Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 31.12.2012, 15:40   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


Es gibt nicht immer was zum updaten und die Wiederherstellungskonsole unter Win7 schon garnicht, nur für XP!

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.12.2012, 15:50   #17
Dr. Acula
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


Ok hier ist das Ergebnis des adw Cleaner Scans
Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 31/12/2012 um 15:46:11 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\searchplugins\Conduit.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\***\AppData\Local\APN
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\Conduit
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\ConduitEngine
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Users\***\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.17153

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\prefs.js

Gefunden : user_pref("CT2857573..clientLogIsEnabled", false);
Gefunden : user_pref("CT2857573..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2857573..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2857573.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2857573.CT2857573", "CT2857573");
Gefunden : user_pref("CT2857573.CurrentServerDate", "16-1-2011");
Gefunden : user_pref("CT2857573.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2857573.DialogsGetterLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gefunden : user_pref("CT2857573.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Gefunden : user_pref("CT2857573.EnableClickToSearchBox", false);
Gefunden : user_pref("CT2857573.EnableSearchHistory", false);
Gefunden : user_pref("CT2857573.EnableSearchSuggest", false);
Gefunden : user_pref("CT2857573.ExternalComponentPollDate129356796739506287", "Sat Jan 15 2011 22:37:16 GMT+010[...]
Gefunden : user_pref("CT2857573.FirstServerDate", "16-1-2011");
Gefunden : user_pref("CT2857573.FirstTime", true);
Gefunden : user_pref("CT2857573.FirstTimeFF3", true);
Gefunden : user_pref("CT2857573.FixPageNotFoundErrors", false);
Gefunden : user_pref("CT2857573.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2857573.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2857573.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2857573.Initialize", true);
Gefunden : user_pref("CT2857573.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2857573.InstallationAndCookieDataSentCount", 1);
Gefunden : user_pref("CT2857573.InstalledDate", "Sat Jan 15 2011 22:39:51 GMT+0100");
Gefunden : user_pref("CT2857573.IsGrouping", false);
Gefunden : user_pref("CT2857573.IsMulticommunity", false);
Gefunden : user_pref("CT2857573.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2857573.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2857573.LanguagePackLastCheckTime", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gefunden : user_pref("CT2857573.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2857573.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2857573.LastLogin_3.3.0.19", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gefunden : user_pref("CT2857573.LatestVersion", "3.2.5.2");
Gefunden : user_pref("CT2857573.Locale", "en");
Gefunden : user_pref("CT2857573.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2857573.MCDetectTooltipShow", false);
Gefunden : user_pref("CT2857573.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2857573.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2857573.SavedHomepage", "resource:/browserconfig.properties");
Gefunden : user_pref("CT2857573.SearchBackToDefaultEngine", false);
Gefunden : user_pref("CT2857573.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2857573.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gefunden : user_pref("CT2857573.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2857573.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2857573.SearchInNewTabLastCheckTime", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gefunden : user_pref("CT2857573.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2857573.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2857573.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2857573.ServiceMapLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gefunden : user_pref("CT2857573.SettingsLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gefunden : user_pref("CT2857573.SettingsLastUpdate", "1294239661");
Gefunden : user_pref("CT2857573.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2857573.ThirdPartyComponentsLastCheck", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gefunden : user_pref("CT2857573.ThirdPartyComponentsLastUpdate", "1246790578");
Gefunden : user_pref("CT2857573.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2857573.UserID", "UN84613611397924847");
Gefunden : user_pref("CT2857573.WeatherNetwork", "");
Gefunden : user_pref("CT2857573.WeatherPollDate", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gefunden : user_pref("CT2857573.WeatherUnit", "C");
Gefunden : user_pref("CT2857573.alertChannelId", "1249595");
Gefunden : user_pref("CT2857573.approveUntrustedApps", true);
Gefunden : user_pref("CT2857573.components.1000234", false);
Gefunden : user_pref("CT2857573.globalFirstTimeInfoLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gefunden : user_pref("CT2857573.isAppTrackingManagerOn", false);
Gefunden : user_pref("CT2857573.myStuffEnabled", true);
Gefunden : user_pref("CT2857573.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2857573.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2857573.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2857573.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2857573.testingCtid", "");
Gefunden : user_pref("CT2857573.toolbarAppMetaDataLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gefunden : user_pref("CT2857573.toolbarContextMenuLastCheckTime", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gefunden : user_pref("CT2857573.usageEnabled", false);
Gefunden : user_pref("CT2857573.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249595/1245268/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249595/1245268/NL", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/NL", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2857573", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2857573",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2857573/CT2857573[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Gefunden : user_pref("CommunityToolbar.EngineOwner", "CT2857573");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "{b80f591e-fe9a-46cf-a13e-180377240586}");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.13");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", true);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857573");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{b80f591e-fe9a-46cf-a13e-180377240586}");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.13");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2857573,ConduitEngine");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2857573");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 23 2011 22:44:31 GMT+02[...]
Gefunden : user_pref("CommunityToolbar.alert.alertEnabled", true);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 19:57:35 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 19:57:10 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "72d8e15b-8871-4a30-a7ac-b054c36ded50");
Gefunden : user_pref("CommunityToolbar.globalUserId", "bf707c0a-45ee-4382-bed1-ba523243edfb");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2857573");
Gefunden : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 22 2011 17:51:52 GMT+0200");
Gefunden : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jun 26 2011 10:38:35 GMT+0200");
Gefunden : user_pref("ConduitEngine.FirstServerDate", "04/23/2011 23");
Gefunden : user_pref("ConduitEngine.FirstTime", true);
Gefunden : user_pref("ConduitEngine.FirstTimeFF3", true);
Gefunden : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gefunden : user_pref("ConduitEngine.Initialize", true);
Gefunden : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gefunden : user_pref("ConduitEngine.InstalledDate", "Sat Apr 23 2011 22:45:07 GMT+0200");
Gefunden : user_pref("ConduitEngine.IsMulticommunity", false);
Gefunden : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gefunden : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gefunden : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jun 28 2011 19:57:13 GMT+0200");
Gefunden : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 28 2011 22:08:36 GMT+0200");
Gefunden : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 28 2011 22:08:36 GMT+0200");
Gefunden : user_pref("ConduitEngine.UserID", "UN17702119484098755");
Gefunden : user_pref("ConduitEngine.engineLocale", "de");
Gefunden : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 28 2011 19:57:13 GMT+0200");
Gefunden : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 28 2011 20:08:36 GMT+0200");
Gefunden : user_pref("ConduitEngine.initDone", true);
Gefunden : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gefunden : user_pref("ConduitEngine.usagesFlag", 1);
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.defaultthis.engineName", "Elf 1.13 Customized Web Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&Sea[...]
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cx7ep7dy.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.42] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gefunden [l.45] : keyword = "ask.com",
Gefunden [l.48] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=66B73BE4-3A8F-4023-857F-21BFBE8E1DEC&apn_ptnrs=U3&apn_sauid=4C454B66-CE86-474C-81A2-F866ECCF8141&apn_dtid=OSJ000YYDE&q={searchTerms}",
Gefunden [l.49] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"

*************************

AdwCleaner[R1].txt - [18044 octets] - [31/12/2012 15:46:11]

########## EOF - C:\AdwCleaner[R1].txt - [18105 octets] ##########

Vielen Dank, dass sie sich die Zeit nehmen mir bei meinem Problem zu helfen.
__________________
Alt 31.12.2012, 15:52   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
__________________
Alt 31.12.2012, 16:11   #19
Dr. Acula
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


der adw cleaner Log:

Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 31/12/2012 um 15:57:32 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Milan Libischer - MILAN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Henry\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\Local\APN
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\ConduitEngine
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.17153

