.05.00.00
ICQ7M	ICQ	13.07.2012		7.8
ImgBurn	LIGHTNING UK!	15.07.2012		2.4.2.0
Imperium Romanum: Gold Edition	Haemimont Games	11.05.2012		
iTunes	Apple Inc.	31.03.2012	156MB	10.6.1.7
Java(TM) 6 Update 31 (64-bit)	Oracle	27.02.2012	91,8MB	6.0.310
Java(TM) 6 Update 35	Oracle	09.07.2012	95,6MB	6.0.350
L.A. Noire	Rockstar	28.06.2012		
LAME v3.99.3 (for Windows)		05.07.2012	1,52MB	
League of Legends	Riot Games	07.03.2012		1.02.0000
Logitech Webcam-Software	Logitech Inc.	10.07.2012		2.31
Magic: The Gathering - Duels of the Planeswalkers		05.05.2012		
Magicka	Arrowhead Game Studios AB	29.03.2012		
Malwarebytes Anti-Malware Version 1.65.0.1400	Malwarebytes Corporation	12.09.2012	19,3MB	1.65.0.1400
Mass Effect™ 3	Electronic Arts	04.06.2012		1.03.0.0
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	25.02.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	25.02.2012	2,93MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	02.03.2012	51,9MB	4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	02.03.2012	10,6MB	4.0.30319
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	30.03.2012	31,3MB	3.5.92.0
Microsoft Games for Windows Marketplace	Microsoft Corporation	30.03.2012	6,03MB	3.5.50.0
Microsoft Office File Validation Add-In	Microsoft Corporation	13.05.2012	7,95MB	14.0.5130.5003
Microsoft Office Home and Student 2007	Microsoft Corporation	26.02.2012		12.0.6612.1000
Microsoft Office Live Add-in 1.5	Microsoft Corporation	11.05.2012	508KB	2.0.4024.1
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	10.08.2012	1,69MB	3.1.0000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	04.06.2012	2,38MB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	11.04.2012	1,41MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411	Microsoft Corporation	18.05.2012	1,46MB	9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	25.02.2012	596KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	13.04.2012	232KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	26.02.2012	594KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	01.03.2012	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	25.02.2012	12,2MB	10.0.40219
Microsoft XNA Framework Redistributable 3.1	Microsoft Corporation	29.03.2012	7,48MB	3.1.10527.0
Microsoft XNA Framework Redistributable 4.0	Microsoft Corporation	02.03.2012	8,03MB	4.0.20823.0
Mobile Connection Manager	Mobile Connection Manager	08.05.2012		
MozBackup 1.5.1	Pavel Cvrcek	25.02.2012		
Mozilla Firefox 15.0 (x86 de)	Mozilla	29.08.2012	38,4MB	15.0
Mozilla Firefox 15.0.1 (x86 de)	Mozilla	08.09.2012	38,4MB	15.0.1
Mozilla Maintenance Service	Mozilla	08.09.2012	327KB	15.0.1
Mozilla Thunderbird 15.0.1 (x86 de)	Mozilla	13.09.2012	39,5MB	15.0.1
MSI Afterburner 2.1.0	MSI Co., LTD	25.02.2012		2.1.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	22.08.2012	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	22.08.2012	1,33MB	4.20.9876.0
NVIDIA 3D Vision Controller-Treiber 301.42	NVIDIA Corporation	21.06.2012		301.42
NVIDIA 3D Vision Treiber 301.42	NVIDIA Corporation	21.06.2012		301.42
NVIDIA Grafiktreiber 301.42	NVIDIA Corporation	21.06.2012		301.42
NVIDIA HD-Audiotreiber 1.3.16.0	NVIDIA Corporation	21.06.2012		1.3.16.0
NVIDIA PhysX-Systemsoftware 9.12.0213	NVIDIA Corporation	23.03.2012		9.12.0213
NVIDIA Update 1.8.15	NVIDIA Corporation	21.06.2012		1.8.15
o.tel.o	Huawei Technologies Co.,Ltd	08.05.2012		16.001.06.07.35
OpenAL		25.02.2012		
Origin	Electronic Arts, Inc.	29.02.2012		8.5.0.4549
Paint.NET v3.5.10	dotPDN LLC	25.02.2012	10,7MB	3.60.0
Pando Media Booster	Pando Networks Inc.	07.03.2012	5,46MB	2.6.0.6
Patch v4.15	RUNEFORGE Games Studios	22.05.2012	239MB	
Patrician IV: Steam Special Edition		02.03.2012		
Pharaoh Gold Bundle	GOG.com	05.08.2012		
Pinnacle VideoSpin	Pinnacle Systems	21.08.2012	191MB	2.0.0.669
Prince of Persia The Forgotten Sands™	Ubisoft	26.08.2012	4.094GB	1.0
PunkBuster Services	Even Balance, Inc.	01.03.2012		0.991
Recettear: An Item Shop's Tale		29.04.2012	616MB	
Red Faction: Armageddon	Volition	13.09.2012		
RESIDENT EVIL 5	CAPCOM CO., LTD.	26.04.2012	6,77GB	1.0.0.129
Rockstar Games Social Club	Rockstar Games	28.06.2012		1.0.6.1
RollerCoaster Tycoon 3 Platinum	Atari	11.04.2012		1.00.000
Saints Row: The Third	Volition	09.10.2012		
Sid Meier's Civilization V	Firaxis Games	16.03.2012		
SimCity 4 Deluxe		15.03.2012		
Snagit 10.0.2	TechSmith Corporation	01.03.2012	66,1MB	10.0.2
Source Filmmaker		02.10.2012		
SpeedFan (remove only)		25.02.2012		
Star Wars: The Old Republic	Electronic Arts, Inc.	02.03.2012	19,3GB	1.00
StarCraft II	Blizzard Entertainment	23.08.2012		1.5.2.22875
Steam	Valve Corporation	25.02.2012	35,4MB	1.0.0.0
SUPER © v2012.build.50 (February 21st, 2012) Version v2012.buil	eRightSoft	25.02.2012	51,4MB	v2012.build.50
Terraria		29.02.2012		
The Elder Scrolls V: Skyrim	Bethesda Game Studios	25.02.2012		
The Guild 2 - Renaissance	JoWooD	22.05.2012		
The Political Machine 2012		11.08.2012		
The Sims(TM) 3	Electronic Arts	27.02.2012		
Thief - Deadly Shadows	GOG.com	16.05.2012		
Thief 2		24.05.2012		
TippKönigin Demo 5.5	Giletech e.K.	02.08.2012		
Tom Clancy's Splinter Cell: Conviction	Ubisoft	20.07.2012		
Torchlight Demo	Runic Games, Inc.	18.05.2012		
Tropico 4		11.08.2012		
Two Worlds	Reality Pump	25.04.2012	2,13GB	1.7.0.0
Ubisoft Game Launcher	UBISOFT	26.02.2012		1.0.0.0
Victoria II	Paradox Interactive	10.04.2012		
VirtualCloneDrive	Elaborate Bytes	26.03.2012		
VLC media player 2.0.0	VideoLAN	25.02.2012		2.0.0
Warhammer 40,000 Space Marine	Relic	23.04.2012		
Windows Live Essentials	Microsoft Corporation	10.08.2012		16.4.3503.0728
Windows Media Encoder 9 Series		22.05.2012		
WinRAR 4.10 (64-Bit)	win.rar GmbH	25.02.2012		4.10.0
World of Warcraft	Blizzard Entertainment	22.09.2012		5.0.5.16057
Xvid Video Codec	Xvid Team	24.03.2012		1.3.2
Zeus and Poseidon	GOG.com	11.06.2012		
¹–ë‚̉S		04.07.2012
         
