Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU auf Vista ; kein zugriff auf abgesischtern Modus!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.01.2013, 15:44   #1
MoNeY
 
GVU auf Vista ; kein zugriff auf abgesischtern Modus! - Standard

GVU auf Vista ; kein zugriff auf abgesischtern Modus!



Hallo ,
ich habe mir den GVU eingefangen .
Wie im Titel beschrieben , kann ich nicht auf den abgesicherten Modus vom Profil zugreifen .
Aber ich habe die Scans auf einen weitern Profil durchgeführt .
OTL:
Code:
ATTFilter
OTL logfile created on: 14.01.2013 11:21:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 64,89% Memory free
6,19 Gb Paging File | 5,18 Gb Available in Paging File | 83,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,68 Gb Total Space | 38,80 Gb Free Space | 8,52% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,38 Gb Free Space | 23,83% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.14 11:13:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uni\Downloads\OTL.exe
PRC - [2012.12.10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012.11.14 11:59:32 | 000,615,440 | ---- | M] () -- C:\Programme\EslWire\service\WireHelperSvc.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.04.09 16:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.11.08 07:31:08 | 000,667,648 | ---- | M] () -- C:\GIGABYTE FORCE\GIGABYTE FORCE.exe
PRC - [2011.09.24 02:58:48 | 000,397,312 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.09.24 02:58:18 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.08.15 18:13:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011.06.15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 17:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Programme\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.11.04 17:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010.11.04 17:15:32 | 002,219,184 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\System32\ASDR.exe
PRC - [2009.04.10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:24:21 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.10.23 01:40:14 | 000,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
PRC - [2006.10.22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2000.01.01 01:00:00 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.12 12:38:10 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6cd1063230763008a7c5ea6d77622613\WindowsFormsIntegration.ni.dll
MOD - [2013.01.12 12:35:14 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2cbdbc8bb7fcf0d7eb7a8d616e141d79\System.Core.ni.dll
MOD - [2013.01.12 12:35:03 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1179785f4c54c05377586bdb2c408acb\IAStorUtil.ni.dll
MOD - [2013.01.12 12:35:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\fa3cd8efa21ffb31222298c4ab8a08df\IAStorCommon.ni.dll
MOD - [2013.01.12 10:35:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013.01.12 10:35:46 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll
MOD - [2013.01.12 10:35:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013.01.12 10:35:28 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.12 10:35:06 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll
MOD - [2013.01.12 10:34:47 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.12 10:32:50 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll
MOD - [2013.01.12 10:32:01 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\668c039655437b25586280e1fbff8ef0\PresentationFramework.ni.dll
MOD - [2013.01.12 10:30:49 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll
MOD - [2013.01.12 10:30:09 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll
MOD - [2013.01.12 10:30:03 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.12 10:29:29 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011.11.08 07:31:08 | 000,667,648 | ---- | M] () -- C:\GIGABYTE FORCE\GIGABYTE FORCE.exe
MOD - [2011.09.24 02:17:48 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.09.23 21:23:12 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.03.21 16:30:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.12.09 20:29:16 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.12.09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.03.29 20:42:14 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.29 20:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 20:42:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.29 20:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.24 17:16:58 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.09 17:59:59 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.22 11:56:12 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.14 11:59:32 | 000,615,440 | ---- | M] () [Auto | Running] -- C:\Programme\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.27 19:12:26 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.24 02:58:18 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.08.15 18:13:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.07.07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.06.15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.11.04 17:18:10 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.11.04 17:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ASDR.exe -- (ASDR)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2000.01.01 01:00:00 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Running] -- C:\Windows\system32\drivers\IOMap.sys -- (IOMap)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2013.01.14 10:54:42 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012.11.14 11:59:24 | 000,867,344 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV - [2011.12.15 18:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011.10.05 19:05:25 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO.sys -- (EIO)
DRV - [2011.09.24 03:57:00 | 008,598,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.09.24 02:18:54 | 000,257,024 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.07.26 18:49:12 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011.06.06 23:06:42 | 000,081,936 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010.09.03 06:13:46 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010.07.29 12:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.07.29 12:31:26 | 000,096,920 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009.03.18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2000.01.01 01:00:00 | 000,319,592 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2000.01.01 01:00:00 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109989&babsrc=HP_ss&mntrId=e6f9663800000000000000219b17b856
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109989&babsrc=SP_ss&mntrId=e6f9663800000000000000219b17b856
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=83f3746d-dd95-43e5-a07b-09f069f6486b&apn_sauid=54AC8C80-2489-4373-9FE1-175ED7B660BC
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.5
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=109989&babsrc=adbartrp&mntrId=e6f9663800000000000000219b17b856&q="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\Daniel\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.http: "207.62.217.252"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Daniel\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.17 17:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.17 17:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 19:12:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 19:12:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.20 17:29:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.01.15 13:08:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 19:12:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 19:12:20 | 000,000,000 | ---D | M]
 
[2011.06.28 09:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2011.06.28 09:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.21 10:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions
[2012.12.21 10:55:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.03.24 17:11:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.10 15:26:21 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.02.23 20:03:31 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\battlefieldheroespatcher@ea.com
[2011.04.12 15:12:26 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\battlefieldplay4free@ea.com
[2012.09.15 14:22:04 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\ich@maltegoetz.de
[2012.05.24 12:13:27 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\toolbar@ask.com
[2011.09.15 13:10:27 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\vshare@toolbar
[2012.12.20 16:42:47 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2011.12.09 16:23:07 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012.11.24 16:38:42 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.05.24 12:13:27 | 000,002,328 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\askcom.xml