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\prefs.js

Gelöscht : user_pref("CT2857573..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2857573..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2857573..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2857573.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2857573.CT2857573", "CT2857573");
Gelöscht : user_pref("CT2857573.CurrentServerDate", "16-1-2011");
Gelöscht : user_pref("CT2857573.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2857573.DialogsGetterLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gelöscht : user_pref("CT2857573.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Gelöscht : user_pref("CT2857573.EnableClickToSearchBox", false);
Gelöscht : user_pref("CT2857573.EnableSearchHistory", false);
Gelöscht : user_pref("CT2857573.EnableSearchSuggest", false);
Gelöscht : user_pref("CT2857573.ExternalComponentPollDate129356796739506287", "Sat Jan 15 2011 22:37:16 GMT+010[...]
Gelöscht : user_pref("CT2857573.FirstServerDate", "16-1-2011");
Gelöscht : user_pref("CT2857573.FirstTime", true);
Gelöscht : user_pref("CT2857573.FirstTimeFF3", true);
Gelöscht : user_pref("CT2857573.FixPageNotFoundErrors", false);
Gelöscht : user_pref("CT2857573.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2857573.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2857573.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2857573.Initialize", true);
Gelöscht : user_pref("CT2857573.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2857573.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2857573.InstalledDate", "Sat Jan 15 2011 22:39:51 GMT+0100");
Gelöscht : user_pref("CT2857573.IsGrouping", false);
Gelöscht : user_pref("CT2857573.IsMulticommunity", false);
Gelöscht : user_pref("CT2857573.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2857573.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2857573.LanguagePackLastCheckTime", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gelöscht : user_pref("CT2857573.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2857573.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2857573.LastLogin_3.3.0.19", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gelöscht : user_pref("CT2857573.LatestVersion", "3.2.5.2");
Gelöscht : user_pref("CT2857573.Locale", "en");
Gelöscht : user_pref("CT2857573.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2857573.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT2857573.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2857573.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2857573.SavedHomepage", "resource:/browserconfig.properties");
Gelöscht : user_pref("CT2857573.SearchBackToDefaultEngine", false);
Gelöscht : user_pref("CT2857573.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2857573.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gelöscht : user_pref("CT2857573.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2857573.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2857573.SearchInNewTabLastCheckTime", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gelöscht : user_pref("CT2857573.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2857573.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2857573.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2857573.ServiceMapLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gelöscht : user_pref("CT2857573.SettingsLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gelöscht : user_pref("CT2857573.SettingsLastUpdate", "1294239661");
Gelöscht : user_pref("CT2857573.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2857573.ThirdPartyComponentsLastCheck", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gelöscht : user_pref("CT2857573.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2857573.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2857573.UserID", "UN84613611397924847");
Gelöscht : user_pref("CT2857573.WeatherNetwork", "");
Gelöscht : user_pref("CT2857573.WeatherPollDate", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gelöscht : user_pref("CT2857573.WeatherUnit", "C");
Gelöscht : user_pref("CT2857573.alertChannelId", "1249595");
Gelöscht : user_pref("CT2857573.approveUntrustedApps", true);
Gelöscht : user_pref("CT2857573.components.1000234", false);
Gelöscht : user_pref("CT2857573.globalFirstTimeInfoLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gelöscht : user_pref("CT2857573.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2857573.myStuffEnabled", true);
Gelöscht : user_pref("CT2857573.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2857573.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2857573.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2857573.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2857573.testingCtid", "");
Gelöscht : user_pref("CT2857573.toolbarAppMetaDataLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gelöscht : user_pref("CT2857573.toolbarContextMenuLastCheckTime", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gelöscht : user_pref("CT2857573.usageEnabled", false);
Gelöscht : user_pref("CT2857573.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249595/1245268/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249595/1245268/NL", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/NL", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2857573", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2857573",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2857573/CT2857573[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "CT2857573");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{b80f591e-fe9a-46cf-a13e-180377240586}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.13");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857573");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{b80f591e-fe9a-46cf-a13e-180377240586}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.13");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2857573,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2857573");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 23 2011 22:44:31 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertEnabled", true);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 19:57:35 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 19:57:10 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "72d8e15b-8871-4a30-a7ac-b054c36ded50");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "bf707c0a-45ee-4382-bed1-ba523243edfb");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2857573");
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 22 2011 17:51:52 GMT+0200");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jun 26 2011 10:38:35 GMT+0200");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "04/23/2011 23");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Sat Apr 23 2011 22:45:07 GMT+0200");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jun 28 2011 19:57:13 GMT+0200");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 28 2011 22:08:36 GMT+0200");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 28 2011 22:08:36 GMT+0200");
Gelöscht : user_pref("ConduitEngine.UserID", "UN17702119484098755");
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 28 2011 19:57:13 GMT+0200");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 28 2011 20:08:36 GMT+0200");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("ConduitEngine.usagesFlag", 1);
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Elf 1.13 Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cx7ep7dy.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.42] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.45] : keyword = "ask.com",
Gelöscht [l.48] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=66[...]
Gelöscht [l.49] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]

*************************

AdwCleaner[R1].txt - [18167 octets] - [31/12/2012 15:46:11]
AdwCleaner[S1].txt - [17983 octets] - [31/12/2012 15:57:32]

########## EOF - C:\AdwCleaner[S1].txt - [18044 octets] ##########
OTL.Txt Editor

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.12.2012 16:14:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 61,00% Memory free
7,35 Gb Paging File | 5,62 Gb Available in Paging File | 76,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,66 Gb Total Space | 16,14 Gb Free Space | 3,57% Space Free | Partition Type: NTFS
Drive D: | 6,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\***\Downloads\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Users\***\Downloads\hamachi-2.exe (LogMeIn Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (wlidsvc) -- c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (tandpl) -- C:\Windows\SysWOW64\drivers\tandpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\..\SearchScopes\{004D5A8F-B490-4D03-86EB-03F0DC281155}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=66B73BE4-3A8F-4023-857F-21BFBE8E1DEC&apn_sauid=4C454B66-CE86-474C-81A2-F866ECCF8141
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {b80f591e-fe9a-46cf-a13e-180377240586}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.06.22 18:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 15:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 15:38:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 15:38:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 15:38:38 | 000,000,000 | ---D | M]
 
[2011.01.06 11:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.12.31 15:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0pv78wgo.default\extensions
[2012.09.16 23:16:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0pv78wgo.default\extensions\ich@maltegoetz.de
[2012.11.14 18:33:13 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0pv78wgo.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.06.06 23:21:57 | 000,401,328 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0pv78wgo.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
[2012.12.11 20:17:20 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0pv78wgo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.05 15:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.05 15:38:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.05 15:38:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.05 15:38:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.18 16:06:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 11:36:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 16:06:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 16:06:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 16:06:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 16:06:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.12.31 15:16:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Users\***\Downloads\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001..\Run: [GoogleChromeAutoLaunch_BD9CE8D9AF03ACAD7E09EEFF0A24603C] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Milan Libischer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Milan Libischer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0949795D-1EC0-46D9-B261-471A5E971D89}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D71057B-DD2C-4205-8B27-D7D2BFFC34A0}: NameServer = 212.23.97.2 212.23.97.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34CB7274-4F0C-45A7-8161-AA3E60EB34A9}: NameServer = 212.23.115.148 212.23.97.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D16F0FEC-D0CB-455A-9A49-4A10B4725A60}: NameServer = 212.23.115.148 212.23.97.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E77964F0-289D-4C1C-A250-5D0B67FAD4F3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB7E679A-68AF-4B4D-A068-E43F3587A635}: NameServer = 212.23.115.148 212.23.97.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.31 16:11:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Milan Libischer\Desktop\OTL.exe
[2012.12.31 16:04:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.31 14:55:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.31 14:55:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.31 14:55:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.31 14:55:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.31 14:55:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.31 14:49:16 | 005,016,388 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.12.31 14:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.12.31 01:06:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.12.31 01:03:39 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Milan Libischer\Desktop\tdsskiller.exe
[2012.12.31 00:06:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Milan Libischer\Desktop\aswMBR.exe
[2012.12.30 23:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.30 23:37:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2012.12.29 18:52:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Giana Sisters - Twisted Dreams
[2012.12.22 03:01:11 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.22 03:01:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.22 03:01:08 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.22 03:01:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.13 20:41:27 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 20:41:27 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.13 20:40:53 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 20:40:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 20:40:51 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.12.13 20:40:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 20:40:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.12.13 20:40:50 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 20:40:50 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.13 20:40:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.12.13 20:40:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.12.13 20:40:47 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 20:40:47 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 20:40:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.12.13 20:40:46 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.12.13 20:40:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.12.13 20:40:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.12.13 20:40:22 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.13 20:40:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.13 20:40:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.13 20:40:21 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.13 20:40:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.13 20:40:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.13 20:40:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.13 20:40:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.13 20:40:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.13 20:40:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.13 20:40:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.13 20:40:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 20:40:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 20:40:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 20:40:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.13 20:40:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 20:40:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 20:40:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 20:40:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 20:40:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 20:40:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 20:40:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 20:40:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.08 02:00:32 | 000,000,000 | ---D | C] -- C:\Users\Milan Libischer\Documents\SavedGames
[2012.12.05 15:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.31 16:12:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.31 16:12:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.31 16:11:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.31 16:09:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.31 16:08:03 | 000,000,196 | ---- | M] () -- C:\Windows\wininit.ini
[2012.12.31 16:08:02 | 000,001,060 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.31 16:07:45 | 000,001,048 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2012.12.31 16:04:12 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.31 16:02:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.31 16:02:18 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.31 15:45:40 | 000,551,997 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.12.31 15:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.31 15:16:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.31 14:49:30 | 005,016,388 | R--- | M] (Swearware) -- C:\Users\Milan Libischer\Desktop\ComboFix.exe
[2012.12.31 01:03:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2012.12.31 01:00:25 | 000,000,512 | ---- | M] () -- C:\Users\***\Documents\MBR.dat
[2012.12.31 00:07:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.12.30 15:32:46 | 000,013,851 | ---- | M] () -- C:\Users\***\Documents\Trojaner.rtf
[2012.12.23 13:52:03 | 000,000,290 | ---- | M] () -- C:\Users\***\Documents\steam 2.rtf
[2012.12.22 15:02:45 | 000,291,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 17:52:02 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:40:45 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.11 20:54:08 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 20:54:08 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.09 19:36:29 | 000,000,217 | ---- | M] () -- C:\Users\Milan Libischer\Documents\saints row key.rtf
[2012.12.06 21:37:18 | 001,645,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.06 21:37:18 | 000,708,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.06 21:37:18 | 000,662,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.06 21:37:18 | 000,153,816 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.06 21:37:18 | 000,126,004 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.31 16:07:55 | 000,000,196 | ---- | C] () -- C:\Windows\wininit.ini
[2012.12.31 15:45:39 | 000,551,997 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.12.31 14:55:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.31 14:55:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.31 14:55:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.31 14:55:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.31 14:55:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.31 01:00:24 | 000,000,512 | ---- | C] () -- C:\Users\***\Documents\MBR.dat
[2012.12.30 15:32:46 | 000,013,851 | ---- | C] () -- C:\Users\***\Documents\Trojaner.rtf
[2012.12.23 13:52:03 | 000,000,290 | ---- | C] () -- C:\Users\***\Documents\steam 2.rtf
[2012.12.09 19:36:29 | 000,000,217 | ---- | C] () -- C:\Users\***\Documents\saints row key.rtf
[2012.11.06 20:36:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.28 22:24:59 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.08.28 22:24:59 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012.08.28 18:55:40 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2012.08.28 18:55:40 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2012.06.29 21:13:51 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.12 21:59:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.10.11 18:13:08 | 000,000,103 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2011.10.11 18:08:50 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.07.19 18:02:52 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.19 18:02:51 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.07.19 18:02:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.16 14:02:44 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.06.07 12:29:19 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2011.01.12 20:32:03 | 001,623,860 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.06 11:18:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.01.05 22:31:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.05 22:27:35 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---

Alt 31.12.2012, 16:38   #20
Dr. Acula
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