__________________

Alt 10.10.2012, 18:49   #4
Wolfizero
 
svchost.exe - Standard

svchost.exe



hijackthis.log
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:43:16, on 10.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
D:\Steam\steam.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9596 bytes
         

Alt 11.10.2012, 08:35   #5
kira
/// Helfer-Team
 
svchost.exe - Standard

svchost.exe



Systemreinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
ATTFilter
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
         
2.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

3.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
MOD - [2012.10.10 10:53:07 | 000,192,512 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.10.10 10:53:07 | 000,172,032 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\sfareca00001.dll
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "about:neterror?e=query&u="
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\Shell - "" = AutoRun
O33 - MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\Shell - "" = AutoRun
O33 - MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

4.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 7 - von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!
Tipp: -> Java-Updates konfigurieren

5.
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

6.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

7.
Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während der Online-Scans deaktivieren:
    Anti-Virus-Programm und Firewall.
  • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
  • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
    Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
  • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
  • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.


  • .

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
  • Eset Online Scanner (NOD32)
    • Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
    • Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
    • Dein Anti-Virus-Programm während des Scans deaktivieren.
    • Button "ESET Online Scanner" drücken.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
    • Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
    • Einen Haken bei "Remove found threads" und "Scan archives" machen.
    • Start drücken.
    • Signaturen werden heruntergeladen.
    • Der Scan beginnt automatisch.
    • Wenn fertig, das Protokoll speichern und mir posten.
      -> List of found threats
      -> Export to text file
      -> Back
      -> Delete quarantäne files
    • Finish drücken.
    • Browser schließen.
    • Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
    • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 11.10.2012, 14:28   #6
Wolfizero
 
svchost.exe - Standard

svchost.exe



hijack nach dem fix
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:25:05, on 11.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Wolfi\Desktop\OTL.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9105 bytes
         
Otl fix log
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from google.toolbar.linkdoctor.backup.keyword.URL
Prefs.js: "about:neterror?e=query&u=" removed from sweetim.toolbar.previous.keyword.URL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03105047-954b-11e1-be79-001fd08ab3a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03105047-954b-11e1-be79-001fd08ab3a1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0310507c-954b-11e1-be79-001fd08ab3a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0310507c-954b-11e1-be79-001fd08ab3a1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031050a7-954b-11e1-be79-001e101f04e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031050a7-954b-11e1-be79-001e101f04e4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0990abba-9932-11e1-96eb-001e101f2500}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0990abba-9932-11e1-96eb-001e101f2500}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0990abc0-9932-11e1-96eb-001e101f2500}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0990abc0-9932-11e1-96eb-001e101f2500}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b539574-9606-11e1-9fed-001fd08ab3a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b539574-9606-11e1-9fed-001fd08ab3a1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c362094-99a0-11e1-9dc2-001e101f50a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c362094-99a0-11e1-9dc2-001e101f50a4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1664a64-984d-11e1-95e7-001e101fb681}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1664a64-984d-11e1-95e7-001e101fb681}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Wolfi\Desktop\cmd.bat deleted successfully.
C:\Users\Wolfi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Wolfi
->Temp folder emptied: 9874105402 bytes
->Temporary Internet Files folder emptied: 240753916 bytes
->Java cache emptied: 3972000 bytes
->FireFox cache emptied: 66126760 bytes
->Flash cache emptied: 149993 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 364778584 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 3747484804 bytes
 
Total Files Cleaned = 13.670,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 10112012_114354

Files\Folders moved on Reboot...
C:\Users\Wolfi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Wolfi\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
eset log
Code:
ATTFilter
D:\Downloads\CheatEngine61.exe	Win32/Somoto application	cleaned by deleting - quarantined
         

Alt 11.10.2012, 14:29   #7
Wolfizero
 
svchost.exe - Standard

svchost.exe



otl.txt
Code:
ATTFilter
OTL logfile created on: 11.10.2012 15:16:04 - Run 5
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Wolfi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,26 Gb Available Physical Memory | 70,95% Memory free
12,00 Gb Paging File | 10,08 Gb Available in Paging File | 84,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345,48 Gb Total Space | 233,30 Gb Free Space | 67,53% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 87,66 Gb Free Space | 14,96% Space Free | Partition Type: NTFS
 