[2012.12.20 16:38:33 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-1.xml
[2011.06.10 15:12:30 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-2.xml
[2011.08.17 09:30:03 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-3.xml
[2011.09.01 18:07:53 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-4.xml
[2011.09.07 12:18:03 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-5.xml
[2011.09.12 21:31:30 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-6.xml
[2011.09.16 08:43:27 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-7.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin.xml
[2012.10.27 19:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.27 19:12:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.12.20 18:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions
[2012.12.20 18:07:26 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.12.20 18:07:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\updated\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.10.27 19:12:26 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.19 09:55:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.25 21:34:48 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.30 13:45:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.19 09:55:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012.06.19 09:55:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 09:55:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 09:55:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Daniel\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.8_0\
CHR - Extension: Media Hint = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.12_0\
CHR - Extension: YouTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Kalender = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: DivX HiQ = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: AdBlock = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: Troll Emoticons = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndllphbhpadfpoikpaofkkkpkpnmjik\4.6.7_0\
CHR - Extension: Google Mail-Checker = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Google Mail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [GMouse] C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE ()
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RestartNeroSetup] "F:\Adobe\Nero\Installation\SetupX.exe" File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 File not found
O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [Spotify Web Helper] C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Windows\System32\schtasks.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Uni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E7E103B-45E5-4941-AFA8-78C01B7F06F1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95172133-33D9-40B4-815E-38F9EEAE3F3E}: DhcpNameServer = 131.246.9.116 131.246.1.116
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000 Winlogon: Shell - (C:\Users\Daniel\AppData\Roaming\skype.dat) - C:\Users\Daniel\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\UNI\DESKTOP\TASK\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{027f2c52-5026-11e2-8daf-00219b17b856}\Shell - "" = AutoRun
O33 - MountPoints2\{027f2c52-5026-11e2-8daf-00219b17b856}\Shell\AutoRun\command - "" = F:\Installer.exe
O33 - MountPoints2\{16269461-201f-11e0-8abf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{16269461-201f-11e0-8abf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CheckID.exe
O33 - MountPoints2\{1fea36f2-20bf-11e0-ad25-00219b17b856}\Shell - "" = AutoRun
O33 - MountPoints2\{1fea36f2-20bf-11e0-ad25-00219b17b856}\Shell\AutoRun\command - "" = G:\Razor1911_Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.27 18:10:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\FUSSBALL MANAGER 13
[2012.12.27 17:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\FUSSBALL MANAGER 13
[2012.12.27 17:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2012.12.27 17:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2012.12.27 17:43:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Pro
[2012.12.27 17:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2012.12.27 17:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012.12.27 17:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\FIFA Manager 13
[2012.12.20 17:06:37 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Ashampoo
[2012.12.20 17:06:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\ashampoo
[2012.12.20 17:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.12.20 17:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2012.12.20 17:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012.12.17 16:32:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\HM1
[2011.03.05 14:28:40 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Daniel\AppData\Roaming\MinecraftSP.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.14 11:17:52 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013.01.14 11:17:46 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.14 11:17:46 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.14 11:17:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.14 11:17:41 | 3220,164,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.14 11:16:30 | 000,000,004 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\skype.ini
[2013.01.14 11:16:15 | 000,000,186 | ---- | M] () -- C:\Users\Daniel\defogger_reenable
[2013.01.14 10:55:42 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.14 10:54:42 | 000,012,984 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013.01.13 22:23:35 | 000,002,032 | ---- | M] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat
[2013.01.13 22:17:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2188088278-3483027397-1906438238-1000UA.job
[2013.01.13 21:19:43 | 000,058,880 | ---- | M] () -- C:\Users\Daniel\8394241.exe
[2013.01.13 19:33:32 | 000,139,832 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.01.13 19:33:21 | 000,281,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.01.13 19:24:24 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.01.13 17:17:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2188088278-3483027397-1906438238-1000Core.job
[2013.01.12 10:27:26 | 001,604,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.11 20:08:33 | 000,699,366 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.11 20:08:33 | 000,655,528 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.11 20:08:33 | 000,156,690 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.11 20:08:33 | 000,128,542 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.04 21:35:02 | 000,028,160 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.04 21:34:55 | 002,093,613 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.wmv
[2013.01.04 21:32:38 | 000,016,288 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.vf
[2013.01.04 21:31:53 | 109,836,288 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.avi
[2013.01.04 21:31:53 | 000,000,042 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.avi.sfl
[2013.01.04 21:31:19 | 000,016,288 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.vf.bak
[2013.01.04 21:12:50 | 000,089,232 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein.wmv.sfk
[2013.01.04 21:07:34 | 012,578,955 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein.wmv
[2013.01.01 19:36:36 | 000,003,345 | ---- | M] () -- C:\Users\Daniel\AppData\Local\recently-used.xbel
[2012.12.30 14:06:04 | 000,000,991 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.30 14:05:48 | 000,000,961 | ---- | M] () -- C:\Users\Daniel\Desktop\Dropbox.lnk
[2012.12.28 12:59:41 | 275,882,401 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.23 22:35:26 | 000,662,111 | ---- | M] () -- C:\Users\Daniel\Documents\Moler.jpg
[2012.12.23 22:33:43 | 003,655,712 | ---- | M] () -- C:\Users\Daniel\Documents\IMG_1014.JPG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.14 11:15:39 | 000,000,186 | ---- | C] () -- C:\Users\Daniel\defogger_reenable
[2013.01.13 21:50:02 | 3220,164,608 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.13 21:20:08 | 000,000,004 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\skype.ini
[2013.01.13 21:19:43 | 000,058,880 | ---- | C] () -- C:\Users\Daniel\8394241.exe
[2013.01.04 21:34:19 | 002,093,613 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.wmv
[2013.01.04 21:31:43 | 000,000,042 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.avi.sfl
[2013.01.04 21:31:42 | 109,836,288 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.avi
[2013.01.04 21:31:19 | 000,016,288 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.vf.bak
[2013.01.04 21:31:19 | 000,016,288 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.vf
[2013.01.04 21:12:39 | 000,089,232 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein.wmv.sfk
[2013.01.04 20:57:31 | 012,578,955 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein.wmv