OTL.Txt Editor

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.12.2012 16:14:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 61,00% Memory free
7,35 Gb Paging File | 5,62 Gb Available in Paging File | 76,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,66 Gb Total Space | 16,14 Gb Free Space | 3,57% Space Free | Partition Type: NTFS
Drive D: | 6,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\***\Downloads\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Users\***\Downloads\hamachi-2.exe (LogMeIn Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (wlidsvc) -- c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (tandpl) -- C:\Windows\SysWOW64\drivers\tandpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\..\SearchScopes\{004D5A8F-B490-4D03-86EB-03F0DC281155}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=66B73BE4-3A8F-4023-857F-21BFBE8E1DEC&apn_sauid=4C454B66-CE86-474C-81A2-F866ECCF8141
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {b80f591e-fe9a-46cf-a13e-180377240586}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.06.22 18:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 15:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 15:38:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 15:38:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 15:38:38 | 000,000,000 | ---D | M]
 
[2011.01.06 11:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.12.31 15:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0pv78wgo.default\extensions
[2012.09.16 23:16:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0pv78wgo.default\extensions\ich@maltegoetz.de
[2012.11.14 18:33:13 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0pv78wgo.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.06.06 23:21:57 | 000,401,328 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0pv78wgo.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
[2012.12.11 20:17:20 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0pv78wgo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.05 15:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.05 15:38:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.05 15:38:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.05 15:38:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.18 16:06:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 11:36:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 16:06:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 16:06:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 16:06:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 16:06:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.12.31 15:16:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Users\***\Downloads\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001..\Run: [GoogleChromeAutoLaunch_BD9CE8D9AF03ACAD7E09EEFF0A24603C] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Milan Libischer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Milan Libischer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0949795D-1EC0-46D9-B261-471A5E971D89}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D71057B-DD2C-4205-8B27-D7D2BFFC34A0}: NameServer = 212.23.97.2 212.23.97.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34CB7274-4F0C-45A7-8161-AA3E60EB34A9}: NameServer = 212.23.115.148 212.23.97.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D16F0FEC-D0CB-455A-9A49-4A10B4725A60}: NameServer = 212.23.115.148 212.23.97.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E77964F0-289D-4C1C-A250-5D0B67FAD4F3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB7E679A-68AF-4B4D-A068-E43F3587A635}: NameServer = 212.23.115.148 212.23.97.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.31 16:11:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Milan Libischer\Desktop\OTL.exe
[2012.12.31 16:04:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.31 14:55:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.31 14:55:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.31 14:55:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.31 14:55:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.31 14:55:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.31 14:49:16 | 005,016,388 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.12.31 14:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.12.31 01:06:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.12.31 01:03:39 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Milan Libischer\Desktop\tdsskiller.exe
[2012.12.31 00:06:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Milan Libischer\Desktop\aswMBR.exe
[2012.12.30 23:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.30 23:37:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2012.12.29 18:52:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Giana Sisters - Twisted Dreams
[2012.12.22 03:01:11 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.22 03:01:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.22 03:01:08 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.22 03:01:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.13 20:41:27 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 20:41:27 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.13 20:40:53 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 20:40:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 20:40:51 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.12.13 20:40:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 20:40:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.12.13 20:40:50 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 20:40:50 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.13 20:40:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.12.13 20:40:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.12.13 20:40:47 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 20:40:47 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 20:40:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.12.13 20:40:46 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.12.13 20:40:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.12.13 20:40:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.12.13 20:40:22 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.13 20:40:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.13 20:40:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.13 20:40:21 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.13 20:40:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.13 20:40:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.13 20:40:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.13 20:40:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.13 20:40:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.13 20:40:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.13 20:40:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.13 20:40:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 20:40:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 20:40:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 20:40:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.13 20:40:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 20:40:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 20:40:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 20:40:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 20:40:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 20:40:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 20:40:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 20:40:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.08 02:00:32 | 000,000,000 | ---D | C] -- C:\Users\Milan Libischer\Documents\SavedGames
[2012.12.05 15:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.31 16:12:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.31 16:12:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.31 16:11:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.31 16:09:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.31 16:08:03 | 000,000,196 | ---- | M] () -- C:\Windows\wininit.ini
[2012.12.31 16:08:02 | 000,001,060 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.31 16:07:45 | 000,001,048 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2012.12.31 16:04:12 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.31 16:02:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.31 16:02:18 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.31 15:45:40 | 000,551,997 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.12.31 15:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.31 15:16:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.31 14:49:30 | 005,016,388 | R--- | M] (Swearware) -- C:\Users\Milan Libischer\Desktop\ComboFix.exe
[2012.12.31 01:03:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2012.12.31 01:00:25 | 000,000,512 | ---- | M] () -- C:\Users\***\Documents\MBR.dat
[2012.12.31 00:07:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.12.30 15:32:46 | 000,013,851 | ---- | M] () -- C:\Users\***\Documents\Trojaner.rtf
[2012.12.23 13:52:03 | 000,000,290 | ---- | M] () -- C:\Users\***\Documents\steam 2.rtf
[2012.12.22 15:02:45 | 000,291,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 17:52:02 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:40:45 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.11 20:54:08 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 20:54:08 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.09 19:36:29 | 000,000,217 | ---- | M] () -- C:\Users\Milan Libischer\Documents\saints row key.rtf
[2012.12.06 21:37:18 | 001,645,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.06 21:37:18 | 000,708,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.06 21:37:18 | 000,662,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.06 21:37:18 | 000,153,816 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.06 21:37:18 | 000,126,004 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.31 16:07:55 | 000,000,196 | ---- | C] () -- C:\Windows\wininit.ini
[2012.12.31 15:45:39 | 000,551,997 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.12.31 14:55:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.31 14:55:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.31 14:55:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.31 14:55:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.31 14:55:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.31 01:00:24 | 000,000,512 | ---- | C] () -- C:\Users\***\Documents\MBR.dat
[2012.12.30 15:32:46 | 000,013,851 | ---- | C] () -- C:\Users\***\Documents\Trojaner.rtf
[2012.12.23 13:52:03 | 000,000,290 | ---- | C] () -- C:\Users\***\Documents\steam 2.rtf
[2012.12.09 19:36:29 | 000,000,217 | ---- | C] () -- C:\Users\***\Documents\saints row key.rtf
[2012.11.06 20:36:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.28 22:24:59 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.08.28 22:24:59 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012.08.28 18:55:40 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2012.08.28 18:55:40 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2012.06.29 21:13:51 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.12 21:59:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.10.11 18:13:08 | 000,000,103 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2011.10.11 18:08:50 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.07.19 18:02:52 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.19 18:02:51 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.07.19 18:02:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.16 14:02:44 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.06.07 12:29:19 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2011.01.12 20:32:03 | 001,623,860 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.06 11:18:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.01.05 22:31:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.05 22:27:35 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---

[/CODE]


Alt 31.12.2012, 16:41   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\..\SearchScopes\{004D5A8F-B490-4D03-86EB-03F0DC281155}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=66B73BE4-3A8F-4023-857F-21BFBE8E1DEC&apn_sauid=4C454B66-CE86-474C-81A2-F866ECCF8141
:Files
C:\Users\***\Documents\MBR.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
--> EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne

Alt 31.12.2012, 16:48   #22
Dr. Acula
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