Computer Name: PC-WOLFI | User Name: Wolfi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.07 23:58:22 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.08 11:48:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.30 14:12:20 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfi\Desktop\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.09 09:25:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 09:25:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.01 04:56:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.07 23:58:21 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.10.09 15:46:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.04 02:34:22 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.07 23:58:22 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.09 09:25:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 09:25:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.01 04:56:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.02.25 01:29:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Disabled | Stopped] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.22 10:54:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.05.22 10:54:20 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.05.09 09:25:16 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 09:25:16 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.05.05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.05.05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.05.05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.05.05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.05.05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010.05.05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010.04.09 09:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.04.07 11:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.03.25 04:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.03.20 05:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009.11.20 15:26:50 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 15 58 FD 97 A7 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.5.0522
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.0.16
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.0
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.enabled: true
FF - prefs.js..keyword.URL: "about:neterror?e=query&u="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.27 13:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:58:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.25 00:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Extensions
[2012.09.26 00:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions
[2012.02.25 16:25:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.09.16 16:16:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.25 16:25:01 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.09.26 00:38:18 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\FasterFox_Lite@BigRedBrent
[2012.09.14 11:09:46 | 000,001,632 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\tlymn0wr.default\searchplugins\firefox-add-ons.xml
[2012.09.07 23:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 23:58:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.11 13:38:29 | 000,135,156 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
[2012.02.25 01:26:08 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.09.04 21:36:27 | 000,009,644 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\PRINTPDF@PAVLOV.NET.XPI
[2012.09.07 23:58:22 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.18 01:12:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 16:19:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 01:12:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 01:12:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 01:12:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 01:12:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83FB607F-B364-4818-A562-3B56328C8DD9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.11 12:08:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.11 12:01:41 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.10.11 12:01:41 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.10.11 12:01:29 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.10.11 12:01:29 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.10.11 12:01:29 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.10.11 11:43:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.10 19:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.10.10 19:41:51 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.10.10 19:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.10 19:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.10 12:24:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 12:24:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 12:24:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 12:24:53 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 12:24:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 12:24:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 12:24:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 12:24:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 12:24:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 12:24:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 12:24:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 12:24:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 12:24:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 12:24:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 12:24:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 12:24:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 12:24:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 12:24:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 12:24:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 12:24:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 12:24:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 12:24:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 12:24:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 12:24:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 12:24:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 12:24:40 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 12:24:39 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 12:24:39 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 12:24:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 12:24:25 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 12:24:24 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.09 13:59:35 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012.10.09 13:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012.10.09 13:48:04 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\Documents\Adobe
[2012.09.26 13:56:13 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.22 20:23:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 20:23:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 20:23:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 20:23:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 20:23:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 20:23:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 20:23:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 20:23:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 20:23:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 20:23:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 20:23:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 20:23:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 20:23:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 20:23:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 20:23:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.18 11:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTL Faster Than Light
[2012.09.12 19:13:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 19:13:02 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 19:13:01 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 19:13:01 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.11 14:45:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.11 12:07:32 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 12:07:32 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 12:04:29 | 001,612,992 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.11 12:04:29 | 000,696,746 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.11 12:04:29 | 000,652,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.11 12:04:29 | 000,148,042 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.11 12:04:29 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.11 12:01:21 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.10.11 12:01:20 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.10.11 12:01:20 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.10.11 12:01:20 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.10.11 12:01:19 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.10.11 12:01:19 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.10.11 12:00:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.11 11:59:56 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.11 11:59:18 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.11 11:59:18 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.11 11:59:18 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.10 19:41:51 | 000,002,975 | ---- | M] () -- C:\Users\Wolfi\Desktop\HiJackThis.lnk
[2012.10.10 19:39:25 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.09 15:46:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 15:46:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 14:27:59 | 000,000,201 | ---- | M] () -- C:\Users\Wolfi\Desktop\Saints Row The Third.url
[2012.10.02 23:21:46 | 000,000,200 | ---- | M] () -- C:\Users\Wolfi\Desktop\Source Filmmaker.url
[2012.09.18 11:57:48 | 000,000,508 | ---- | M] () -- C:\Users\Public\Desktop\FTL.lnk
[2012.09.13 18:09:57 | 000,000,201 | ---- | M] () -- C:\Users\Wolfi\Desktop\Red Faction Armageddon.url
[2012.09.12 14:57:15 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.10 19:41:51 | 000,002,975 | ---- | C] () -- C:\Users\Wolfi\Desktop\HiJackThis.lnk
[2012.10.10 19:39:25 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.09 14:27:59 | 000,000,201 | ---- | C] () -- C:\Users\Wolfi\Desktop\Saints Row The Third.url
[2012.10.02 23:21:46 | 000,000,200 | ---- | C] () -- C:\Users\Wolfi\Desktop\Source Filmmaker.url
[2012.09.18 11:57:48 | 000,000,508 | ---- | C] () -- C:\Users\Public\Desktop\FTL.lnk
[2012.09.13 18:09:57 | 000,000,201 | ---- | C] () -- C:\Users\Wolfi\Desktop\Red Faction Armageddon.url
[2012.08.02 06:13:15 | 000,003,676 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\Sys2657a.DLL
[2012.06.11 12:30:08 | 000,000,244 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.24 00:36:20 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.03.24 00:36:20 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.03.15 06:22:18 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.02 06:56:25 | 001,589,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.01 04:41:52 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.01 04:41:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.25 17:40:48 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.02.25 17:39:13 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.02.25 01:28:43 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.02.25 01:28:43 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.02.25 01:28:23 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.07.03 01:28:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.minecraft
[2012.10.08 19:50:52 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.techniclauncher
[2012.04.11 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Atari
[2012.08.10 01:47:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Audacity
[2012.04.11 14:05:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Canon
[2012.03.30 14:30:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.09.27 02:43:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ICQ
[2012.07.16 00:07:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ImgBurn
[2012.05.12 21:11:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Imperium Romanum
[2012.05.30 15:50:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Kalypso Media
[2012.04.11 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Leadertech
[2012.04.13 23:46:29 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Lionhead Studios
[2012.03.08 09:04:32 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\LolClient
[2012.08.10 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Origin
[2012.05.18 00:40:35 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\runic games
[2012.05.03 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Telefónica
[2012.05.03 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TGCMLog
[2012.06.23 13:33:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\The Creative Assembly
[2012.02.25 03:38:26 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Thunderbird
[2012.08.02 06:41:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TippKönigin Demo
[2012.08.21 16:50:57 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Tropico 4
[2012.02.26 18:51:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Ubisoft
[2012.09.30 17:48:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.02.25 15:45:19 | 000,097,089 | ---- | C] ()(C:\Users\Wolfi\Documents\?? ???????.docx) -- C:\Users\Wolfi\Documents\На главную.docx
[2009.03.06 02:54:38 | 000,097,089 | ---- | M] ()(C:\Users\Wolfi\Documents\?? ???????.docx) -- C:\Users\Wolfi\Documents\На главную.docx

< End of report >
         
und extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 11.10.2012 15:16:04 - Run 5
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Wolfi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,26 Gb Available Physical Memory | 70,95% Memory free
12,00 Gb Paging File | 10,08 Gb Available in Paging File | 84,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345,48 Gb Total Space | 233,30 Gb Free Space | 67,53% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 87,66 Gb Free Space | 14,96% Space Free | Partition Type: NTFS
 