[2013.01.01 19:36:36 | 000,003,345 | ---- | C] () -- C:\Users\Daniel\AppData\Local\recently-used.xbel
[2012.12.23 22:34:13 | 000,662,111 | ---- | C] () -- C:\Users\Daniel\Documents\Moler.jpg
[2012.12.23 22:26:26 | 003,655,712 | ---- | C] () -- C:\Users\Daniel\Documents\IMG_1014.JPG
[2012.12.07 21:40:40 | 000,042,440 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012.08.14 16:04:21 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.07.03 21:48:36 | 000,054,704 | ---- | C] () -- C:\Users\Daniel\info.pdf
[2012.05.27 12:30:58 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI
[2012.05.27 12:21:52 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat
[2012.05.20 09:27:47 | 000,605,033 | ---- | C] () -- C:\Users\Daniel\se2_ws2012_6_UML_Analyse.pdf
[2012.05.20 09:27:39 | 000,505,341 | ---- | C] () -- C:\Users\Daniel\se2_ws2012_5_Projektplanung.pdf
[2012.05.14 15:38:52 | 000,212,317 | ---- | C] () -- C:\Users\Daniel\CS_12-Exercise-2.pdf
[2012.04.25 14:20:22 | 000,172,702 | ---- | C] () -- C:\Users\Daniel\RDP.pdf
[2012.04.25 14:10:52 | 000,481,204 | ---- | C] () -- C:\Users\Daniel\Drucken_Vista.pdf
[2012.04.23 18:42:45 | 000,143,430 | ---- | C] () -- C:\Users\Daniel\CS_12-Exercise-1.pdf
[2012.04.19 16:52:52 | 000,051,077 | ---- | C] () -- C:\Users\Daniel\p01.pdf
[2012.04.17 12:16:45 | 001,291,945 | ---- | C] () -- C:\Users\Daniel\HM1_Skript.pdf
[2012.04.17 12:16:02 | 000,941,173 | ---- | C] () -- C:\Users\Daniel\se2_ws2012_2_Motivation.pdf
[2012.04.17 12:07:54 | 000,040,868 | ---- | C] () -- C:\Users\Daniel\info_internet.pdf
[2012.04.17 12:07:02 | 000,115,949 | ---- | C] () -- C:\Users\Daniel\saalübung01.pdf
[2012.04.17 12:06:54 | 000,031,840 | ---- | C] () -- C:\Users\Daniel\grundwissen hm1.pdf
[2012.04.13 18:57:53 | 000,053,066 | ---- | C] () -- C:\Users\Daniel\anti_memkey_jacky.jpg
[2012.04.13 18:55:25 | 000,034,469 | ---- | C] () -- C:\Users\Daniel\anti_memkey.jpg
[2012.04.13 18:52:37 | 000,011,648 | ---- | C] () -- C:\Users\Daniel\ludwig^^.jpg
[2012.04.13 18:50:55 | 000,048,146 | ---- | C] () -- C:\Users\Daniel\memekey_partey_hard.jpg
[2012.04.13 18:50:01 | 000,056,278 | ---- | C] () -- C:\Users\Daniel\memekey_gif.jpg
[2012.04.13 18:48:18 | 000,047,401 | ---- | C] () -- C:\Users\Daniel\memekey_penis.jpg
[2012.04.13 18:47:17 | 000,052,663 | ---- | C] () -- C:\Users\Daniel\memekey_bedroom.jpg
[2012.04.13 18:45:43 | 000,058,047 | ---- | C] () -- C:\Users\Daniel\memekey_home.jpg
[2012.04.13 18:44:25 | 000,051,160 | ---- | C] () -- C:\Users\Daniel\memekey_beer.jpg
[2012.04.13 18:42:14 | 000,066,276 | ---- | C] () -- C:\Users\Daniel\memekey_waka.jpg
[2012.04.13 18:14:22 | 000,091,530 | ---- | C] () -- C:\Users\Daniel\memekey_forgot.rar
[2012.04.13 18:07:41 | 000,062,505 | ---- | C] () -- C:\Users\Daniel\memekey_forgot.jpg
[2012.04.13 18:06:09 | 000,054,414 | ---- | C] () -- C:\Users\Daniel\memekey_trap.jpg
[2012.03.29 23:04:35 | 000,039,583 | ---- | C] () -- C:\Users\Daniel\memekey_timmay.jpg
[2012.03.29 23:03:48 | 000,052,347 | ---- | C] () -- C:\Users\Daniel\memekey_tintin.jpg
[2012.03.29 23:00:09 | 000,053,386 | ---- | C] () -- C:\Users\Daniel\memekey_job.jpg
[2012.03.29 22:58:02 | 000,052,633 | ---- | C] () -- C:\Users\Daniel\memekey_downs.jpg
[2012.03.29 22:54:48 | 000,051,485 | ---- | C] () -- C:\Users\Daniel\memekey_allah.jpg
[2012.03.29 22:51:48 | 000,052,428 | ---- | C] () -- C:\Users\Daniel\memekey_ass.jpg
[2012.03.17 21:10:00 | 000,051,027 | ---- | C] () -- C:\Users\Daniel\memekey_hasenfuss.jpg
[2012.03.17 21:00:39 | 000,059,503 | ---- | C] () -- C:\Users\Daniel\memekey_whazzzz.jpg
[2012.03.17 20:59:41 | 000,062,599 | ---- | C] () -- C:\Users\Daniel\memekey_Spongebob.jpg
[2012.03.15 21:58:30 | 000,051,606 | ---- | C] () -- C:\Users\Daniel\memekey_surprised.jpg
[2012.03.15 21:57:09 | 000,055,726 | ---- | C] () -- C:\Users\Daniel\memekey_vacation.jpg
[2012.03.15 13:21:57 | 000,067,201 | ---- | C] () -- C:\Users\Daniel\memekey_kamera.jpg
[2012.03.15 13:16:05 | 000,033,257 | ---- | C] () -- C:\Users\Daniel\memekey_ohne.jpg
[2012.03.14 21:07:13 | 000,063,939 | ---- | C] () -- C:\Users\Daniel\memekey.jpg
[2012.03.14 20:59:32 | 000,009,846 | ---- | C] () -- C:\Users\Daniel\img-thing.jpg
[2012.03.08 22:39:40 | 000,000,043 | ---- | C] () -- C:\Users\Daniel\qm.gif
[2012.03.06 13:15:32 | 000,004,494 | ---- | C] () -- C:\Users\Daniel\.swfinfo
[2012.02.20 15:11:22 | 000,066,458 | ---- | C] () -- C:\Users\Daniel\Zwischenklasur_Lösung.htm
[2012.02.17 16:27:06 | 000,042,895 | ---- | C] () -- C:\Users\Daniel\ProMa_2009_April.pdf
[2012.02.16 18:17:38 | 021,421,467 | ---- | C] () -- C:\Users\Daniel\zusammenfassung.pdf
[2012.02.16 18:13:08 | 000,824,881 | ---- | C] () -- C:\Users\Daniel\klausurtipps.pdf
[2012.02.14 10:42:48 | 000,187,546 | ---- | C] () -- C:\Users\Daniel\Vorlesungsinhalte.pdf
[2012.02.10 10:57:56 | 001,335,643 | ---- | C] () -- C:\Users\Daniel\07-Steuerung.pdf
[2012.02.10 10:09:49 | 002,005,012 | ---- | C] () -- C:\Users\Daniel\06-Planung.pdf
[2012.02.01 17:45:00 | 000,278,813 | ---- | C] () -- C:\Users\Daniel\uebung14.lhv.pdf
[2012.01.31 22:29:27 | 000,151,895 | ---- | C] () -- C:\Users\Daniel\internet-memes-rage-face-drinking-game.png
[2012.01.29 15:58:41 | 000,039,099 | ---- | C] () -- C:\Users\Daniel\04.jpg
[2012.01.29 15:53:48 | 001,990,702 | ---- | C] () -- C:\Users\Daniel\6.gif
[2012.01.29 15:19:40 | 000,196,080 | ---- | C] () -- C:\Users\Daniel\6544345315_b103854b47_z.jpg
[2012.01.29 15:19:37 | 000,020,419 | ---- | C] () -- C:\Users\Daniel\shoe_on_head_6.jpg
[2012.01.29 15:00:34 | 000,058,925 | ---- | C] () -- C:\Users\Daniel\If you know what I mean..png
[2012.01.24 16:52:26 | 000,035,908 | ---- | C] () -- C:\Users\Daniel\tumblr_lxje1ufTT41qzzdop.jpg
[2012.01.24 16:00:04 | 000,197,516 | ---- | C] () -- C:\Users\Daniel\uebung13.lhv.pdf
[2012.01.24 15:49:38 | 000,489,257 | ---- | C] () -- C:\Users\Daniel\uebung12.lhv.pdf
[2012.01.23 14:55:24 | 000,378,550 | ---- | C] () -- C:\Users\Daniel\Unbenannt-1.psd
[2012.01.23 14:55:09 | 000,053,653 | ---- | C] () -- C:\Users\Daniel\gutschein.jpg
[2012.01.18 10:39:18 | 000,156,871 | ---- | C] () -- C:\Users\Daniel\400359_345313688814833_100000086130202_1318334_342874193_n.jpg
[2012.01.17 15:08:27 | 000,097,696 | ---- | C] () -- C:\Users\Daniel\templatejava.pdf
[2012.01.17 14:49:18 | 004,451,786 | ---- | C] () -- C:\Users\Daniel\proma-10.pdf
[2012.01.17 14:48:16 | 002,839,858 | ---- | C] () -- C:\Users\Daniel\09-Qualitaetsmanagement.pdf
[2012.01.11 16:20:32 | 000,058,880 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\skype.dat
[2012.01.09 19:30:33 | 000,178,648 | ---- | C] () -- C:\Users\Daniel\Blatt10.pdf
[2012.01.09 13:40:39 | 000,316,030 | ---- | C] () -- C:\Users\Daniel\scan0010.pdf
[2012.01.09 13:22:02 | 000,199,320 | ---- | C] () -- C:\Users\Daniel\se32.pdf
[2012.01.09 13:21:34 | 000,159,611 | ---- | C] () -- C:\Users\Daniel\se33.pdf
[2012.01.08 23:44:11 | 005,278,584 | ---- | C] () -- C:\Users\Daniel\bollywood.gif
[2012.01.08 23:40:17 | 000,510,434 | ---- | C] () -- C:\Users\Daniel\33.gif
[2012.01.08 23:38:58 | 000,469,057 | ---- | C] () -- C:\Users\Daniel\19.gif
[2012.01.08 23:36:33 | 001,316,008 | ---- | C] () -- C:\Users\Daniel\29_2.gif
[2012.01.08 23:28:36 | 000,507,362 | ---- | C] () -- C:\Users\Daniel\29.gif
[2012.01.04 13:28:10 | 000,118,238 | ---- | C] () -- C:\Users\Daniel\induktion.pdf
[2012.01.03 17:07:02 | 001,587,963 | ---- | C] () -- C:\Users\Daniel\08-Unterstuetzende_Prozesse.pdf
[2012.01.02 13:39:25 | 000,091,075 | ---- | C] () -- C:\Users\Daniel\The Tuthyiyx.png
[2012.01.02 13:39:02 | 000,091,075 | ---- | C] () -- C:\Users\Daniel\The Tuthyiyx
[2012.01.02 13:25:52 | 000,031,037 | ---- | C] () -- C:\Users\Daniel\you+know+it+s+true.+I+like+to+look+at+tags_84b9cc_3110520.jpg
[2011.12.30 13:54:22 | 000,000,201 | ---- | C] () -- C:\Users\Daniel\.Xauthority
[2011.12.18 19:15:44 | 000,329,238 | ---- | C] () -- C:\Users\Daniel\Blatt09.pdf
[2011.12.15 21:08:50 | 000,143,122 | ---- | C] () -- C:\Users\Daniel\se41.pdf
[2011.12.14 14:56:43 | 000,375,183 | ---- | C] () -- C:\Users\Daniel\proma-8.pdf
[2011.12.14 10:01:14 | 000,177,092 | ---- | C] () -- C:\Users\Daniel\se44.pdf
[2011.12.14 10:00:59 | 000,515,855 | ---- | C] () -- C:\Users\Daniel\se43.pdf
[2011.12.13 15:28:38 | 000,211,367 | ---- | C] () -- C:\Users\Daniel\Blatt08.pdf
[2011.11.30 16:23:14 | 002,188,448 | ---- | C] () -- C:\Users\Daniel\proma-6.pdf
[2011.11.30 16:13:31 | 004,072,307 | ---- | C] () -- C:\Users\Daniel\05-Schaetzung.pdf
[2011.11.30 11:26:55 | 000,180,850 | ---- | C] () -- C:\Users\Daniel\Blatt06.pdf
[2011.11.24 15:59:52 | 001,285,048 | ---- | C] () -- C:\Users\Daniel\04-Projektorganisation.pdf
[2011.11.24 15:59:06 | 005,213,444 | ---- | C] () -- C:\Users\Daniel\proma-5.pdf
[2011.11.21 16:56:54 | 000,272,296 | ---- | C] () -- C:\Users\Daniel\Blatt05.pdf
[2011.11.17 15:28:00 | 010,968,369 | ---- | C] () -- C:\Users\Daniel\proma-4.pdf
[2011.11.16 11:51:49 | 001,204,056 | ---- | C] () -- C:\Users\Daniel\AS_Teil4.pdf
[2011.11.16 11:23:55 | 000,369,979 | ---- | C] () -- C:\Users\Daniel\se31.pdf