ODL Extras:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.12.2012 16:14:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 61,00% Memory free
7,35 Gb Paging File | 5,62 Gb Available in Paging File | 76,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,66 Gb Total Space | 16,14 Gb Free Space | 3,57% Space Free | Partition Type: NTFS
Drive D: | 6,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MILAN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00219C77-CDFF-4958-AB65-07D4D6B8D4D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0612B72D-D15E-43B9-98AC-AB9A61EB2478}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2706B315-5FC2-46F6-9E57-3F237C4A4FAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{29847072-5AC2-4C3A-99B8-14AD57739C76}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{37D4057E-423D-485A-8942-4A2B28453B64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{3C9C60E8-5399-47DA-B9E0-D5892D4B6415}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4A3F5E21-7218-43FC-91AC-C7CBC647CDEA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4E2AC35E-6F65-414F-B499-8755242E4198}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4ECA6461-F6ED-48ED-8486-66E16DB5396B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{51CDE418-6119-4C9A-8F7D-83B3E8E534C4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{60E6DA7B-C1F0-418E-88AA-E317E1591D3B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{610F5019-73B1-4C14-9E32-F76D62D5003C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{72B8AE2D-E5E1-4DC0-BA4E-2CAA5BF6EDDD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7827CBEF-DA45-422C-9752-D5CAAD2ABD8C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7DF45EE0-7C07-4BAE-B8D2-F7FAA45274AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{84E4F62C-E24A-4569-B9A5-6D1E5AF116B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{85742EFA-0031-44BD-950E-71299F6067B6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8645DF43-251C-4CCC-A6DB-D116E20094EE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{88F28F36-AB03-4503-8E5D-371103F4C72E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8B030657-AAE2-4D00-B974-DA0ABE026341}" = rport=139 | protocol=6 | dir=out | app=system | 
"{91CE65C8-DAEC-4E83-8373-54C9BC140EFF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{98705D5F-84E3-4589-BD83-D626499F0ED1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9A67FD48-C280-460C-8794-429769FB67AB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9C5FFE0F-B8A0-444A-8F63-19A3F112FB19}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A72001C9-8542-47CB-A84A-7357AEC88F89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AF83C414-D09A-4F5C-9033-E60EFB938802}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B13401E3-0381-4763-A888-08006FA5A334}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B4AF57A6-FDE6-4703-9607-1DE8B7C4BD3E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BD8C3D21-6233-4791-8E3A-038C0BC2CAD3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C33438C5-747C-4731-9ADC-5FD6304384B3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C5DB66D7-7CE7-435B-A09D-EC1AC5667E59}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E6A8600D-7E6D-4314-AC41-1049CA4DAA09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ECCEC716-97CD-4479-AA81-3BA8D0DDCFD2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F67E5E71-57BA-42F3-9DCE-E299C0E93067}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FCBF86-F973-4EFA-9669-9A1C0C2DBE9B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{013B054C-0008-4742-9F42-525AD3023851}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | 
"{01CC91DA-1674-45A0-AC45-62B483801E82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm | 
"{024C6435-2786-4D16-9BBA-E23384FCEDEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{02D94065-C399-4E8E-AEA4-53FBF4C46636}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"{036E8F57-D734-4002-AF26-E4A960FFBD15}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{04331F39-2B63-4169-AF4C-49DDE750F841}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\ricochet\hl.exe | 
"{05AA8C51-51F3-4EF6-A4FE-A443ADAB0C87}" = protocol=6 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe | 
"{06048B72-B2F9-41C2-B932-EC23AD275224}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe | 
"{072E42B3-DF66-4152-85A6-75C3EC5077E7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0857C88A-2070-4BB7-8DF7-B69A558475C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{0B6154BF-B5CF-42DC-A560-F615C8B1AA3C}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe | 
"{0B732288-0DC1-45B2-AAA3-95746A6D7A60}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{0C58B7B0-5C07-4060-90C8-ABFADBE34A1C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{0CA5BE8C-3CF9-4A3C-8FAF-9EA4656ED477}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | 
"{0CC0F92B-1C6B-452E-A6E9-4B82D246B83D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe | 
"{0DD0EC60-9714-43CB-91BF-4038632D1C75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{0E70321A-6091-4F02-9C8F-4F7A648CCC12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | 
"{0F68AE2A-AAF7-4723-942C-D36DFFD9F307}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe | 
"{11C1A4A2-3B51-4DEA-AF31-DE28635CB037}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{13289F0D-56B1-4F90-A512-5D4015764606}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{1375BD19-D076-4747-AE8A-FD9CD0BBF00A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{13DCA445-B566-4122-ADA1-BF6C03F2AE86}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{14673CBE-6016-4AB6-8715-73D133073688}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{167DC079-0E49-48B9-B679-198C2D8E4EB6}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"{17105CA1-383C-4A6D-8F50-667C304E04A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | 
"{1729D3E2-4AB8-4727-9D89-6B684747C7D1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{17D458CB-3FC8-47E2-81F2-5D3F1B681EA7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1884D974-5132-4863-BBB9-DF3DAF401368}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | 
"{18961737-73B6-4B3E-8BB5-C102EE33B6B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe | 
"{19D0A320-8402-41EE-BF88-988F51DD769B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | 
"{1B4D1FC4-B83A-47B7-B335-590CD71B0F4E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1B6B45CD-2C1D-41A3-B918-43357F90ADB5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | 
"{1BF30761-CEDD-401C-ACA0-AE4CC4AC6403}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{1C208A1A-C477-4567-85CB-CA5CCCD9E738}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic adventure dx\sonic adventure dx.exe | 
"{1C48BA48-D583-423A-993E-B92A90F119D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{1CE64341-E1B9-4350-A60D-E745FCAAA266}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe | 
"{1DDAF628-7B4B-4AAF-B9F6-C6972F365006}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{1EDEF0B2-8358-45EC-A664-C4AE55E88C58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe | 
"{1F582AC9-B0A9-4FB2-8559-99C47D6EE4A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe | 
"{1F6DFCE8-B0D7-45D1-A052-7A5D1C20CA83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{1FD90CA7-CEE3-4F89-A68E-58E3A833D9BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space channel 5 part 2\config.exe | 
"{21FDF634-BE67-4A2B-8C01-A5A6926B6EAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm | 
"{24841FAB-21EE-4EE5-A914-8FE3521AFA1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thebaconing\thebaconing.exe | 
"{255BA1B2-7F31-4C81-A004-EEC7866E048A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2600685C-C68D-4B67-AC05-873EB84118EB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{2694F505-4518-49B9-8623-B6036031FF9A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{2741BA39-8985-48BA-AF81-EBD4428F11BC}" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
"{2777EE86-E934-49CD-93A5-AC2F46DCF5EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe | 
"{2796BC96-A899-4168-AAA5-AC3D2EFA77EE}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"{281F99EA-958B-4DE9-8FAE-B107D2CD27A3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2875A8B7-3FCA-4BEF-B211-90097D6CA259}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{287AA762-A4CB-4C2D-A29C-C20653A9B70E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{290A915F-C65C-4B0C-A021-FDBC5FCA8D38}" = protocol=58 | dir=in | app=system | 
"{29BF8038-0D05-49C0-885F-5D43BB6E57A3}" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"{29CFBFA6-D0C9-4D1F-BCCA-DC1A79A0A62F}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{2AC1E624-C75F-474B-972A-300D6D4A7EDF}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{2B9F86FB-C534-4804-97EB-DBC6CBBAA0C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{2BEF8B3B-7CBD-4932-8ACB-721CFB4B05A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | 
"{2C46ADED-D020-4863-B682-D8C6D930D6E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii\twoworlds2_dx10.exe | 
"{2D4F6F6F-309C-48EC-B9E3-BF834E1F93BE}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe | 
"{2EB8844D-CEF1-4AAD-948A-6829F0D7CC25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{31CA986E-B5B7-40E1-9049-15EC1682ABD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{32482A82-8110-463D-BBE5-27F976E1CDD1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{32F069FE-49F6-413B-856F-86A6603F21DC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{335875A7-6E41-46FD-9AC3-56BAB94FAD36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | 
"{36F83066-3FB7-4315-A70C-A7C3CD533CAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\ricochet\hl.exe | 
"{397A418C-1345-4704-A5B2-D09D428C3083}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe | 
"{3CAC9BB4-E8BD-4748-8346-A26BD9117EA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{3F1BD345-3C21-47C4-B31E-8DA47C6A9130}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{401288BC-14E8-4655-B5F5-D2284981CDD5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\botanicula\botanicula.exe | 
"{41DA4C71-BE9C-4B21-9F3F-F61C6B6B9CC3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{423B5B4D-64FF-48FC-BA7C-A9F24AB1AECD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{426B0AFA-2E23-4EB7-BB3C-EE24BBABFA94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{4529395D-CEA6-497D-9D5B-B60F97D4733D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | 
"{4581706A-75B4-456B-9B82-84EB64206719}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{45B2F397-1AE5-4B7A-BEBB-D96B61E4F014}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | 
"{45E076BB-F336-4AEA-9703-41D3040E476F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{461F07C5-FC8B-4FA0-B07A-624A6F005968}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{463602F7-17C8-4858-978C-0F4A3FFCD8EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | 
"{476D6ECE-85D2-46F3-827E-DC71B889F481}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe | 
"{47BF9B8F-3CE9-4E62-8F2A-2D204D4132C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garrysmod\hl2.exe | 
"{49508BF8-0C49-4EE6-A917-81AD5E9C1E49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{4AA117EF-34B2-4AFF-9A7D-8D8F1EB8DF52}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4B4D11C4-DB3B-49B4-A79C-17A1D6E53D1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4DD2AF95-83CA-4C2E-ADD8-4C152EEEB90F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space channel 5 part 2\config.exe | 
"{4DF197D7-AA1F-4966-BC05-D8A6ED3C9398}" = protocol=6 | dir=in | app=c:\users\milan libischer\downloads\starcraft_2_eu_de-de.exe | 
"{4E0A4130-6847-4D01-9CB9-954FF81F0D5A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{4E0F2050-E267-439B-B02D-485C64BCB37B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe | 
"{4E82F7F3-94E6-4C3E-B9BE-C25476E06081}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{4FB4BEEF-715C-4307-A027-75AC7014D798}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{51C30358-C325-4187-BFBF-05CA7ECBEE6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{52F7193D-BFB0-42CE-83B6-BF79801E2A21}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | 
"{54472E90-D9B7-475C-A695-6DAE862C081F}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{54BB3E9F-B222-4DA3-8EA4-1AA17F61A055}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{54E0CF21-8432-4F66-A88D-C70686A04CAD}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe | 