Computer Name: PC-WOLFI | User Name: Wolfi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Adobe Flash CS\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Adobe Flash CS\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E6B76D-9920-4099-8EB6-21BA098CE229}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0849B073-4931-4061-90FE-2FD5C01540A8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{13E75419-112E-467B-8332-58DDE22B9F08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1ACF9A4E-A14E-44D4-A7B5-E43B60FBAD7F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2AE49884-A2B8-463F-A053-4500E93E061C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2FD9B2BB-2ECA-46D9-8AF1-FEACE2E9E5A8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4A1110FC-7091-4C22-AB92-569614FFD916}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5D4B17C0-F83C-4188-9BAB-886B619CD427}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{61E458DA-A81B-4395-8776-176B482C1333}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6F09D18F-EE6F-488D-903F-96B2B4CF246E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{71F2E870-4567-4D0D-BDDD-2D8A82C81295}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{74162BF3-E4F1-418B-89E4-3E2FFD6CD071}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8224D1B4-4F2E-4DA7-A720-C705D771EEBD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86998370-E2F8-4754-9DC1-37260A552024}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8844FD62-688D-4EE1-9289-069D5DB713AE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9F63BAD5-9B40-4187-9F99-A6254BFF5EDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0F94210-213A-46EE-AC58-A84E6342386E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A927111E-BBD9-4745-BEDA-1E1F5172BCEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AC7B52D5-24B5-43CB-82DA-F02581764AC8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B16D0FBF-93B6-4307-B1E7-953AFE60F47C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B26B1853-CEB0-4658-9498-8CC3C53FB851}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B56ADBD9-7CFA-4649-B907-2AD035A1E660}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B743C773-FB47-4C49-8101-82CB286F8379}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E19B6822-ACC1-4695-B0CB-E2735726EEDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F37A74F9-6412-4043-B785-D5C9DA128064}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0073C6D4-D07D-4875-BCFC-1DAD42AE97F1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{008A2CBA-9AA2-49D8-88C4-D20343E2A4E5}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{0144475A-ED98-483C-90D2-9802CDEC536C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{014D0055-E525-413E-AACA-72B790AF2199}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{01A45502-C2DA-4D55-9AA2-5AF6DD352218}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gamesettings.exe | 
"{03DC5774-FA5F-4A30-9AEC-A58749FEDA9A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the political machine 2012\polmachine2012.exe | 
"{04902E8E-A5DA-436B-801A-E01554EDD4FA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{0492443C-76B0-442A-9A0E-8F2095A736CA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe | 
"{0723FC4A-5C6C-4993-8C06-379BDF53EFC5}" = protocol=6 | dir=in | app=d:\anno 2070\initengine.exe | 
"{09A571EC-D738-44C0-9E43-D73700E15AFE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0CA4D085-6580-4CBD-A438-C145A380D854}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CF11F4C-FE1C-45AD-9C12-B8484B31D5E3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe | 
"{0E5A53B7-587B-4048-9F6F-4811FA36A887}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{10DD58DE-A86B-4D25-9400-53BE8C28A886}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{13494E73-480E-4252-B4E0-3EE4672C75A6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe | 
"{14514991-F02B-4136-8850-7379579FB4CB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{151FAD04-B0B7-43E2-97DC-63FF1C01EDC8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{165A47E2-212C-4775-8F31-ED46F02084A2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"{1828394B-395C-4205-AA6E-ACD9DF4B33DD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{185CDE3C-B0E4-4167-A82F-599846D08986}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{19DD1F29-0551-4243-BA93-D59D353E2109}" = protocol=17 | dir=in | app=d:\anno 2070\autopatcher.exe | 
"{1C00C80A-5553-403F-BEB1-34AD6A7BBE90}" = protocol=17 | dir=in | app=d:\anno 2070\anno5.exe | 
"{1DA09E2A-68D2-4878-8499-7388E6CD72ED}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 
"{228A7B55-180E-4FED-B4F6-12EE2CF176AD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{22C88470-0AB8-426F-89B9-75F8D95EEB28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{230448DC-0546-455D-AA3F-1191124A4C49}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{2465CB4C-16A9-42A8-9298-E9FD9D5E11FE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{28131CE5-0D16-409C-899F-D6C65C6112DF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm | 
"{2B53C749-76C2-48C2-886F-95C4E7461138}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe | 
"{2EE60D94-772D-4857-BF51-BF62B4E44F44}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman2\runlauncher.bat | 
"{2FBC7262-8AE9-4647-82D8-BFEBAE915B7D}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{3002465A-8C4C-4BE3-988D-7E460B6824C1}" = protocol=17 | dir=in | app=d:\two worlds\twoworlds.exe | 
"{301400DB-DFC5-4744-835D-D49A9F6E9C99}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman blood money\configure.exe | 
"{30E306D4-BBF1-4AB2-8CA4-FD2F1E903ED9}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{3114460A-B081-44AC-B2BA-53F98233F3D1}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{31B5E2E0-BE99-4ED8-9544-287CD73B3D82}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\torchlight\torchlight.exe | 
"{322E1043-7E57-4A6E-9ABF-3F82D662C2F8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe | 
"{3368A6F7-AA51-4630-BAC0-82D5ACB2ECDD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{34521C0E-F87F-4DAB-BA84-84473DEC1446}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{35323261-D1C6-491B-A89F-C5374922C83E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe | 
"{38F354C1-DB49-4247-BD0B-79E74A924465}" = protocol=6 | dir=in | app=d:\icq\icq7m\icq.exe | 
"{3AB4C0F2-5479-44B0-A6C3-34EEBB8B76D0}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{3C1074CC-2E66-4BC3-8F5D-1A723FC0C0DF}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{3E0762F4-1714-488A-8E13-4D6BC57AB1D3}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gu.exe | 
"{3F9FD808-323A-4FE6-9EA8-1472A222FD63}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\imperium romanum\imperium romanum.exe | 
"{4049FE4A-7B95-41CE-855A-5CD95010D9F8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{458DB30D-43AD-4A9A-A0E6-D62E561601D9}" = protocol=6 | dir=in | app=d:\anno 2070\anno5.exe | 
"{467B9D8D-9250-4E11-A99C-CC2004E478E3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\patrician iv\patrician4.exe | 
"{46C75FC4-BCFE-43F4-B53A-4909A885C665}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman2\runlauncher.bat | 
"{47194BFF-CFC4-4788-82F4-9E86A5642321}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\rf4_launcher.exe | 
"{489EAF5F-5AFA-4EFB-A3B6-8AFD1D0D49D6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\engine.exe | 