[2011.11.16 10:33:43 | 002,510,901 | ---- | C] () -- C:\Users\Daniel\ags_04.pdf
[2011.11.13 11:07:24 | 000,169,295 | ---- | C] () -- C:\Users\Daniel\Blatt04.pdf
[2011.11.13 10:57:32 | 000,102,933 | ---- | C] () -- C:\Users\Daniel\blatt_4.pdf
[2011.11.11 22:36:08 | 000,092,685 | ---- | C] () -- C:\Users\Daniel\vereinbarung16.pdf
[2011.11.09 15:27:45 | 002,189,657 | ---- | C] () -- C:\Users\Daniel\03-Projektverlauf.pdf
[2011.11.09 15:27:36 | 001,770,343 | ---- | C] () -- C:\Users\Daniel\02-Gegenstand_von_SW-Projekten.pdf
[2011.11.09 10:10:34 | 000,393,630 | ---- | C] () -- C:\Users\Daniel\uebungsblatt.pdf
[2011.11.09 10:08:00 | 003,646,411 | ---- | C] () -- C:\Users\Daniel\proma-3.pdf
[2011.11.09 10:06:32 | 002,254,743 | ---- | C] () -- C:\Users\Daniel\uebung.pdf
[2011.11.07 15:35:35 | 012,243,067 | ---- | C] () -- C:\Users\Daniel\ags_03.pdf
[2011.11.07 14:14:26 | 000,089,907 | ---- | C] () -- C:\Users\Daniel\blatt_3.pdf
[2011.10.31 16:52:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.10.23 10:24:43 | 000,000,680 | RHS- | C] () -- C:\Users\Daniel\ntuser.pol
[2011.10.08 19:42:55 | 001,660,844 | ---- | C] () -- C:\Users\Daniel\ts3_recording_11_10_08_20_42_52.wav
[2011.10.07 16:14:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.10.07 16:13:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.10.07 16:00:39 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.09.24 02:17:48 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.09.23 21:15:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.09.20 09:51:13 | 000,001,100 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d8caps.dat
[2011.09.15 13:18:21 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.09.12 21:31:03 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.09.07 10:45:20 | 000,721,964 | ---- | C] () -- C:\Users\Daniel\ts3_recording_11_09_07_11_45_18.wav
[2011.08.17 20:48:44 | 000,237,701 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.07.19 14:57:05 | 001,146,156 | ---- | C] () -- C:\Users\Daniel\ts3_recording_11_07_19_15_57_2.wav
[2011.07.05 19:39:05 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011.06.03 20:46:52 | 000,000,094 | ---- | C] () -- C:\Users\Daniel\AppData\Local\fusioncache.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.29 17:34:22 | 000,139,832 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.03.29 17:34:22 | 000,138,056 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\PnkBstrK.sys
[2011.03.29 17:33:59 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini
[2011.03.20 14:12:30 | 000,281,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.03.20 14:12:28 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.03.05 23:33:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.03.05 14:28:40 | 000,290,797 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\minecraft_name.jar
[2011.03.05 14:28:40 | 000,232,501 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Minecraft.exe
[2011.03.05 14:28:40 | 000,051,765 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Minecraft.jar
[2011.03.05 14:28:40 | 000,000,133 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\zan.settings
[2011.03.05 14:28:40 | 000,000,008 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\lastlogin
[2011.02.11 17:48:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.15 18:42:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.01.15 13:11:57 | 000,028,160 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.14 21:51:07 | 000,002,032 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.02.08 15:20:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\.minecraft
[2011.10.14 10:34:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\2K Sports
[2011.07.05 19:43:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\AnvSoft
[2012.12.20 17:06:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ashampoo
[2012.02.25 21:34:46 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Babylon
[2012.02.12 19:50:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BigHugeEngine
[2011.01.17 14:34:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\bin
[2011.07.25 14:23:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Chirurgie Simulation
[2011.10.17 14:40:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Clonk
[2011.10.17 15:01:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Clonk Rage
[2011.01.15 16:53:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
[2012.12.27 17:43:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Pro
[2011.06.16 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DeepBurner
[2013.01.14 10:56:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dropbox
[2011.09.13 15:35:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoft
[2011.01.17 14:36:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.11 19:22:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Free Download Manager
[2011.08.19 09:47:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GameRanger
[2012.04.04 22:02:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2011.11.13 15:05:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ghc
[2013.01.14 10:53:10 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\go
[2012.09.20 17:06:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2011.01.15 17:10:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech
[2011.01.17 17:32:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Local
[2011.02.08 19:40:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient
[2012.05.24 10:14:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient2
[2011.01.31 14:21:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ManyCam
[2011.01.17 14:34:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\minecraft_name_src
[2011.02.07 16:04:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\NeatImage SL
[2011.01.15 15:27:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Octoshape
[2011.01.20 14:53:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org
[2011.06.18 20:42:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Opera
[2012.08.09 10:48:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Origin
[2011.03.12 10:47:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PACE Anti-Piracy
[2011.08.31 16:32:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Publish Providers
[2011.03.20 14:12:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PunkBuster
[2011.01.17 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\resources
[2011.08.31 12:34:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Rovio
[2011.01.17 14:34:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\saves
[2012.07.23 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\six-updater
[2012.07.23 15:19:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\six-zsync
[2011.05.04 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Softpark
[2011.08.31 16:32:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Sony
[2012.04.03 09:26:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SplitMediaLabs
[2013.01.04 21:59:57 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Spotify
[2011.04.16 19:48:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\StreamTorrent
[2012.08.27 12:40:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\temp
[2011.01.03 16:32:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\texturepacks
[2011.05.23 08:15:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\The Creative Assembly
[2011.06.28 09:27:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird
[2012.01.04 15:18:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Trine2
[2012.06.23 10:05:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TS3Client
[2011.12.29 19:41:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Tunngle
[2011.07.03 19:05:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012.01.06 23:06:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ubisoft
[2011.03.12 10:51:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Unity
[2011.09.30 10:50:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Updates
[2012.07.23 14:31:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\X-Chat 2
[2012.02.10 14:36:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\XMedia Recode
[2012.07.15 10:14:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\yWorks
[2011.10.27 19:27:08 | 000,000,000 | ---D | M] -- C:\Users\Uni\AppData\Roaming\ICQ
[2011.10.26 12:09:42 | 000,000,000 | ---D | M] -- C:\Users\Uni\AppData\Roaming\OpenOffice.org
[2011.10.23 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Uni\AppData\Roaming\Opera
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C8B8CEBD

< End of report >
         


Leider musste ich den GMER abbrechen und ist zulange um ihn zu posten befindet sich aber im Anhang

mfg MoNeY
Angehängte Dateien
Dateityp: zip Scans.zip (124,9 KB, 53x aufgerufen)

Alt 14.01.2013, 15:45   #2
MoNeY
 
GVU auf Vista ; kein zugriff auf abgesischtern Modus! - Standard

GVU auf Vista ; kein zugriff auf abgesischtern Modus!