"{55D36B35-422D-4E31-89B1-B765F2C550D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{5734F768-673F-4F29-BB71-C1DD102E1A57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{579CA0E8-D896-4660-A67A-81C44C0CE1A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{58367A3E-FD3F-4F2B-89A8-C3FF2A806AF1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe | 
"{5ACDB089-50E5-4A4C-80BE-01FA907437F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe | 
"{5B0F644B-3221-40C5-A8C7-B0571B233031}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{5B55A85A-B3A2-465C-B3DA-CD3563BC89E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thebaconing\thebaconing.exe | 
"{5B602EE7-8973-4D48-842D-CB7B05D4079F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe | 
"{5B9821D3-F980-4B82-A5B4-1BBE054247BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{5DF771B5-9ABB-4553-B3A6-0C941D0B1483}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{62D86941-CB41-4792-B542-2C75CB74FDE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\team fortress 2 meet the spy\smp.exe | 
"{6356A6BF-E26A-4497-8E4C-D1FE9CB59400}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah\hellyeah.exe | 
"{651623D7-E626-4885-80D0-7024B42E8EC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garrysmod\hl2.exe | 
"{6620B9A5-12CF-4D02-97E0-44489A13C1F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe | 
"{66308FA0-38C2-4C98-A4C8-E1C9A588DA22}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\streetfighteriv\streetfighteriv.exe | 
"{67C6B6F4-46F9-4DC3-A60F-CC7C007F3287}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{682CCBD2-7DBF-4BDA-B55E-7D8A26775AFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe | 
"{691139F1-2426-460B-BF28-3AA86B20D75D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"{69E8624C-54BE-4690-948E-9EAC5AFE50B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{6A524D14-4D83-4CCE-BB7C-126B45FB6858}" = protocol=6 | dir=in | app=c:\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe | 
"{6A57B68E-4921-4814-ACA5-D451185BFC86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6B0AB46A-A48D-4A7A-A28D-D37797B32EFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@dayz\expansion\beta\arma2oa.exe | 
"{6B951EA0-1931-4962-8ACA-62AD24DA2B9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6D11CD7F-CBE0-467B-97A7-6FB5F8BEEF5A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6D541F8B-8A28-4456-91F3-391FAB7951E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe | 
"{6DF39EB7-0ED5-43A8-8FBD-14950EEF7086}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{6F5B1E2A-1249-45EA-9ED6-54913AF9B517}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{71759870-7D6C-4909-9A48-B7CB672E5AB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{722D4790-9246-4E01-8710-AF8D17F4A27E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | 
"{72FF432D-2FA2-4F82-B8C9-78AFB62FBDCE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{749C1B40-5C0A-4A3B-8FDD-3F299EE04CFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\botanicula\botanicula.exe | 
"{752BFC1B-946D-4BE5-AD26-A89E50C95913}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{75CA1DEC-F3BF-4D62-BF05-D49082E2AA24}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{78A22BB8-D483-4B28-8C3D-8A99FAEC8055}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{78ADDD1C-53C4-460A-A33C-48B9DA101624}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | 
"{78EFA4A1-8E45-41B8-B5AB-DE1EBA7E2DE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crazy taxi\config.exe | 
"{797F8B2F-EA35-421A-8B0E-D7B578413B9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | 
"{79FCA8EE-47E0-41AA-BB97-782942DBA913}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe | 
"{7C1D2DA4-1845-4708-9C22-C336AF669DC7}" = protocol=17 | dir=in | app=c:\users\milan libischer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7D6870AA-68BA-4D2E-ADB1-5B42FA8F254F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{7E16A3D1-CA74-40B1-A6AF-E8A1816AEBE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{7E88176D-AAFD-430A-B5A0-E3AB5D15FDCD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe | 
"{7FD7B8BF-A915-4259-A808-F2AEFDFB51C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{807818EA-AC9C-40CF-8CEF-8F2427DFDF70}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{813854D3-8498-4464-8D70-6D14F6C7F521}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{8147D551-0E74-4D33-9E6E-8F9258BD2C04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{81E31909-9EDE-4F73-AA29-30F77F3A67BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crazy taxi\crazy taxi.exe | 
"{8287A5CC-046C-41C1-BB85-E64C3277374B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe | 
"{8287D6BC-8BDB-4E95-ADE5-110F9FE91E67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{8386BD82-853A-412C-B970-023FC606C7E0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{83ED6EF1-3466-48F0-856C-33CAFF380BC9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{85B4EE94-6AC9-4914-82DD-E9733DF68644}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe | 
"{87309149-2061-4F85-A97F-14B225F54AE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | 
"{88891246-1A3D-40E3-B9C3-EC2BED568824}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{897A2D66-C8E8-44F4-B70D-648DE82A21A3}" = protocol=17 | dir=in | app=c:\users\milan libischer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8B1D7397-4BB1-427E-9ABE-18921A0BC882}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{8B25BBA2-ECD5-43EC-8CCA-83355DD7EF64}" = protocol=6 | dir=out | app=system | 
"{8B8499FC-1D30-42BB-9A64-33AD7E20BBF0}" = protocol=17 | dir=in | app=c:\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe | 
"{8C807E00-E15F-4F50-BA9C-827F12C15E6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{8D1D4ED4-593F-4BE9-9596-48A58C6B4246}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{8D473FA4-2133-42C8-A00C-7F841EC7C4CC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8EE7018F-739A-4ACB-BD28-A82E17814DB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FFEBFA0-3612-493E-88E1-5FF7A2E14A57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{905C6400-2B2D-41E7-BBD3-57E340730AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\faerie solitaire\faeriesolitaire.exe | 
"{907AA42A-5D3E-4186-AA2F-6BFF370CD11C}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{91561701-0386-426F-858C-85C0279FC862}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{9159B6F9-9C06-4FF5-A7CD-74F0385796AD}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"{92A04CC4-5A8B-4799-A040-93CBE6E475A6}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{92E1F2B3-4803-4C4D-8127-970E9F2D9CB7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"{959520EB-1A12-44A0-8D04-8954AC74D572}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe | 
"{978AC6A2-767B-4A12-873E-126FE9977CD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | 
"{984FE88A-3B79-40BB-A3B6-C365880FB998}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9932D605-16BA-4D89-BB3B-73BD6A539417}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{9959F327-B9C9-4834-967A-4ED04761DF5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crazy taxi\config.exe | 
"{9C7D03EC-DC8F-463D-82AE-CC1731A42F35}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{9D2E3A59-32DB-4A2C-966D-E782D4823979}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe | 
"{9D2F5422-C429-4EA2-AFEC-AAC5BCC57B08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic adventure dx\sonic adventure dx.exe | 
"{9DA0D7AE-1B1A-4E25-B8DB-9601950C3F2A}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"{9DA561FF-1122-4F13-AF44-CF6DC030B2F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe | 
"{9E4E3453-A30C-43A5-B161-53ABF2060B62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{9F00B544-6B5B-493E-8219-C93E39F06ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{9F4B4619-407D-47B0-93DE-F0E360B1787C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic adventure dx\config.exe | 
"{9FB07982-4BEE-434D-B1A7-C6945E3B6213}" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
"{9FE6C901-2E49-4BC3-93D6-B6F53958C3E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | 
"{A3422640-08C3-4B6F-95EA-A09ACF31C07C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A3536EF4-FBA6-42C3-80B7-5F6A50072FCF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{A3E5F54B-98A7-4C19-BEE4-8E980FF3A514}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe | 
"{A41CC0F5-E975-4C2B-9A25-324BE26EFCB9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{A486D849-2EA8-4971-B8C4-76B9756C5B88}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{A4ED2A7A-0060-4EEB-8288-7BD19D5C81FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah\hellyeah.exe | 
"{A5661FE0-8378-4573-9235-750B765AF173}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{A5773540-E29A-43DC-9C8A-D047662A169C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{A5CF23D7-293A-4EB5-A562-D1EA992EF734}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe | 
"{A7442B83-EBC1-42DA-ACDD-8C05767E2B5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2 meet the spy\smp.exe | 
"{A9D8FA05-F704-4CBB-A082-BE25F5A3CDE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{AADD53C9-F441-4F16-8239-55A5794AD1A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{ABF7C789-5C6E-4926-A963-3A3F6FE7D03A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space channel 5 part 2\space channel 5 part 2.exe | 
"{AC2F6FE5-AB08-4CE8-A9FA-9B9226F8376D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{ACCB324B-D0D8-463D-94ED-8FFF61291706}" = protocol=6 | dir=in | app=c:\users\milan libischer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{ACEC0508-C185-4B13-97BA-52A436406123}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{ACF5D9D7-4FC4-4FE1-94BA-065CC324F5D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{AE7B2B4C-03D5-4EE3-ADA2-2A276E3CED5E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{AF452EEA-5F7B-4FE3-89D0-435B0EF0FD0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{AF805F69-600E-4F07-8391-3635C0BEB1F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe | 
"{AFBD197A-3D59-46DB-A47C-308AA67C50DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crazy taxi\crazy taxi.exe | 
"{AFCA4E35-852D-437B-B1FE-14538E436F83}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B15D4EFB-CFCD-4509-83C9-9F6430748C05}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | 
"{B2BA4C44-1E2B-44D7-9DDA-98AFFE63C879}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B34CB43E-6495-4852-B9E1-FD75122761D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{B3E5D202-C98E-4645-BD09-5F89ED034AC0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{B40A9047-7202-4C0B-AB9B-3A046160E27C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{B458CFF6-D4B3-4C08-8D75-F67D79279C39}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\streetfighteriv\streetfighteriv.exe | 
"{B4FD65B8-1F70-471A-AEB5-A072187DD4EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2 meet the spy\smp.exe | 
"{B502025F-86D5-4B56-8466-7B72E97F53D9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{B55B4959-FD97-42E7-BC32-F5D7E2FA9CAC}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{B5EF3865-201B-4B02-A7CC-E0EDFEAE59C7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{B6C29B41-9EA7-4AC4-BA6A-6702BB955E94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{B749F5AC-1D63-4D37-B396-4D0FBC4AC244}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe | 
"{B85C8207-D0B7-444C-BB16-204A2096122D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space channel 5 part 2\space channel 5 part 2.exe | 
"{B8D87113-7DC7-4500-8CA4-FDA9F7F5A56F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{B8FAA761-895A-4B38-925A-3D24E731F8DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tinyandbig\tinyandbig.exe | 
"{B8FDC939-0E6E-43A6-BB10-B17FCFE02A16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{BA11CD07-2173-4569-A648-F575DEC152DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{BA9E15BC-DE79-4E83-885E-9F5FDDA5DB02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"{BC365850-9C10-4808-8315-F89402005994}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{BDBCBD4F-5B24-4C99-AD4F-B8486D4E4922}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{BDDF3C6A-967B-495B-95A9-43E4CE07ABE7}" = protocol=17 | dir=in | app=c:\users\milan libischer\downloads\starcraft_2_eu_de-de.exe | 
"{BE926D29-4DD6-4EB9-A16F-2519DAE495EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@dayz\expansion\beta\arma2oa.exe | 
"{BFC3BC5B-A8C3-4FA3-AE48-77AA5109A3A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe | 