"{4EDF9206-459E-4EA8-8AF2-A30A1CB666BA}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{5088EA3D-7B39-4BB3-B249-10F70DC05CD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{52D7960D-8A61-4CFE-B4C2-2FA8D9EEE55A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{53302656-749D-4640-91F0-220CF418E8A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5418367E-3DDA-41EC-A1C3-06BA4855C8F4}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\uplaybrowser.exe | 
"{54D77DE2-9ED1-483B-B299-C95C1E092EA0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\patrician iv\patrician4.exe | 
"{551118C7-347F-4B19-9EE5-B53789103138}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\l.a.noire\lanlauncher.exe | 
"{56DD69A2-8060-4CC1-BCEC-DBD356E02393}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{5710FBD7-4DD9-4BD0-AEE1-6CACF3C55A78}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{58E0DC02-9BF4-4D3E-8DFD-E91DF75398FE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{591FBEA6-7947-42ED-877D-776872DBB2E5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe | 
"{5AFF78D3-9D26-4D9F-A659-AA8E8764F903}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{5B158C22-7E6C-43FE-8B35-E7E7D67B54D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{5FDD8310-19F0-43E0-B08B-D6D888C91A4B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe | 
"{61085538-7391-433D-ACB9-8F6B842C5B92}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\uplaybrowser.exe | 
"{6242742C-7143-4F7A-8C11-0266D6F9C9D8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\cities in motion\cities in motion.exe | 
"{62462263-2621-4D13-9A08-885634B14FA6}" = protocol=6 | dir=in | app=d:\resident evil 5\re5dx10.exe | 
"{649B5B54-2875-44C2-BADB-F96E5AC34CA6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{656253DF-1549-4BB5-BE3D-DBBA20D69CAF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{657E23A9-D6F8-4974-AD52-00D39E2BE1E9}" = protocol=6 | dir=in | app=d:\pinnacle\videospin\programs\videospin.exe | 
"{663F30FF-1FE3-4331-8D25-50143470AB32}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe | 
"{695528CC-332D-4C9F-945E-5A8CA4C777D6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm | 
"{6AC0168C-544F-4D1A-B2EF-13DC2639EA36}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{6B6BA0DF-2065-432F-BBB9-0FF723A5EB1B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{6D0F725A-D005-425A-B96C-E9423204FB4C}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 
"{6D907B43-B5B8-4E02-9364-9D35AB13662D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{7097219D-066D-4CA2-BD81-1559AFA36F0D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{70C39E82-2FD3-494C-B953-4B5814DD1AFF}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{72AA1573-D1C5-4FB8-9EE5-78D3E6EBFAC8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | 
"{73669CAD-DB95-4025-BFBC-BBC661F3DBF7}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\prince of persia.exe | 
"{7390DE9F-BB98-4831-8B0B-5E883EDFEA06}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{7406AD3B-DC0C-4499-A6FD-4FF7C594884A}" = protocol=17 | dir=in | app=d:\diablo 3\diablo iii\diablo iii.exe | 
"{74E6ED46-875A-4D86-85D3-C493DC0AA64B}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{752EA565-B7BD-402C-B0E5-6C48B4F7F275}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the political machine 2012\polmachine2012.exe | 
"{754C197F-A507-4D31-B687-7CB8539D27AC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\alan wake\alanwake.exe | 
"{77D451ED-1610-4625-937B-D1E0C81F5CB6}" = protocol=17 | dir=in | app=d:\resident evil 5\re5dx10.exe | 
"{7A3EA388-2581-426A-B49D-4C9FEB2AEEEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7A514C5F-8D65-4820-A787-7042E3E3BAD7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{7AE59DD1-FA6A-498A-9553-61B5926B97B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7BD4CC07-EF5E-418C-A47A-2239A4465375}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe | 
"{7C552102-9955-4F9D-9F6A-40CD051A36BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7D2D7CF2-6690-4856-A338-B9CE348A5244}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7FB3A6C3-E514-4EAE-AF54-29D9D041A269}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\thief_2\thief2.exe | 
"{80C00119-99A9-4881-9E81-79138C48FF94}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"{8178E302-C9B8-43B4-955C-1B0F255907E8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\impostors.exe | 
"{81EB973D-4EA5-4A9F-B213-8CB4BC515286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{846B8D27-0403-4AC7-A1CE-6278758D7F61}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{856EE23C-D5CB-4CF6-9389-1DBE8789D30B}" = protocol=17 | dir=in | app=d:\resident evil 5\re5dx9.exe | 
"{86DFD388-851C-442D-9107-4552D37A1F2B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\from dust\from_dust.exe | 
"{86FECD19-515B-400D-8154-1A04C6256B5A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\cities in motion\cities in motion.exe | 
"{87632627-E137-4501-B1FC-2DADC29F9BD3}" = protocol=17 | dir=in | app=d:\two worlds\twoworlds_radeon.exe | 
"{87D7D60B-ADE0-4ACE-AE12-19DB24A7BB43}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe | 
"{89C936CD-7FC6-4C19-940B-1EF68E68E812}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B7733BE-DC17-481F-BE76-158793944CDA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\alan wake\alanwake.exe | 
"{8CC3178B-9FDA-49D5-85FC-E1AFDED7ED2A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{8D1EC934-7869-42C7-8201-835A094A2BAE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{8E059A45-7144-4EEF-905D-43D00494509A}" = dir=in | app=c:\itunes\itunes.exe | 
"{8E3DE856-1723-44B7-B527-3621E7A00777}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\victoria 2\victoria2.exe | 
"{8F1EF474-5083-49BD-A128-83E69C056C97}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{9126900F-488F-4F4F-B4B1-806C622F005D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{959F69B5-1F35-4916-B26E-56A10D9DE7E9}" = protocol=17 | dir=in | app=d:\pinnacle\videospin\programs\rm.exe | 
"{988FB616-9F87-41BC-82EB-D0C05C1A106A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{98E91137-6554-48AD-B976-12E6D0FFB055}" = protocol=6 | dir=out | app=system | 
"{9AE1CFAB-59E7-4500-AC70-DAC491185837}" = protocol=6 | dir=in | app=d:\diablo 3\diablo iii\diablo iii.exe | 
"{9C845E0F-B314-4B0F-B5A2-5B4D9B112B5D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{9DEE38F8-50E1-481A-BC13-373B537AEFF8}" = protocol=6 | dir=in | app=d:\two worlds\twoworlds.exe | 
"{9E60A133-86C5-47F8-AAC0-039C1738C971}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\prince of persia.exe | 
"{9EF6A113-796A-4EA9-97B0-EA08DE6FE984}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{9F7D7138-A40B-4927-9184-727A867F7384}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{A0831ECD-BBA7-4FCE-8D11-1422ABC12C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A2EE8AAB-DD23-4503-9EC9-9CA3253B8274}" = protocol=17 | dir=in | app=d:\icq\icq7m\icq.exe | 
"{A4B85B34-029D-4981-8EC4-D421FB17BEED}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe | 
"{A8E03B93-0C5A-4292-8416-DAB39BDD7E44}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A928E70E-19BA-4DB1-959F-FFDC53AA98C7}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gamesettings.exe | 
"{A9EAD30A-8048-4A88-95C4-9D65F04068FF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{AA4CDA7C-8DFE-448A-8C26-D3D5863B61FF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{AA92C90A-9242-401D-B021-D6792DA66A50}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hearts of iron 3\hoi3game.exe | 
"{AB9A8A1E-DBC7-4B7C-B3A4-7216836E3E20}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{B0D58702-0FBC-4CB2-8D1D-242BAF4F67C8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeons\dungeonsstarter.exe | 