Hier noch der EXTRA da post zulange war :

Code:
ATTFilter
OTL Extras logfile created on: 14.01.2013 11:21:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 64,89% Memory free
6,19 Gb Paging File | 5,18 Gb Available in Paging File | 83,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,68 Gb Total Space | 38,80 Gb Free Space | 8,52% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,38 Gb Free Space | 23,83% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-2188088278-3483027397-1906438238-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DFA02DF-3990-4DFB-BF38-F93F77E540D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{103833D1-1A6A-4592-AE60-4D509A9A48D3}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher | 
"{18102C43-E699-4CD2-82E2-3675E1E0203B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25263209-2C04-470E-AF85-9B3C6C142695}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{30949936-355B-4A3D-A9F2-4DE594B9ABA9}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{54FA92C3-F4D6-4DD5-A6DB-99AB84EDAAC2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{59CC743F-E14F-4947-822E-351C7764CD90}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher | 
"{5C233865-2617-435F-9D73-D1FF02FC9117}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5EFF2746-8321-41C5-9B78-65EAE93F4E87}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{600C7F2C-3CC9-48B3-8DF9-32E1669D2D9A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{75A0F0EB-9136-4048-AE44-98888078D748}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{78247373-4D4E-4C6A-8641-57AB850B0E34}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{7E5B0AE0-A5DB-4364-A670-339E74A150A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{87877674-3959-42D4-BFEC-A2D6803541C9}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{975A57D4-4D87-4D07-92D2-BDA385882150}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{A1063E8E-7DA4-4415-A446-F24652E86692}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{C33F540A-1A7B-4C02-8D16-65ADAC705923}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CC1C9A56-2409-4E5A-B6EE-5B4FB4DBE354}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00258357-3447-41B0-A17C-1CD9F3AF106B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{0201071B-6D18-41B9-B169-D89A261BA4C8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{02A9CEEF-7A06-40BE-BD38-0ED3FE27D786}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{03510E0F-B597-483A-AA45-5498CC7DAEB9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{03514B56-D490-4A57-8F65-F0F202C1C887}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{05E54162-5F6F-4C9E-B711-D76B07112C8B}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{06A445B8-85D3-474A-B169-EEAF8FDF3987}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{07BCAC89-759C-4A06-81BD-26C94F500D06}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{0C835EE6-5576-433F-92B3-0390411E87DC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{0EC215A4-1469-4B52-97AB-EB8B7BD0EE2B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{0FD6CAB4-8758-4E21-A63F-37A7BADD0F3F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{1299CF54-715C-47B7-8618-988BCDC54539}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\wcmannchen\counter-strike source\hl2.exe | 
"{12CA4B9B-86E1-41CF-B347-8B95E3D1A713}" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k11\nba2k11.exe | 
"{141DE309-9724-4DA6-802E-F14D7362B9EE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\halloman17\counter-strike source\hl2.exe | 
"{14AEF40E-3C2E-43D4-AA8D-05385D1D8579}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{175C4CB9-F9FF-4FC0-9714-E64742D022E9}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{18D51076-DF77-4908-A447-D0F68E6FC45E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{1B22F823-14DA-4EBB-BC27-B640C1CD6A10}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{1BB186E7-A76A-4850-8318-C19110DBC26E}" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1D71AA0D-2A82-4E0B-BB8B-4DFADBC47319}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{1F13FA79-27BF-4CCB-87E6-62303EF22EA4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{203C165A-4681-457E-826F-8B84CF026359}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{21DA3E50-109F-4CD3-AF7D-83A36000368A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{23A2779B-E1B1-4D8B-94A1-6689F8177B21}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{26925409-B4C4-49DF-A38E-522781269696}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{2954DC42-3090-4A81-A81F-F4DF8908315C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2B6A178C-299C-4C87-9387-E75C4712B3EF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{2BA33A97-E08E-42FE-B0D9-00D2B30F3AB0}" = protocol=6 | dir=in | app=c:\program files\codemasters\f1 2010\f1_2010_game.exe | 
"{2C91BDFD-04F5-462F-AA44-DCA713FCBD53}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{2F10E28E-A702-433C-8AE8-9FCC62A86203}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{31499112-E182-4F22-BD39-623809661C20}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{3242C4B0-8467-4109-BF77-AF90CCE671E6}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{33650F66-A950-47E8-AF8B-FB6562AA4820}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{33877CAE-4D8E-4480-9A5F-CB5FE513FB61}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{3504D1F5-2116-4C5B-9007-75F473EC670D}" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k11\nba2k11.exe | 
"{355E2732-B81E-4EFA-A0C5-65A8A0C1F1F3}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{3777DE54-4A69-48F8-AE5D-A866C57C4DDC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\men of war assault squad goty demo\mow_assault_squad.exe | 
"{39230022-53F2-4E2D-ADEC-FA3BCFE9AE8D}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3 beta\bf3.exe | 
"{39E13CA8-C4C1-4C83-AF67-5C9F3741E117}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{3A1C2A55-6E8E-41FE-A41F-5D75C2896D54}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{3C8C2A07-2DA9-458C-BFC6-80A34D924053}" = protocol=6 | dir=out | app=system | 
"{3CA0CD00-17A9-443C-A9D7-10AFBF047BE3}" = protocol=17 | dir=in | app=c:\program files\codemasters\operation flashpoint red river\redriver.exe | 
"{3CFC54E9-64E5-4060-8B61-91BDDBA08219}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{3F357FA1-018C-449D-9C0E-716FBF005519}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{3F70C872-5D8F-453B-8EEC-453B210C1DF3}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{40566402-4B94-4F95-AEAF-0E54DBA72DD2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{43D242DC-E7EB-4D04-B7B9-00050015D8CC}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{457A9B87-65B6-4D1E-AE9A-62C5794103A1}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{46D94543-20BE-4E44-BB49-D7E00334B7BC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{499ABCC7-813D-45E6-9B5C-1F1532D33604}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{4A2BC1B7-3318-4F3D-8F69-809657EFF857}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{4C0CE07F-B077-4757-8BE7-C13967CAF379}" = protocol=6 | dir=in | app=c:\program files\codemasters\operation flashpoint red river\redriverlauncher.exe | 
"{4F9AD14D-7B90-41D8-8FAC-9F5C78FE548C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{532CEECD-B089-4333-90AA-ACD893C75D56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5847A0AF-FB24-4537-9888-9E7C9CCB066E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{5A9A14D0-80FD-4FEE-95E9-DDD3264FA505}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{5B441D14-D1C3-49D2-9A21-9D0AB2A4C105}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii public test.exe | 
"{5BE05252-0937-471A-AC1F-8DF9E734574C}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{5CFFC95D-7077-4731-A85D-FF28EB46B42C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3.exe | 
"{5D9F67DE-329D-4A14-81AC-96D5971AB178}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\halloman17\counter-strike\hl.exe | 
"{6280EF92-84B0-49A9-89AC-048E4B5AADDF}" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k12\nba2k12.exe | 
"{63CC1ED0-A107-4E0C-B494-259F164EE6AA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{63FF7BD8-EA97-4603-9E52-21B3A664E3EE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{65AF8BAF-759B-4C4B-98F2-FAB9EE215FA5}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa 13 demo\game\fifa13_demo.exe | 
"{66921840-9168-408F-9391-221FD72251FE}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{66AF59ED-033B-4C7A-9D9C-E15BAA4AFACD}" = dir=in | app=c:\program files\eslwire\wire.exe | 
"{67CCB115-BDFB-4C2E-949D-42D4B59A07BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{69306788-CD6B-453D-877A-85B5F3B6EA18}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\men of war assault squad goty demo\mow_assault_squad.exe | 
"{6B0CB202-2028-4898-B9FF-1DF1F0365359}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3 beta\bf3.exe | 