"{C02CBCDC-2719-4D56-A05E-31DBE51748A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{C0A10D06-D044-4EE9-B3B7-A53D0588F735}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{C0BEB514-FA32-4F5E-9990-C9245D856538}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C0D0573D-02BB-4E2C-AD82-A7A452C0821B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{C23C1584-7D54-4313-82B6-C13BE7FF63AF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{C2843883-7A5E-48B5-9825-D4A5C5534DB0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C2E6215C-C27F-44E8-B23C-26162B0FA472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | 
"{C36B33B5-8B17-442E-931D-74623D6D93E9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C644B63A-425A-416C-A0AB-93D3741005CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{CB174ADB-DEF4-40B9-A257-179584445162}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CBE72325-9F1E-44FB-8105-7ACB3DCA70D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe | 
"{CC3CF228-D71E-4A5B-973E-775924154C4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe | 
"{CC4377A0-78AE-40F7-9779-A0127C43C89A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CD21A7CC-D05E-42B3-AEDC-953DFFA84DE8}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"{CE3E982F-6ECF-4851-9931-ED3DC9998543}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{CE4C032C-9DA4-4A05-ACF4-30B00C4538F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\counter-strike source\hl2.exe | 
"{CEC6783E-3E43-4327-9402-3B058A965EEA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{D05F1193-68CE-482C-BF08-4325C9680272}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{D0E56833-39E9-41B7-AD39-F99BD82A905D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe | 
"{D1A85000-1F33-4AB2-AB10-1631303A8E3E}" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"{D41116EE-3842-4557-8BFB-2068F87FF050}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{D476B030-5385-4B4D-8507-A9436EC86F9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{D58208E5-D5C5-40B7-91FF-330A9AD1D1A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe | 
"{D5F51353-ACAC-45F0-9F65-5E2377BC52DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | 
"{D6FDD260-E096-44C1-9E20-268ABFBED640}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D844B76F-41D1-486B-8EB7-FEC4AEEED69B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{D989D078-C117-4B8D-A58C-053E50F1B783}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe | 
"{D9DD370B-7C89-402A-A6E0-A3A80D65ED53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA7B949D-C17E-4EA8-9319-CF25CFCB8147}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | 
"{DADCD03E-202B-4F88-8397-FDAEE5995557}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{DADEE80D-118F-4B93-BE1A-F5E67D5B04A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{DC788193-6016-40C9-A784-506E184E7204}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{DC7C6DDF-EF76-4C81-8CE4-EC3A05543FA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DD03BAFF-50AC-4DF9-B1CF-8239AC2B9EC1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{DDC03897-3E52-4D99-B20D-1DE51B6313B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{DDF7B1AE-798C-4574-9A57-330018516E63}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garry's mod beta\hl2.exe | 
"{DE34DC7E-3240-478E-B8B2-D24775F50AFE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe | 
"{DEFE1156-D800-456F-AD61-929486F35777}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii\twoworlds2.exe | 
"{DF162185-F450-4EA5-B6F0-95B35E1FCD40}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe | 
"{E0328C04-1D93-43CF-BEFB-422B37100651}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\team fortress 2 meet the spy\smp.exe | 
"{E1082403-6F01-4945-B4FC-E48A97FD53EE}" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"{E226F4D4-7A07-46D9-80C2-5B0BC8F37399}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{E318C692-A779-476A-A3F3-6F549610A736}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{E32470BC-AFDC-46F8-9219-C82B161CCB5C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{E3AB3996-5CE4-4FD6-B55A-94ED16753150}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{E3DB90E7-CDE6-4558-AE03-9B7B2A6BD997}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{E490FDF3-4BCD-4D4A-971C-239549BA3C5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{E5BE2BC6-6CAF-448F-9E58-62CD57C6C3EF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{E6349B97-5B11-468F-9A44-DDEEB81A154E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{E7A7063E-1C74-4E3F-B386-4CECFA77BA83}" = protocol=17 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe | 
"{E8574FF9-A709-4EEC-9183-EA9FF0D6B155}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{E875C842-310C-46CE-B4C7-28244E4D3ABD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii\twoworlds2.exe | 
"{EA836C5E-8B20-4CAC-BD60-2C331A5D1AD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tinyandbig\tinyandbig.exe | 
"{EA8E89CA-6CE8-413D-A880-3BC7F802F672}" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"{EAE8867C-301A-4D53-9632-DAB8845C1409}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{EB2603D1-EAA7-49FB-8731-E6D406C91910}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{EB5ECFDA-31CC-4469-9869-48C1A53CDDBE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{EBA2F84C-65BF-4D72-BEA4-218CD11462F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{EC3A8D28-A16C-4329-AE7A-8B1CC2693E0D}" = protocol=6 | dir=in | app=c:\users\milan libischer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EC959CF4-0825-49E9-AC06-DF1A7780B6DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | 
"{ECF2B6D8-6824-48FB-87F7-B8A94AC40E5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garry's mod beta\hl2.exe | 
"{ED510328-8DE8-42CC-997F-AE1250C436A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{EDE09A61-3D55-4375-BCB1-050731A61B40}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\counter-strike source\hl2.exe | 
"{EE2D4E9E-CA32-4B9D-A487-247ABE28D024}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{EF75E125-30EE-4724-A689-5449C493A214}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{EF8D2500-DAE5-4BAF-A7E7-9C527F07BACC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EFD493E1-5C6E-4F3C-ABEB-EEECBF0DE39F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | 
"{F18E5340-59D5-4D61-A56D-2BF7ED596CB8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe | 
"{F1B8DD5D-CB14-46F5-BCA4-EAA4156A2E16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{F33CA7AB-03D3-4371-A6E3-87D0303F07FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | 
"{F6297B34-2CDE-4A00-90C8-9FEBF2BC5D71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F71F7713-2893-4C77-BABB-26DBF7083E7F}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe | 
"{F788A1DD-44AF-494C-BAB2-595B699ACF88}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"{F8830A04-00D2-4D88-AFC7-A8FBAC5FF32B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic adventure dx\config.exe | 
"{F9501B5D-0EC2-41AB-8991-9C99EF352637}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{F992A234-618D-437C-97B0-636FD2D1CD18}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe | 
"{FBAD330B-C845-428F-AACE-428DFF309577}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{FC01172B-929A-4200-B526-E4EB15FC346C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{FC8246B7-9620-4D95-8D5C-7AF4CFB57AAA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii\twoworlds2_dx10.exe | 
"{FE311B61-2431-45F7-92B7-DD58C6978DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{FEB169B7-4B62-4DF5-814C-E88FF6C73D38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{FF152E44-9AAE-4B74-9799-31B008CD510C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\faerie solitaire\faeriesolitaire.exe | 
"TCP Query User{0363FB12-3EB1-4C79-85BB-986EB6025B71}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"TCP Query User{086B261B-6498-49C2-9001-621675460A02}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{0BE35DE9-B185-4827-BB54-9122793C79C3}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{140AB2F8-C5D7-46E6-AF67-CD92C6F79AF6}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"TCP Query User{1689FEEF-63A7-408D-9028-E7D00F5852EF}C:\program files (x86)\steam\steamapps\serj561996\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\zombie panic! source\hl2.exe | 
"TCP Query User{1B7E23F2-5825-4847-8BD9-F8665F139260}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"TCP Query User{299739FA-0C78-4503-BEA9-05D2BF145F8A}C:\program files (x86)\steam\steamapps\serj561996\pirates, vikings, and knights ii\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\pirates, vikings, and knights ii\hl2.exe | 
"TCP Query User{2AEFB3B5-9C69-4C15-A50A-55985C357F1F}C:\users\***\documents\xiii lol\system\xiii.exe" = protocol=6 | dir=in | app=c:\users\***\documents\xiii lol\system\xiii.exe | 
"TCP Query User{37BE7CA4-ACFC-4C4C-8668-FD6D2AA5F325}C:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | 
"TCP Query User{41ACFDFF-059A-4001-881D-277B291C3B97}C:\users\***\saved games\dummes online gedöns\armagetron advanced\armagetronad.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\dummes online gedöns\armagetron advanced\armagetronad.exe | 
"TCP Query User{429C05DC-D0B3-4BCF-83F3-C849BCB2BEFC}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{47FF59B4-4518-45C7-9519-BAFD880E78BE}C:\program files (x86)\steam\steamapps\serj561996\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{4B317318-F331-4BFC-A569-DEB672746F27}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\uplaybrowser.exe | 
"TCP Query User{67857CAA-D189-4F43-AEF1-B36ED87414D9}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{69DA34B3-3B71-4E60-9E45-D413C0B4A9D8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{6BBDABA6-6BC1-48FA-832B-A6DF9E0D10D3}C:\program files (x86)\steam\steamapps\serj561996\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\day of defeat source\hl2.exe | 
"TCP Query User{761190EA-B4FB-4741-AFB9-D1AEEBA1167B}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{7F96DE09-9C1A-4E99-ADB6-CDB690BE9074}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{8061A240-04F0-4B66-98FF-6425463DFB6F}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{81AD68D5-1829-4188-9264-B25D8780DE7F}C:\users\***\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\starcraft_2_eu_de-de.exe | 
"TCP Query User{828EBE9C-4652-41C8-9D73-59504FACF2A2}C:\program files (x86)\steam\steamapps\serj561996\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\team fortress 2\hl2.exe | 
"TCP Query User{8345E9CF-3375-4DD1-A905-11A8DFD94D04}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{85D129C6-0736-4092-B598-8B05F83799A1}C:\program files (x86)\xiii lol\system\xiiied.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xiii lol\system\xiiied.exe | 
"TCP Query User{89B00CE7-025D-476E-BA11-D44A42E18BDA}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{8CCFCD9B-45AB-493A-8AC6-D38C23D43CF4}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"TCP Query User{8D1E158F-1F48-4FE4-9A28-53BCD1AD19BD}C:\program files (x86)\steam\steamapps\serj561996\garry's mod beta\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garry's mod beta\hl2.exe | 
"TCP Query User{8D4FFC08-AA4E-4EA4-A223-62377E299351}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
"TCP Query User{9125998F-8B9B-420E-A973-FF21FDB8F8C4}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"TCP Query User{9379D98F-F0B2-4E25-BECB-3E20E92FB1FE}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | 
"TCP Query User{A3549AA6-84FD-4F9E-BD90-54887493573B}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{A544E5ED-C31D-45BC-9F58-BFCF9BE5A468}C:\program files (x86)\steam\steamapps\serj561996\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garrysmod\hl2.exe | 
"TCP Query User{AC77D86F-3771-4D3C-ABD9-C3778F8CD23F}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{C0250A52-2622-4BE9-B98C-E83926BEA6B8}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{C06FFB10-B1CB-41ED-8024-1804E4C35E95}C:\program files (x86)\deep silver\nail'd\naild_x86.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\nail'd\naild_x86.exe | 
"TCP Query User{C5B2C7F0-9A4A-4623-8879-942700366BBB}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"TCP Query User{C93AB05C-E7F3-4D4C-B6C2-69E8C86F197E}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | 
"TCP Query User{CA271501-91D7-4E4D-B52F-20727D5F0866}C:\program files (x86)\steam\steamapps\serj561996\synergy\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\synergy\hl2.exe | 