"{B16D291E-C4AC-439C-BF6B-46BCB4326926}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe | 
"{B4D23D31-5C55-4121-AC77-3274D2D760C8}" = protocol=6 | dir=in | app=d:\anno 2070\autopatcher.exe | 
"{B5890599-B10D-449B-835D-112D2E2E044E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B6638A1B-3D97-4213-9FB7-87D2666522D6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\impostors.exe | 
"{B6E1D826-F854-49B7-B7C3-0D251918BE4D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B938CE19-0290-4AAC-9ACF-8DDD3C058C83}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | 
"{B9CD2372-D64D-4565-8319-43C55064954A}" = protocol=17 | dir=in | app=d:\icq\icq7m\icq.exe | 
"{BABD614B-5235-494A-A914-52CA0B2DDC79}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\l.a.noire\lanlauncher.exe | 
"{BB057E1D-17A3-48B4-8937-35225DC89CF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BEF229ED-F949-415E-AC7D-2037FC309D2F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\thief_2\thief2.exe | 
"{C0E52C2B-851F-48CA-8E27-0404C3F2E96A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C0F3015E-1864-4787-84FD-62B69A9152FC}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{C1525E13-E6BC-40CA-8B26-8984181C0E9C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{C2EDDA48-55BE-4F83-8950-B3455270EA27}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\rf4_launcher.exe | 
"{C338194A-9308-4956-84FF-53514141415A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hearts of iron 3\hoi3game.exe | 
"{C3A0E6B2-B64C-45BE-9C1E-2CA3D97662A8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{C3CAB425-35E5-4242-86D6-7FA972D062C6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\torchlight\torchlight.exe | 
"{C5D49879-5960-441E-AEF7-4F1C10D0872D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C5D7E97B-23A5-4893-BF94-854E50B09879}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{C785F6BD-FD0D-4C26-9EA5-105759A4DB0F}" = protocol=6 | dir=in | app=d:\pinnacle\videospin\programs\rm.exe | 
"{CA5CD6C8-BD88-4448-8ABE-B8F0376E0061}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CACED957-856B-40C5-BC37-815BF7C9B2F2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{CC63FA32-4459-4E7A-8AC8-825982EF980D}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gu.exe | 
"{CCB97EC8-81BD-4CE2-B984-F5C1B38241DE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{CDEC305F-3331-4E72-85CD-479E3222D8A0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman blood money\configure.exe | 
"{CE194D10-8E8B-400F-A75F-82CC6ADD8A58}" = protocol=6 | dir=in | app=d:\resident evil 5\re5dx9.exe | 
"{CF096E76-0A5D-480C-AD99-06D1B9CD5D01}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{D1770717-C192-49A6-9C32-30C3A717E456}" = protocol=6 | dir=in | app=d:\two worlds\twoworlds_radeon.exe | 
"{D19C0B65-35D9-438F-9436-1E08D5DF47C8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D5AB008C-11F5-4B30-9E09-0539C4CFAC82}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{D6D143EC-62F6-461B-B758-F7E2BDDFF50B}" = protocol=17 | dir=in | app=d:\pinnacle\videospin\programs\videospin.exe | 
"{D794F617-945D-4CF2-AE46-52EF094A60D2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\victoria 2\victoria2.exe | 
"{D8963AED-F6B2-47CC-A6A0-114A1ABD7D05}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe | 
"{DB6C79A8-AEF3-476C-9676-9B94128531F3}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{DB907A39-CEE2-4867-86D3-3040155597DE}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{DC0F6F22-345A-4B1B-9EFB-A018CE5B5838}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{DC8054DE-65BD-4C3D-8A69-B4021AA580CC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{DDCC3543-4FFB-4204-BEEF-2257EC20BB67}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{DE8A9BF4-5329-4EC3-9204-276EBDB14F60}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DEC6A77E-3069-4D44-AE36-656CE98F2F90}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | 
"{DF747036-D7C4-43F6-9882-AE9C5ABDE28A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\config.exe | 
"{E1DF95DA-A0BD-4473-815E-34BE17543B86}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\config.exe | 
"{E1E06B5E-B77E-4747-975D-064BEF071590}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
"{E3866EA7-414A-4690-90DB-C45385E98360}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
"{E3D03C56-980D-46D2-9598-FEAB3EBFA334}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{E3E700EA-D83B-4730-AA84-9976134A2B7D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe | 
"{E4EDFF16-EC0D-4FA4-8D9A-F1D237DC21AB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\engine.exe | 
"{EEBC9A66-2AC1-44FE-A2D2-541421148376}" = protocol=6 | dir=in | app=d:\pinnacle\videospin\programs\umi.exe | 
"{F0052071-863B-46BA-B072-18A8F73F0BA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F031BE4A-79A0-48BE-A9FC-6959EDC04708}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\crazy machines\crazymachines.exe | 
"{F08092E7-D90F-46AF-8DD6-21300F011EE9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{F10CFF4F-9FCE-4C46-ABBD-2B2489CB05DF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeons\dungeonsstarter.exe | 
"{F183DB4E-4D9E-4285-800B-7A253C700048}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\crazy machines\crazymachines.exe | 
"{F2DA9BC0-1666-4C3F-8143-584EB08077A7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\from dust\from_dust.exe | 
"{F314B65E-9767-49C0-ACB7-539A3E892FCE}" = protocol=17 | dir=in | app=d:\anno 2070\initengine.exe | 
"{F36AE389-6B10-4EC6-934F-376896E676F1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | 
"{F4CA3172-5A14-403C-9872-A2B308A1DAD1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F4F71649-2C2F-49AE-9731-A36537D633AA}" = protocol=17 | dir=in | app=d:\pinnacle\videospin\programs\umi.exe | 
"{F6A6C0D8-6CF3-434C-83B1-68A43E5C5CD0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F7097C52-5278-423A-A549-255856590281}" = protocol=6 | dir=in | app=d:\icq\icq7m\icq.exe | 
"{F82DAE5F-23E9-44FA-8B13-36EF43938D23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F89F0A31-A311-46CB-950A-6487F7BD4D64}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{F8EFFE68-7AC5-448A-9C21-88ADE2F0D754}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{F9B6E1A6-498A-4141-AB01-CEDBA5048346}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{FA3ACE92-42D6-4735-A063-620CB003BCD7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{FCC0C9F7-8098-41FE-AF7D-2EC977079F00}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{FEA202CE-6989-430F-8E18-85446F836D00}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\imperium romanum\imperium romanum.exe | 
"{FF74942E-9AEA-4892-81E0-28351EE2AB0B}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{FFC078D8-9FAF-4B7D-A533-4C843ECEBC28}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe | 
"TCP Query User{15F11C01-A3BF-4C43-A707-93F672BEBEF7}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{16CF19D8-C059-4E1B-BE18-F97590595ECE}D:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{1B13663D-A854-46B4-B212-506F20D00C93}D:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{338022F7-6BA1-4477-841F-DE6315750D02}D:\dawn of wa\soulstorm.exe" = protocol=6 | dir=in | app=d:\dawn of wa\soulstorm.exe | 
"TCP Query User{4FD0B6CF-DD5E-4ECF-BA63-5896B01ABC2D}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{6375CEB8-85AA-48AC-BD80-95C3883DB977}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{7FCF50CD-05E6-4DE3-A307-63D93CF008B8}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{8DF3D9BC-B84F-4111-A9CD-7F58B2DD1C53}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{A4E46F89-2A38-48FC-B01C-E6EC6A4764E5}D:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{A77BA938-FB58-43FF-B64F-FEAB9595E05D}D:\fallout 3\fallout3ng.exe" = protocol=6 | dir=in | app=d:\fallout 3\fallout3ng.exe | 