"{6B1F54C4-6BBD-4870-9287-B2F4D969ED98}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{6C1A2388-DBD9-4AE7-81E9-2AB81347B5B0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{6CFA75FB-5B18-40FF-BFDA-5CDA9D2B059F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6FB3E0C4-901D-42C0-83EB-122BE61668B6}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{700F8A7D-399B-42AB-9993-90316B4F5CA5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{707B10DD-208D-43F2-8FEF-93CD3A685341}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{70C1F727-07C1-4582-AC86-E0F22D17FBE0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{71A7C5EF-B9AB-49A7-997A-6AED240944FB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{72548612-557E-413B-85F3-562F7CFA952F}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{737145D4-FD8C-4DA1-86B5-C70D95257B3F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{73743A30-B835-401D-9D48-6BBA4EF70D79}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{752EE1E9-6056-4574-B8E5-FC9249A0DD84}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{7565BC31-4EE7-4D06-8243-F7E899C69A9D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{77169ABE-64B1-4D6F-BEF6-7D7A782B0F4F}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{78FF9B2B-D775-4BAD-8194-B02D67BA7498}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{79DF78C2-0FD4-46E1-B031-EE00FCD67ED4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{79FB8C6C-B946-413F-9EC4-E381E2B4BDB2}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{7AB3D400-03C2-4F2A-AF92-480D3EAE2F39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D194723-4B44-44CF-A3EC-5BED016B1CB1}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{805901AF-0588-4446-ADDF-F7092574D9A4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\wcmannchen\counter-strike source\hl2.exe | 
"{821170D9-D7D4-42A2-BF2B-884964670628}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{829D3561-D11D-426B-BBAE-EDA3EC80BD10}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa 13 demo\game\fifa13_demo.exe | 
"{83001C4D-55D4-4601-A028-C9AFB9E97720}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{8A6B5855-3D9D-463C-93D9-57AF9C2E02D2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{8D7E2FEE-5079-4E71-93F8-FE38EBCA5A89}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{8D8B32C3-7212-4F53-85E5-3BC2CC93AED5}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{91857373-D80D-400C-91F1-A2B09E0DB0E2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{97F3828E-27F5-409D-840C-80F44FB6E3E8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{99AFB7AA-CCA1-4A91-B956-44C80FC036DE}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{99D35792-0A0A-418E-BA07-5A9D802D4F42}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{9DF0439B-2DDA-440C-BE85-B547C0095187}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 
"{A14ED06E-0D2C-4E1B-882A-C5407B564F28}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3.exe | 
"{A209EB88-92FC-451C-A5E5-77DF2019F620}" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A2966470-3DF2-49C0-8D00-12826ED9B8A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A2C7EBDF-DAE6-477E-A95B-2A776B7FA7F9}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{A3B55E51-C0B0-43CB-998A-BD87115EE079}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{A5EB0E68-4C35-4194-9F9A-6252C07F39BD}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{A815DB50-FF80-4BFE-AA34-85EE79628D52}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{A84F3550-A68D-42E0-8C10-4ACEEFD34AA5}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{A9636803-7BC8-4CD6-84B7-267EB9E0E1F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AAB5D569-37B8-48ED-B374-7C96CC77DEF7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{AC7710E7-6D16-4B4A-B9B4-C813773407B1}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{AD18A5C0-9312-4E12-940E-3FE58239350D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{AD884ACD-FF35-41FC-BE07-CD1350FE4338}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{B0EC59AE-499A-4979-B20D-067AE441245E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B18D348C-295D-4C54-BB33-C68120FA628A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{B1B0E31D-5B92-400A-A350-1E0AEC1E5B9C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{B21839E9-C9F1-48AF-A3C5-4468C528DC53}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution beta\dow2.exe | 
"{B47A34AB-57A7-44C5-8A02-503D886416DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B5A1657C-F969-4D29-AAA7-2DA882D5FB25}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{B5CD272D-D238-4A56-8AA5-926169D2A0F7}" = protocol=6 | dir=in | app=c:\program files\codemasters\operation flashpoint red river\redriver.exe | 
"{B641B7DD-AC07-4C21-ABB3-D3AD334BCA61}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{B774657D-A38C-4C2F-B186-9611BB399011}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B9D5D0D9-6CFA-40BE-9631-51AB2A0F8FB2}" = dir=out | app=c:\program files\eslwire\wire.exe | 
"{BB3B0ED8-F21B-4223-AB53-15ECE43E0C65}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{BBE58B8F-4702-4F33-8E99-950432A9CAE6}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{BC5A8476-5276-429F-B942-53435B8E9629}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{BCD126D0-77CA-46AB-9E00-857F232C9E7A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{BE09C14D-9CBB-42A9-B5CB-B16F8C411504}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution beta\dow2.exe | 
"{BF5E7EAB-7483-47F3-BAF0-E34CCE356A0D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bastion\bastion.exe | 
"{C0563C2E-D07C-4126-96DC-4B93800A2B7C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{C0F66D18-AF8B-445F-8E90-1B52B0E32572}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2\arma2.exe | 
"{C5E43C90-9CE8-4271-9F7C-E510A6025FCF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C7448F07-DE52-4A2F-921C-4FFB1B1562EE}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{C76AAD38-4DC5-48DF-813C-4F7D91D2BACF}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii public test.exe | 
"{C7EBAE1F-E6F3-495F-A7EC-20377F01C1A6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{CC7DEC05-5993-4F3D-81BD-658B8BFEAE6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CE5E4519-0DB0-483D-9C0F-07FFD45D7AAC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2\arma2.exe | 
"{CF4D1D90-0561-4337-8ABA-EC596D193E43}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{CF777DDD-F21F-4707-9A0F-D6B65A43CEC7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\halloman17\counter-strike source\hl2.exe | 
"{D4829EAE-40C9-472C-AAAA-8878F7C3C391}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{D52A7C59-EBC1-4872-9783-6B2BAE8407EE}" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k12\nba2k12.exe | 
"{D6D228E0-8011-45BE-8BA7-4E11DF62F7B6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{D971C0CA-6288-4A85-A053-936F979EB4FF}" = protocol=17 | dir=in | app=c:\program files\codemasters\f1 2010\f1_2010_game.exe | 
"{DAF833FA-F5CF-4857-BCE6-CC21855B64E7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{DB3F9FA9-6CCC-4728-B3F2-186A055B5A45}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{DBF0CFA5-A35A-4EDA-B4E5-0A61EBE1262F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{DBF74883-84F1-4489-AF87-E68B8F7BE67A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{DEC2BD97-6BAA-48A7-9D7F-126FA8FB08A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF4FD627-07AD-42ED-BE7C-AAA9E93C9EBA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{E3EE1797-2105-4531-B17A-6B26DCE93A00}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{E7CAB2EC-6DF5-41D8-82A6-37EACC0A5377}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{E975DAE2-5C2A-406A-9A8A-D05974A3EB35}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\halloman17\counter-strike\hl.exe | 
"{E9C80556-51B1-4E8F-B819-F42BFAAD5F1E}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{EB04AB32-4D11-41E9-9A99-BFFA0F2425A6}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{EC0987A2-FDBD-4B86-AEB4-AE025492E769}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{EEF71D00-0F3E-4ACB-9466-E026C3ACCD79}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{F0B7CCED-31B6-44F0-BE23-AA7BBAF50681}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{F3333135-2D64-4275-8599-E1EF3B7F4FF1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F48472CA-CE14-417D-A3D5-2A22739833B3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{F4E2383F-A86A-41FF-BE8C-D534F328AF27}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{F51C50F1-7211-40EB-9940-C1BCFFE3A7C3}" = protocol=17 | dir=in | app=c:\program files\codemasters\operation flashpoint red river\redriverlauncher.exe | 
"{F5C3A225-EC59-4D69-B971-9889BCBB2240}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{F65ED5BE-0759-4BAE-BABD-C4685DD3BB0E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{F6CE2C73-4C7A-4AF9-9B85-52807A77A702}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 
"{F9EA1548-0346-4EBB-9FEB-C4EDE46FE521}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{FBF0320F-E0D4-48EE-9970-5B065FDD3D0C}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{FC8934E0-70A8-4D42-824D-42C3D7462C0C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bastion\bastion.exe | 
"{FD78212C-B74A-4EA4-BF86-16C86F33C355}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{FE03A96C-F367-4B5F-BB4C-D4BDE44E7997}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"TCP Query User{0117DC79-08A4-4E91-A1AC-C2990930DDA9}C:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\bugreport\bugreport.exe | 
"TCP Query User{011DE3B6-240F-446A-A925-02E603B29C56}C:\program files\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"TCP Query User{02291741-5AEF-411E-901B-D2325E4F02C4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{0813A8D9-EA31-4BF4-AD8A-819654B242A5}C:\users\daniel\desktop\mcserver\mcserver.exe" = protocol=6 | dir=in | app=c:\users\daniel\desktop\mcserver\mcserver.exe | 