"TCP Query User{CB69C7EF-7682-434A-9B52-59B5B812B23C}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@dayz\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@dayz\expansion\beta\arma2oa.exe | 
"TCP Query User{CC4B0858-267A-490D-B1E1-94A8F69FE1C1}C:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe | 
"TCP Query User{CCB1FCDD-21A5-4DD6-A8D0-BF5FCF7E34D8}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{D2395DC5-3478-45CC-970C-66800BF27050}C:\program files (x86)\steam\steamapps\serj561996\diprip warm up\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\diprip warm up\hl2.exe | 
"TCP Query User{F5CCB0D1-DE83-4C69-9DE6-A8B5C9054CD3}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe | 
"UDP Query User{00E38666-1900-44C7-B815-E85C99917D10}C:\program files (x86)\steam\steamapps\serj561996\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\team fortress 2\hl2.exe | 
"UDP Query User{07869530-0FAF-410B-84D4-802A92BBEE01}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@dayz\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@dayz\expansion\beta\arma2oa.exe | 
"UDP Query User{07CFF640-5446-48A4-8A38-59DA4756BA85}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"UDP Query User{10813C7A-8764-4798-9C56-51292F4A20D0}C:\program files (x86)\steam\steamapps\serj561996\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\day of defeat source\hl2.exe | 
"UDP Query User{16C7CB61-E3AF-4CF1-A7D2-0FEDB2DC12F2}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{1BD76309-E941-4E5A-BC71-FB4CED4483CB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{26EBE64E-0604-4097-8B20-F0B180444252}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{2AD1A8C9-3582-4C6F-8D31-3E3997E6DDF6}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{2C37369A-5C14-4421-B98C-65F489ACB2F6}C:\program files (x86)\steam\steamapps\serj561996\garry's mod beta\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garry's mod beta\hl2.exe | 
"UDP Query User{2F3C94CC-FD26-45F2-96DF-6C7A12FC9AA6}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{33ABE7C3-1787-4C9C-AF91-D51561CE1752}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{3498A9B6-5F2A-4787-B250-A888854F1D6E}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe | 
"UDP Query User{37688930-0692-4202-A910-1C3D6D361D62}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"UDP Query User{489D5AFA-9554-4FE6-B0B1-2D3B6B58ACCC}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"UDP Query User{4E2716F3-695C-45BD-AA13-058537D60486}C:\program files (x86)\steam\steamapps\serj561996\diprip warm up\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\diprip warm up\hl2.exe | 
"UDP Query User{565E267B-C9D4-4FCF-8B0C-1B8FC930E5EE}C:\program files (x86)\steam\steamapps\serj561996\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garrysmod\hl2.exe | 
"UDP Query User{59AEF0D1-F6E4-497B-8B98-775EB0CB7B64}C:\users\milan libischer\saved games\dummes online gedöns\armagetron advanced\armagetronad.exe" = protocol=17 | dir=in | app=c:\users\milan libischer\saved games\dummes online gedöns\armagetron advanced\armagetronad.exe | 
"UDP Query User{5DB740EB-7DE2-4FA4-B5C6-774EBF311AAD}C:\program files (x86)\steam\steamapps\serj561996\synergy\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\synergy\hl2.exe | 
"UDP Query User{6276D4A4-770F-4901-BC72-66A9AA807A74}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{65E4BB3B-0D16-4939-9CD1-1D3E7DB70B19}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
"UDP Query User{6856CFD1-962F-4693-9CF3-0D7E0D3E8737}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"UDP Query User{6B56B895-71B3-4047-9978-30C0F7971E13}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"UDP Query User{6BA09579-7121-4782-A361-5CC13655B5D0}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{6E424D22-A2EE-409D-BF0A-7673BB4671C1}C:\program files (x86)\xiii lol\system\xiiied.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xiii lol\system\xiiied.exe | 
"UDP Query User{747FEDDC-0DE2-4EA1-966C-1651F1289975}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | 
"UDP Query User{7C33E906-F275-4F81-96EB-40C38136C3BF}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{85A0793D-5554-4781-84DE-13185F8F9FE2}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{8DC67C4A-C63D-4771-8EC3-092CE6876845}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{A093A094-36DC-48E0-AC55-90C232CEBE60}C:\users\***\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\milan libischer\downloads\starcraft_2_eu_de-de.exe | 
"UDP Query User{A0DC64C8-0087-4C06-AC56-0FB0CA294A32}C:\users\milan libischer\documents\xiii lol\system\xiii.exe" = protocol=17 | dir=in | app=c:\users\***\documents\xiii lol\system\xiii.exe | 
"UDP Query User{AE5C7B5B-A016-4903-BBF7-80E1706C2BEE}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"UDP Query User{BD4F44AC-B252-4BB7-AC7D-C2532B808293}C:\program files (x86)\steam\steamapps\serj561996\pirates, vikings, and knights ii\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\pirates, vikings, and knights ii\hl2.exe | 
"UDP Query User{BE2C9C3D-2C84-4FB4-8169-81241473D94D}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | 
"UDP Query User{BED7233E-FC70-4AC1-8D0F-8A3218620525}C:\program files (x86)\steam\steamapps\serj561996\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\zombie panic! source\hl2.exe | 
"UDP Query User{C01C2553-A7C7-411B-9973-721941F232D7}C:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe | 
"UDP Query User{C79A74BE-A9A4-45A2-BA3D-AEBFC7053366}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{C9FE71C3-AF5F-480E-B4CC-83AC2C199357}C:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | 
"UDP Query User{CF82C2CF-C23F-4B7B-8C7F-BF27DFD1D04E}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{D279A9E5-5629-41A4-984A-3AD5C3D75A98}C:\program files (x86)\deep silver\nail'd\naild_x86.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\nail'd\naild_x86.exe | 
"UDP Query User{D332FDAF-06DF-4E58-9F40-1F68F412D603}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{DD6F1497-AE6F-4438-86D9-F7F8B6AA23A2}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\uplaybrowser.exe | 
"UDP Query User{FBE05EB5-3FC4-42F7-AA7A-4EA4E0561B98}C:\program files (x86)\steam\steamapps\serj561996\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\half-life 2 deathmatch\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series" = Canon iP4900 series Printer Driver
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B36047D4-E932-C4B2-0DF2-94C8577468A9}" = ATI Catalyst Install Manager
"{DB80D7F6-DFF5-3B08-9CB4-2FD91DB6B0BC}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D26B11-2DCC-21E9-1CBE-1A84F29C5615}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7D3D90-24FC-B4F1-3188-B30DDEDA4930}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26FC7F7F-8CC0-BB65-7BD5-DE6B84397517}" = Catalyst Control Center Graphics Full Existing
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B673C6F-BDEA-48AE-AB59-7479BF04EF6E}" = Nail'd
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2FD186BB-0278-AE1C-5A6A-FEEDA2E628B2}" = CCC Help Korean
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C2060B5-40BB-5BF2-7D8C-5F50A45FE8FF}" = CCC Help Dutch
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4286A2D8-127A-D067-D03E-5B619E4BA39D}" = Catalyst Control Center Graphics Previews Vista
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5271E2B2-880F-5484-8972-D7F89CCEC3EF}" = CCC Help Chinese Standard
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{599ECF38-67E6-3D93-D41D-7D36AF54B5F7}" = Catalyst Control Center Localization All
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{66F9F80A-A9F6-FA9B-836A-4DF3AD89157C}" = CCC Help Japanese
"{67B2A8FD-0BF5-A71C-03C3-287AF5894FF6}" = CCC Help Finnish
"{6A81E096-41E9-2D35-53E1-E45677F14D73}" = CCC Help English
"{6D079713-D160-DB5E-74C8-36D037F687AD}" = Catalyst Control Center InstallProxy
"{6FD38C99-A371-F491-CB0A-D42DD467640E}" = Catalyst Control Center Core Implementation
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7225AFBA-5C8D-90EB-B768-8B10EC636757}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3A7453-BC40-A694-01EE-FCFCA728D882}" = CCC Help Polish
"{7BA3A243-7D3D-844E-B851-CA35D782FF9F}" = CCC Help Turkish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D3D44F5-C798-2D03-FC42-A5007C516AE6}" = CCC Help Chinese Traditional
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90C3A9F7-B751-718E-DBA1-4D81F82E9969}" = Catalyst Control Center Graphics Full New
"{93DCD69C-49D9-A710-BA7C-90C13DB491D3}" = Catalyst Control Center Graphics Light
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9DEC152C-A8EB-3048-A758-5136B5E46F49}" = CCC Help Thai
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0A7E755-8234-8E24-F246-B4A832E0E331}" = CCC Help Czech
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A4489FF3-B501-D9AB-7E48-34A092C2F423}" = CCC Help Italian
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0EC377-ECAF-7252-C2B7-BAD2FEF6FAC2}" = CCC Help Danish
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B40A2996-D76F-4D2A-D7DF-230B7DD63948}" = CCC Help Swedish
"{B5C44728-55D9-A94E-7951-B8AB8841E3AA}" = CCC Help Hungarian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C1940CF0-E2DD-11E0-BB25-B8AC6F97B88E}" = Google Earth
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C54DA176-5E55-EDEE-EEBF-9894DB61B8C1}" = CCC Help Russian
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1079D9F-7778-366C-AA9F-F3AC68EC8141}" = PX Profile Update
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09D4613-287C-74AB-3FF1-FA8B49BB049C}" = CCC Help German
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED34C5C7-715F-E278-7646-1152667B228D}" = CCC Help Portuguese
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6549C92-F6A2-78C6-4BEB-26D2966347EE}" = CCC Help Greek
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FAC2C91B-0953-94F6-AD56-8088C7AC280E}" = CCC Help Spanish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Armagetron Advanced" = Armagetron Advanced 0.2.8.3.1.gcc
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"BlueJ_is1" = BlueJ 3.0.5
"DivX Setup.divx.com" = DivX-Setup
"DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"I-Doser" = I-Doser Free
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"LastFM_is1" = Last.fm 1.5.4.27091
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Octodad" = Octodad
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 102840" = Shank 2
"Steam App 105400" = Fable III
"Steam App 105600" = Terraria
"Steam App 105800" = PixelJunk Eden
"Steam App 108710" = Alan Wake
"Steam App 111600" = Serious Sam Double D
"Steam App 113200" = The Binding Of Isaac
"Steam App 12210" = Grand Theft Auto IV
"Steam App 17300" = Crysis
"Steam App 18070" = The Baconing
"Steam App 201870" = Assassin's Creed Revelations
"Steam App 203810" = Dear Esther
"Steam App 205230" = Hell Yeah!
"Steam App 205910" = Tiny and Big: Grandpa's Leftovers
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 207610" = The Walking Dead
"Steam App 207690" = Botanicula
"Steam App 214790" = The Basement Collection
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 22650" = Alien Breed 2: Assault
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 33230" = Assassin's Creed II
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 38600" = Faerie Solitaire
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 4010" = Garry's Mod 13 Beta
"Steam App 40800" = Super Meat Boy
"Steam App 41020" = Serious Sam HD: The First Encounter Demo
"Steam App 42910" = Magicka
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 48000" = LIMBO
"Steam App 49600" = Beat Hazard
"Steam App 50650" = Darksiders II
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 60" = Ricochet
"Steam App 6120" = Shank
"Steam App 620" = Portal 2
"Steam App 65800" = Dungeon Defenders
"Steam App 6860" = Hitman: Blood Money
"Steam App 71230" = Crazy Taxi
"Steam App 71250" = Sonic Adventure DX
"Steam App 71260" = Space Channel 5: Part 2
"Steam App 72000" = Closure
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7520" = Two Worlds II
"Steam App 8190" = Just Cause 2
"Steam App 99900" = Spiral Knights
"TmNationsForever_is1" = TmNationsForever
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.08.2012 13:58:21 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.08.2012 18:38:44 | Computer Name = Milan | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 23.08.2012 18:39:57 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.5.2.22875 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 13b0    Startzeit:
 01cd81801a0dbad8    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base22612\SC2.exe