"TCP Query User{AF8787B6-5157-4A94-B57D-1FEC91921AF1}D:\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=d:\downloads\diablo-iii-setup-dede.exe | 
"TCP Query User{BF207AA7-C5B5-4274-BED0-103B957B3B1E}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"TCP Query User{D2B34067-6ECC-4CBA-8240-0797226603CA}D:\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fable 3\fable3.exe | 
"TCP Query User{D38E2CE7-D7E1-4963-A0DE-09174B0D940C}D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"TCP Query User{DCA5BD22-0F0B-43FF-85A8-3AE37FD68D27}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{E574B8CF-6611-4F24-9461-6848F115E762}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{FA94D70F-C45E-4988-8205-56A466AC9977}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{25F9137B-87E9-4B0F-AECB-E770DEE00555}D:\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fable 3\fable3.exe | 
"UDP Query User{2C690DDC-3C12-43BA-AA7B-7C279662835B}D:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{31A2DC65-7AE2-4F83-B30A-29C45864AC7F}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{3F468FFF-5F77-4074-BD17-6E120AA841A9}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"UDP Query User{61492429-1879-4329-99AD-2264F6947E2D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{6ECDFC15-AB77-4CA7-9C5A-5F5E1A658EB2}D:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{77DACE47-2F73-4E45-9A97-53BC9D9B8C1F}D:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{8008B67E-3976-4E5F-AC46-9C057C88165E}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{8401A586-1E21-4FE9-95E8-7A9800086BDB}D:\dawn of wa\soulstorm.exe" = protocol=17 | dir=in | app=d:\dawn of wa\soulstorm.exe | 
"UDP Query User{9E405F8C-AB35-4288-93A5-722A2A5D2CA1}D:\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=d:\downloads\diablo-iii-setup-dede.exe | 
"UDP Query User{AD5D6CA6-3755-4148-A69A-738FB72CF853}D:\fallout 3\fallout3ng.exe" = protocol=17 | dir=in | app=d:\fallout 3\fallout3ng.exe | 
"UDP Query User{CB365FE0-44B8-4DC3-B1BF-4F6F32F9E82E}D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"UDP Query User{E00A21EC-2355-482C-9417-ACD2B63BED44}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{EE0D233D-8022-4C2E-BB8D-B2A359E7BDFD}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{EEEF2CB4-46EB-4D44-8A34-11994BCCF84D}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{F7459F8E-7D86-48E9-A4AE-60E87B89064B}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{F85DFF7E-4F96-41ED-A1D3-BBEE1F58258E}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4f94b43a-8a00-4ac4-bb94-269cf24aef97}.sdb" = Dungeon Keeper 2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1" = FTL version 1.01
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.21f
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{82D040D1-F95B-4C96-AF5C-B6A1E138EC6E}" = ¹–ë‚̉S
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}" = Snagit 10.0.2
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.50 (February 21st, 2012) Version v2012.buil
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE5C9428-3DA7-4A0C-B5E0-16031B5DC030}_is1" = The Guild 2 - Renaissance
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}" = Prince of Persia The Forgotten Sands™
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{THEGUILDREN-0010-2010-300520102330}_is1" = Patch v4.15
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.1.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diablo III" = Diablo III
"Dungeon Keeper 2_is1" = Dungeon Keeper 2
"Earth 2160" = Earth 2160
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.05.00.00
"ImgBurn" = ImgBurn
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"o.tel.o" = o.tel.o
"o2DE" = Mobile Connection Manager
"OpenAL" = OpenAL
"Origin" = Origin
"Pharaoh Gold Bundle_is1" = Pharaoh Gold Bundle
"PunkBusterSvc" = PunkBuster Services
"Recettear: An Item Shop's Tale_is1" = Recettear: An Item Shop's Tale
"Rockstar Games Social Club" = Rockstar Games Social Club
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 105400" = Fable III
"Steam App 105600" = Terraria
"Steam App 108710" = Alan Wake
"Steam App 110800" = L.A. Noire
"Steam App 1840" = Source Filmmaker
"Steam App 18420" = Crazy Machines
"Steam App 200550" = DUNGEONS - The Dark Lord (Steam Special Edition)
"Steam App 204300" = Awesomenauts
"Steam App 21100" = F.E.A.R. 3
"Steam App 211120" = The Political Machine 2012
"Steam App 21170" = Gotham City Impostors
"Steam App 211740" = Thief 2
"Steam App 23400" = Imperium Romanum: Gold Edition
"Steam App 25890" = Hearts of Iron III
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33220" = Tom Clancy's Splinter Cell: Conviction
"Steam App 33460" = From Dust
"Steam App 41510" = Torchlight Demo
"Steam App 42910" = Magicka
"Steam App 42960" = Victoria II
"Steam App 47890" = The Sims(TM) 3
"Steam App 49400" = Magic: The Gathering - Duels of the Planeswalkers
"Steam App 55110" = Red Faction: Armageddon
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 55230" = Saints Row: The Third
"Steam App 57400" = Batman: Arkham City™
"Steam App 57620" = Patrician IV: Steam Special Edition
"Steam App 57650" = DUNGEONS - Steam Special Edition
"Steam App 57690" = Tropico 4
"Steam App 6850" = Hitman 2: Silent Assassin
"Steam App 6860" = Hitman: Blood Money
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 73010" = Cities in Motion
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91310" = Dead Island
"Thief - Deadly Shadows_is1" = Thief - Deadly Shadows
"TippKönigin Demo_is1" = TippKönigin Demo 5.5
"Two Worlds" = Two Worlds
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Zeus and Poseidon_is1" = Zeus and Poseidon
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.10.2012 11:30:14 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 06.10.2012 12:39:38 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 07.10.2012 06:51:20 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 07.10.2012 07:18:02 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 08.10.2012 03:27:23 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.10.2012 05:23:31 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.10.2012 15:31:07 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.10.2012 16:07:54 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.10.2012 10:35:24 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.10.2012 11:57:42 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ OSession Events ]
Error - 12.03.2012 19:01:47 | Computer Name = PC-Wolfi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2604
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.06.2012 08:45:52 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 18.06.2012 08:45:52 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 19.06.2012 10:11:07 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 19.06.2012 10:11:07 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 20.06.2012 07:42:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 20.06.2012 07:42:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 21.06.2012 09:58:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 21.06.2012 09:58:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 21.06.2012 11:24:53 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 21.06.2012 11:24:53 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >
         