"TCP Query User{11BC83D9-442C-43C7-A20A-300A4F8E82FC}C:\program files\gw2\gw2.exe" = protocol=6 | dir=in | app=c:\program files\gw2\gw2.exe | 
"TCP Query User{12CBA3D4-0E92-42B5-9F4B-9BD8B88FEA4B}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{15E9F114-D3A5-47C3-9823-8C80ACBBCF03}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{1658A5EF-4F8A-4508-B49F-1A971E3BCB9E}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe | 
"TCP Query User{168F029C-44F6-4A78-A3E6-13D1A62075CD}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{197DDF0D-0EC6-44BE-BF0B-59B1DB10C889}C:\program files\gw2\gw2.exe" = protocol=6 | dir=in | app=c:\program files\gw2\gw2.exe | 
"TCP Query User{1AB4928E-8DD4-4F52-9644-B1A1512D91F2}C:\users\daniel\desktop\mineserver\bin\mineserver.exe" = protocol=6 | dir=in | app=c:\users\daniel\desktop\mineserver\bin\mineserver.exe | 
"TCP Query User{1D7C2D58-E5EC-4083-9B17-DED5118BCEE1}C:\program files\2k sports\nba 2k11\nba2k11.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k11\nba2k11.exe | 
"TCP Query User{20F7669B-A274-4208-A207-34DB03B21C00}C:\users\daniel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{21A05E52-D5C1-45A7-923E-F91262A10533}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{23124861-35CA-4269-B8BE-0F9CDC5D891D}C:\users\daniel\downloads\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe" = protocol=6 | dir=in | app=c:\users\daniel\downloads\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe | 
"TCP Query User{23C3DA6C-73BF-41B3-AB94-82B6C380846C}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | 
"TCP Query User{26E2C45E-3D8E-4784-A5D4-55159B48B4AE}C:\users\daniel\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{2BD4A909-554B-4DC3-917E-558A57EE8E7B}C:\program files\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\codmp.exe | 
"TCP Query User{31B89A9F-8700-41C5-B0B1-DC449E302382}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{33878E85-803C-4C0F-8C2F-66002D3490A3}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{3CD1009A-AFC5-4136-8CA1-AE526D59A276}C:\users\daniel\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\gameranger\gameranger\gameranger.exe | 
"TCP Query User{43989473-1C78-41E0-A849-B5843D4F7DCC}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe | 
"TCP Query User{43AC60E3-3F9E-4408-89D0-B4EF66A8A9F3}C:\program files\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\nxclient.exe | 
"TCP Query User{43B6798B-AA13-4575-8B82-90E5B640C8D9}C:\udk\udk-2011-06\binaries\swarmagent.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-06\binaries\swarmagent.exe | 
"TCP Query User{46C29F54-258D-4A4D-AA43-4A351739E6C8}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{4A2C8A0B-6669-430B-8F8C-D993B9E6FBE5}C:\users\daniel\desktop\filme und mehr\downloads\risk.factions-reloaded\risk factions\risk factions.exe" = protocol=6 | dir=in | app=c:\users\daniel\desktop\filme und mehr\downloads\risk.factions-reloaded\risk factions\risk factions.exe | 
"TCP Query User{4DBE7FBA-18F4-4441-B191-5F3D4ACD400B}C:\program files\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\codmp.exe | 
"TCP Query User{4DF7360B-2D05-4713-8B59-C2D477DACDB8}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{4F9129BD-A454-4823-A225-30401C5B891C}C:\users\daniel\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{569363BC-DA7E-4C26-8879-741F73A256EF}C:\program files\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\program files\dead island\deadislandgame.exe | 
"TCP Query User{56BC6D7D-9E00-4930-9EC2-7353D2E58840}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{571764EE-49CD-4256-BEC0-DE411EBAB207}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{5965650C-060D-49C2-8CF5-A8AE2B3479C8}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{59B536FB-BB81-4E44-89D5-F96C3B3CE048}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{5E9C9EE2-81A2-4129-8B11-54572B8AF116}C:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"TCP Query User{5ECC80E0-E95F-433F-9ABB-83628B81FBA4}C:\program files\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files\six projects\six updater\tools\bin\rsync.exe | 
"TCP Query User{6B43B649-DED9-45C4-A121-A35FDB7C0059}C:\users\daniel\desktop\terraria\terraria_v.1.0.3\terraria\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\daniel\desktop\terraria\terraria_v.1.0.3\terraria\terraria\terrariaserver.exe | 
"TCP Query User{6C70C00D-6F8A-4FAF-84F7-E729CABA61E1}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{6C781541-FBF3-431F-997B-417D22183D1B}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{6EA4F9DA-7F2E-4A28-8E99-DACB65D61774}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{70A2A563-8EA6-4031-8396-52522B0430C3}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{735E7502-68AE-499D-9B3C-558F8772B9D5}C:\program files\steam\steamapps\money0815\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\money0815\team fortress 2\hl2.exe | 
"TCP Query User{775972FB-846E-43F0-ACD9-4E7B409B2A4C}C:\users\daniel\desktop\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\users\daniel\desktop\anno 1404\tools\anno4web.exe | 
"TCP Query User{7DA260C6-DCF9-41E7-A386-407B0BA090D2}C:\program files\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat\xchat.exe | 
"TCP Query User{7DC4A921-6872-44D9-8058-8403F16DE4F7}C:\users\daniel\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\daniel\downloads\starcraft_2_eu_de-de.exe | 
"TCP Query User{8505CAA0-FE17-4EF7-98FB-284101794C8B}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe | 
"TCP Query User{85C592CD-A107-4330-895E-F244C3657FA2}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"TCP Query User{87CACB37-20A7-43E2-83D2-87D37F8BFC7E}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"TCP Query User{8A2A5903-9EBF-4D5C-91D7-AAD24370B1E0}C:\users\daniel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{8B860DC5-74E2-41E1-B5EB-064379A63691}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | 
"TCP Query User{90D63654-7C4D-458E-ADDF-B10B6E2A7495}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{9107727F-2BA6-4CFD-B72D-A7CB60893B23}C:\program files\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe | 
"TCP Query User{93168D18-E7AD-4534-A8BC-4347FB5BA1CB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{96AE8D2A-1A23-4F62-867C-B7FAE1FCF51F}C:\users\daniel\desktop\filme und mehr\warcraft iii cracked lan version\war3.exe" = protocol=6 | dir=in | app=c:\users\daniel\desktop\filme und mehr\warcraft iii cracked lan version\war3.exe | 
"TCP Query User{97C0FB9D-DFB7-4F5E-94DA-AC1F1F4CD0C9}C:\users\daniel\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\local\temp\cprogram filesopera\operaupgrader.exe | 
"TCP Query User{9AC022ED-CF6C-4904-A326-DF01AF62BE33}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{A4DE420A-BA70-47BE-89E4-25455888DC46}C:\program files\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files\unity\editor\unity.exe | 
"TCP Query User{A597F279-8496-49F6-996B-25A4A06A460E}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{A59DEB6A-FC2B-490E-B482-45FAB36A96F8}C:\program files\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe | 
"TCP Query User{A8B387D6-24B6-4993-B982-7C587CBD5DAA}C:\program files\2k sports\nba 2k11\nba2k11 (2).exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k11\nba2k11 (2).exe | 
"TCP Query User{ABF78D09-3CFA-414E-BFDD-0446B992DEB4}C:\users\daniel\appdata\local\temp\eae48fcd971b4d50ba8c32a5bf84d9d4\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\local\temp\eae48fcd971b4d50ba8c32a5bf84d9d4\relicdownloader.exe | 
"TCP Query User{AC79CC67-0758-4DDF-B734-D63E626C41A9}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{B66B0B0F-0F3B-437A-8F23-58CCAEDF9CEB}C:\program files\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe | 
"TCP Query User{B9D2B33A-D484-476A-B514-3FB0420A3781}C:\program files\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files\guild wars 2\gw2.exe | 
"TCP Query User{BCF757C3-BBE5-4EFA-A656-DC0CD059B748}C:\program files\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\program files\dead island\deadislandgame.exe | 
"TCP Query User{C09DF18D-9D95-4E3C-9803-2CE9B3F58899}C:\program files\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{C12D2FCE-0AB7-4A69-AC0E-CF94E6E16120}F:\games\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=f:\games\anno 1404\tools\anno4web.exe | 
"TCP Query User{C5C8C9D9-A0B7-483D-8308-12D4EEDD58BB}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 
"TCP Query User{C7BC4315-4458-4DFA-A7B2-42B1BC1F061F}C:\program files\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\fifa 12\game\fifa.exe | 
"TCP Query User{C8B4B773-4DFC-469B-8924-FC2B8D88A958}C:\program files\2k sports\nba 2k11\nba2k11 (2).exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k11\nba2k11 (2).exe | 
"TCP Query User{CF185CF9-BAA0-4CCB-81DB-23C4E95DE8DC}C:\program files\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\nxclient.exe | 
"TCP Query User{DA8C3888-D316-41D3-AC47-5A4E82E0CBC3}C:\users\daniel\desktop\emkey\mcsharp cli.exe" = protocol=6 | dir=in | app=c:\users\daniel\desktop\emkey\mcsharp cli.exe | 
"TCP Query User{DAA04727-E932-4EDD-941D-0FB7BBF32C6D}C:\users\daniel\downloads\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe" = protocol=6 | dir=in | app=c:\users\daniel\downloads\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe | 
"TCP Query User{DEB22B27-F8E8-41A8-AC0D-9C2D0F4C3AC0}C:\program files\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files\unity\editor\unity.exe | 