Berichts-ID:
 75c81a3a-ed73-11e1-b02c-60eb69878056  
 
Error - 23.08.2012 19:38:48 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: steam.exe, Version: 1.0.1446.623,
 Zeitstempel: 0x5004ae1a  Name des fehlerhaften Moduls: steamclient.dll, Version: 
1.48.51.6, Zeitstempel: 0x50356b2c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002cc646
ID
 des fehlerhaften Prozesses: 0xae0  Startzeit der fehlerhaften Anwendung: 0x01cd818828e09b9a
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Steam\steam.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Steam\steamclient.dll  Berichtskennung: af434091-ed7b-11e1-b02c-60eb69878056
 
Error - 24.08.2012 10:18:49 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.5.2.22875 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 15b4    Startzeit:
 01cd820345da6eca    Endzeit: 22    Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base22612\SC2.exe

Berichts-ID:
 9d832e4c-edf6-11e1-afb2-60eb69878056  
 
Error - 24.08.2012 12:17:33 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.5.2.22875 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 218    Startzeit: 
01cd8213ec81740c    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base22612\SC2.exe

Berichts-ID:
 3404d117-ee07-11e1-afb2-60eb69878056  
 
Error - 24.08.2012 12:18:28 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.5.2.22875 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1b5c    Startzeit:
 01cd821406247b35    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base22612\SC2.exe

Berichts-ID:
 551d4946-ee07-11e1-afb2-60eb69878056  
 
Error - 26.08.2012 06:22:36 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: steam.exe, Version: 1.0.1446.623,
 Zeitstempel: 0x5004ae1a  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xeac  Startzeit der fehlerhaften Anwendung: 0x01cd8367c88ef19e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\steam.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: f4173622-ef67-11e1-ae76-60eb69878056
 
Error - 26.08.2012 12:08:55 | Computer Name = Milan | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 29.08.2012 11:57:43 | Computer Name = Milan | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 31.12.2012 09:03:57 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver
 Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 31.12.2012 09:04:30 | Computer Name = Milan | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LogMeIn Hamachi Tunneling Engine erreicht.
 
Error - 31.12.2012 09:04:30 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 31.12.2012 09:08:19 | Computer Name = *** | Source = bowser | ID = 8003
Description = 
 
Error - 31.12.2012 09:55:08 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 31.12.2012 10:07:02 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 31.12.2012 10:13:20 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 31.12.2012 10:17:00 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 31.12.2012 11:02:39 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 31.12.2012 11:08:18 | Computer Name = *** | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
--- --- ---


Hier die ergebnisse nach dem neustart:

Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Registry key HKEY_USERS\S-1-5-21-1470259330-3820463359-1782755890-1001\Software\Microsoft\Internet Explorer\SearchScopes\{004D5A8F-B490-4D03-86EB-03F0DC281155}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{004D5A8F-B490-4D03-86EB-03F0DC281155}\ not found.
========== FILES ==========
C:\Users\***\Documents\MBR.dat moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 75 bytes
 
User: Henry
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294594808 bytes
->FireFox cache emptied: 42903886 bytes
->Flash cache emptied: 4139 bytes
 
User: ***
->Temp folder emptied: 99525 bytes
->Temporary Internet Files folder emptied: 6245133 bytes
->Java cache emptied: 717963 bytes
->FireFox cache emptied: 439045822 bytes
->Google Chrome cache emptied: 26059839 bytes
->Flash cache emptied: 57539 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 772,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 12312012_165218

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Geändert von Dr. Acula (31.12.2012 um 17:11 Uhr)

Alt 02.01.2013, 10:39   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.01.2013, 16:36   #24
Dr. Acula
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


Ok vielen Dank
Hier ist der Log des maleware byte scans:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.02.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
*** :: *** [Administrator]

02.01.2013 16:30:51
mbam-log-2013-01-02 (16-30-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 260092
Laufzeit: 4 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Wie soll ich eigentlich mit den Viren in Quarantäne verfahren?
Einfach löschen?

Alt 02.01.2013, 20:09   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


Was habt ihr alle immer nur mit der Quarantäne?
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.01.2013, 21:07   #26
Dr. Acula
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


Hier noch der Log des eset scans:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=3883e4f200d45f4fb15a207856558085
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-02 08:01:53
# local_time=2013-01-02 09:01:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 98 82073 222580203 74831 0
# compatibility_mode=5893 16776574 100 94 62850272 108786763 0 0
# scanned=415201
# found=0
# cleaned=0
# scan_time=15621

Alt 02.01.2013, 21:10   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.01.2013, 21:17   #28
Dr. Acula
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


Vielen Dank für die Hilfe ich war wirklich verzweifelt.
Nein weitere Probleme habe ich glücklicherweise nicht.
Dieses Forum ist wirklich sehr super und ich werde ganz sicher spenden.

Alt 02.01.2013, 21:18   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Standard

EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen: Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 2 1 2

Themen zu EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne
.dll, acer, administratorrechte, avg, avira, battle.net, desktop, free, gesperrt, home, laptop, modul, pmmupdate.exe, problem, programm, prozesse, registry, scan, seite, starten, suche, trojaner, trojaner board, trojaner-exp/cve-2012-4681.a.537-avira, virus, warnung, windows


« GVU-Trojaner (Ihr Computer ist gesperrt) | Zwei Trojaner / agent-61735 und 7473465 »

Ähnliche Themen: EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne


  1. Windows7: Trojaner EXP/CVE-2013-0422 und EXP/CVE-2012-4681 gefunden
    Log-Analyse und Auswertung - 02.05.2015 (21)
  2. Windows7: Trojaner EXP/CVE-2013-0422 und EXP/CVE-2012-4681 gefunden
    Mülltonne - 08.04.2015 (3)
  3. Avira meldet JAVA/Agent-Viren sowie EXP/Dldr.Java.O und EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (8)
  4. Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen
    Log-Analyse und Auswertung - 30.01.2013 (15)
  5. "HEUR:Exploit.Java.CVE-2012-4681.gen" entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (2)
  6. Wie entferne ich HEUR:Exploit.Java.CVE-2012-4681.gen von meinem Rechner ?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (29)
  7. HEUR:Exploit.Java.CVE-2012-4681.gen
    Log-Analyse und Auswertung - 26.11.2012 (23)
  8. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  9. HEUR:Exploit.Java.CVE-2012-4681.gen -wie entfernen
    Mülltonne - 15.11.2012 (1)
  10. HEUR:Exploit Java. CVE-2012-4681.gen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (24)
  11. Befall: EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (21)
  12. Trijaner-Downloader.JS.Agent.gmg+Heur:Exploit.Java.CVE.2012-4681.ger
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  13. Avira meldet Fund von EXP/2012-4681.AD
    Log-Analyse und Auswertung - 22.10.2012 (25)
  14. Viren-Warnung Avira: Exploit EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (1)
  15. EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden
    Log-Analyse und Auswertung - 19.09.2012 (29)
  16. EXP/2012-4681.N.1 & TR/Agent.trvv.2 erkannt. Was nun?
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (2)
  17. Qurantäne Datei Avira EXP/CVE-2012-4681 (unter anderem)
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne - Es gibt nicht immer was zum updaten und die Wiederherstellungskonsole unter Win7 schon garnicht, nur für XP! adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen - EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne...
Archiv
Du betrachtest: EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27