Alt 12.10.2012, 06:47   #8
kira
/// Helfer-Team
 
svchost.exe - Standard

svchost.exe



► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 12.10.2012, 12:31   #9
Wolfizero
 
svchost.exe - Standard

svchost.exe



Zitat:
Zitat von kira Beitrag anzeigen
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
Ich wollte erstmal ein wenig laufen lassen und ausprobieren, mal nen Tag warten und schauen, ob was passiert. Scheint aber alles stabil und ohne Probleme zu laufen. Dankeschön

Alt 12.10.2012, 14:49   #10
kira
/// Helfer-Team
 
svchost.exe - Standard

svchost.exe



** Lass dein System in der nächste Zeit noch unter Beobachtung!
wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes:

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
         
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes: also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!
-> Installiere jedes Update das Dir angeboten wird, wiederhole den Vorgang so oft, bis nicht mehr gibt

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!
Zitat:
Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
    - Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    so wird oft Art von Adware/Spyware mitinstalliert!
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
    - Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu svchost.exe
.dll, adobe, antivir, autorun, avg, avira, bho, bonjour, error, explorer, firefox, flash player, format, hal.dll, home, launch, logfile, mozilla, nvidia update, plug-in, prozess, realtek, registry, scan, senden, software, svchost.exe, temp, updates



Ähnliche Themen: svchost.exe


  1. svchost.exe ( Svchost Prozess Analyser)
    Log-Analyse und Auswertung - 23.09.2011 (7)
  2. 10x svchost.exe
    Log-Analyse und Auswertung - 13.04.2011 (1)
  3. svchost Virus ! C:\Benutzer\Windows\Install\svchost.exe - WORM/Rebhip.A.318
    Plagegeister aller Art und deren Bekämpfung - 20.01.2011 (1)
  4. svchost.bat? Was ist das?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2011 (43)
  5. svchost.exe
    Log-Analyse und Auswertung - 07.12.2010 (1)
  6. svchost.exe 100%
    Plagegeister aller Art und deren Bekämpfung - 15.09.2010 (13)
  7. Svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (2)
  8. TR/Crypt.ZPACK.Gen in C:\Temp\bcot.tmp\svchost.exe , C:\Temp\qmub.tmp\svchost.exe usw
    Plagegeister aller Art und deren Bekämpfung - 12.04.2010 (1)
  9. Svchost.exe
    Log-Analyse und Auswertung - 25.02.2009 (3)
  10. Svchost.exe ca 20 mal
    Alles rund um Windows - 05.01.2008 (2)
  11. svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 26.12.2007 (3)
  12. svchost
    Log-Analyse und Auswertung - 14.12.2007 (8)
  13. svchost.exe
    Mülltonne - 21.10.2007 (1)
  14. Svchost.exe
    Log-Analyse und Auswertung - 25.09.2007 (11)
  15. svchost.exe??
    Plagegeister aller Art und deren Bekämpfung - 22.12.2005 (3)
  16. 5 svchost.exe!?
    Log-Analyse und Auswertung - 03.04.2005 (5)
  17. svchost.exe
    Log-Analyse und Auswertung - 27.02.2005 (1)

Zum Thema svchost.exe - Hey, seit ein paar Tagen bekomme ich vom Malewarebytes Anti-Malware Echtzeitscanner die Meldung, dass irgendein bösartiger Prozess von Svchost.exe ausgeht und gestoppt wurde. System-Scan schlägt nichts an, aber die Meldung - svchost.exe...
Archiv
Du betrachtest: svchost.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.