"TCP Query User{E66C194C-B4CC-4DC3-A0CC-20FF1B1584C3}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe | 
"TCP Query User{E6BC3248-291A-4345-9C3D-3A88C7EAB698}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{E8F1A1DC-D289-4068-B506-D163C427A0DE}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{E972CBF3-0A10-4C3C-BE16-6CE2C09E0DB1}C:\program files\steam\steamapps\money0815\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\money0815\counter-strike source\hl2.exe | 
"TCP Query User{EAA58C94-8815-4148-AED2-75AACC4F9628}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{F1D4B03E-FA48-417F-AB7C-8667E6D2E45C}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe | 
"TCP Query User{F2847806-AC0B-4829-A265-1AD8A8130AEE}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{F323A1C7-A489-4E6C-9C41-E115E01ADFA5}C:\udk\udk-2011-06\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-06\binaries\win32\udk.exe | 
"TCP Query User{F3F801B0-CD89-46DB-A4DA-F57CE77AE8AA}C:\users\daniel\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\local\temp\gw2.exe | 
"TCP Query User{F4D018B8-A092-413B-B93C-53E12BA3F9B5}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{F502CDE2-0C09-4804-B5E8-EA576D560D25}C:\program files\clonk rage\clonk.exe" = protocol=6 | dir=in | app=c:\program files\clonk rage\clonk.exe | 
"TCP Query User{F87ECB76-C25F-466C-8302-B09F50FEC76B}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe | 
"TCP Query User{FB448612-2ECB-4AD8-B097-E4152B8C9AD7}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{FF73B2E6-B78A-413D-88CB-E5821D7FCB6B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{FFAC471E-7DAC-4E79-A0EB-E8717A71BD26}C:\program files\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{03CD4BE5-6D36-4E32-B074-BA6F4229EB29}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{04550EE0-3F05-497E-AFE4-FA6EB44CD2CE}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{050C97FB-05C7-4D3A-AD9C-F01BE3A12E4F}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe | 
"UDP Query User{05DBB73C-6176-4666-A534-F618EC154350}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{0909A479-194B-4D2A-AFD4-887D959F1A81}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"UDP Query User{0B4222D4-C5B6-4278-986C-47987CACD39A}C:\program files\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files\six projects\six updater\tools\bin\rsync.exe | 
"UDP Query User{13B0BCB2-2574-4F8A-8EC9-14F35992B826}C:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"UDP Query User{169621E5-99ED-4EA4-B6BC-69D2EA1EF99B}C:\users\daniel\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\daniel\downloads\starcraft_2_eu_de-de.exe | 
"UDP Query User{170F61B5-5B53-434D-8541-5151FFD7479A}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{1951CBBB-8C1B-479F-8B75-67F16B8B91D2}C:\program files\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\nxclient.exe | 
"UDP Query User{1E8A6B13-2FA3-4D66-B402-5924FC458AC8}C:\program files\2k sports\nba 2k11\nba2k11 (2).exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k11\nba2k11 (2).exe | 
"UDP Query User{1FAA4582-83B0-4D58-A1D9-A25A17696A31}C:\program files\gw2\gw2.exe" = protocol=17 | dir=in | app=c:\program files\gw2\gw2.exe | 
"UDP Query User{2079E293-BA24-4F24-90F3-F23F9C589AA6}C:\program files\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\nxclient.exe | 
"UDP Query User{23902165-E1A7-414D-98CF-925A4CFD4A79}F:\games\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=f:\games\anno 1404\tools\anno4web.exe | 
"UDP Query User{23BD5306-35FD-4D9E-8639-C2F5B3CFDD0D}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{27067479-8774-4AC7-B9AD-31C4C538C1D9}C:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\bugreport\bugreport.exe | 
"UDP Query User{2A37AA18-9EB2-4475-94D0-9567BD9DB810}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{3048B81E-0F05-45A5-A950-4EEAADA6E9BF}C:\users\daniel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{345F713C-3F77-4701-BE47-736C654C0500}C:\users\daniel\downloads\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe" = protocol=17 | dir=in | app=c:\users\daniel\downloads\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe | 
"UDP Query User{35EA816D-53EE-48B6-AA0D-DBCC421253B0}C:\users\daniel\desktop\filme und mehr\warcraft iii cracked lan version\war3.exe" = protocol=17 | dir=in | app=c:\users\daniel\desktop\filme und mehr\warcraft iii cracked lan version\war3.exe | 
"UDP Query User{3DE66046-EBB3-43A4-8D4E-A84F05B65807}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | 
"UDP Query User{3E73D7B1-5606-4F3A-BB74-F2E8BA40643D}C:\program files\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\codmp.exe | 
"UDP Query User{4003D264-0B56-44E6-9AC1-A875C87721D5}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 
"UDP Query User{4023E9D1-F08D-49D2-A3B2-42AB08744A41}C:\users\daniel\desktop\filme und mehr\downloads\risk.factions-reloaded\risk factions\risk factions.exe" = protocol=17 | dir=in | app=c:\users\daniel\desktop\filme und mehr\downloads\risk.factions-reloaded\risk factions\risk factions.exe | 
"UDP Query User{4077BA64-9C90-4C6E-A4DD-580FCA04520D}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe | 
"UDP Query User{42309BA3-F134-47B3-8E72-D407290E07E2}C:\program files\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files\unity\editor\unity.exe | 
"UDP Query User{449648E5-A13B-4F66-99EC-8E39DE385E7F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{4856DC05-8A79-4661-9A55-AA305C455C1E}C:\program files\2k sports\nba 2k11\nba2k11.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k11\nba2k11.exe | 
"UDP Query User{4D337046-161C-424B-B2E4-735F0A6AA7FF}C:\users\daniel\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{4D657A4C-6563-473B-B5B8-56813D8E7512}C:\program files\gw2\gw2.exe" = protocol=17 | dir=in | app=c:\program files\gw2\gw2.exe | 
"UDP Query User{4FAC59BF-27B6-452C-BDCC-5B30248A64B4}C:\program files\clonk rage\clonk.exe" = protocol=17 | dir=in | app=c:\program files\clonk rage\clonk.exe | 
"UDP Query User{520E6775-B256-4E16-8764-47FF455F7AD8}C:\program files\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files\guild wars 2\gw2.exe | 
"UDP Query User{5305D63A-563F-4983-A4A8-9F9F799C4383}C:\users\daniel\desktop\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\users\daniel\desktop\anno 1404\tools\anno4web.exe | 
"UDP Query User{563C063F-ABC0-428D-9B36-0B3F7FD2EC8E}C:\program files\steam\steamapps\money0815\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\money0815\team fortress 2\hl2.exe | 
"UDP Query User{587B2FD4-0C2E-448F-ABE9-43446064D17C}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{59C3541A-1FCC-45E0-A3A8-8AE522D54940}C:\users\daniel\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{5A6039E8-2474-4C38-848D-03AA080ABD0D}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{5B89B0FF-84F6-432F-8872-5F8C0184BA15}C:\users\daniel\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\local\temp\gw2.exe | 
"UDP Query User{5F6D0908-B027-4C33-8921-C6FAB876A82D}C:\users\daniel\desktop\mineserver\bin\mineserver.exe" = protocol=17 | dir=in | app=c:\users\daniel\desktop\mineserver\bin\mineserver.exe | 
"UDP Query User{61A16E73-B4B4-47D4-A24D-41EFDBDC4305}C:\program files\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat\xchat.exe | 
"UDP Query User{61CC4746-2146-4A83-8E37-342817E4B894}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{63721FBD-FB3D-4DCD-B287-E4819B951992}C:\udk\udk-2011-06\binaries\swarmagent.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-06\binaries\swarmagent.exe | 
"UDP Query User{683C379F-867E-434D-8553-9E4D6F455A25}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{697F9D61-1D1D-47AD-B446-EFC62314A809}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{6AC62857-FB75-4832-A93A-1EB399000545}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{6DBC83BD-9003-4D75-8808-59213C99C27D}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{6EBAA991-A2BE-48AA-A030-AB8AF3100442}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{7D47CD78-F1B3-447A-8EFE-B1A829520554}C:\program files\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files\unity\editor\unity.exe | 
"UDP Query User{7FCE69AB-6613-46A2-9598-2EEB290B1D8C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{88BB4525-D3C8-4480-81EE-059FD5AD4DAF}C:\program files\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{8B6629EC-4F83-42CC-9964-6579003D90B4}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{8CEFD9FF-176A-4ADB-B556-AB28937B5F7C}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe | 
"UDP Query User{90959ECB-DA8B-4B7A-A981-BE30C391A57A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{95605D52-7A72-4D7B-A9AF-AAC36197DC8B}C:\program files\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe | 
"UDP Query User{9713E78C-BE35-4DF5-8E4D-23B58256C3B1}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{9827059C-76CB-4D28-8072-E3944A852755}C:\users\daniel\desktop\mcserver\mcserver.exe" = protocol=17 | dir=in | app=c:\users\daniel\desktop\mcserver\mcserver.exe | 
"UDP Query User{9AE7241D-22D1-4C3C-8E1A-4D08519CDF7A}C:\users\daniel\desktop\terraria\terraria_v.1.0.3\terraria\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\daniel\desktop\terraria\terraria_v.1.0.3\terraria\terraria\terrariaserver.exe | 
"UDP Query User{9B16FEBD-44B3-4CBD-9DB5-C515FC39B272}C:\users\daniel\appdata\local\temp\eae48fcd971b4d50ba8c32a5bf84d9d4\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\local\temp\eae48fcd971b4d50ba8c32a5bf84d9d4\relicdownloader.exe | 
"UDP Query User{9B34EDD6-D808-4C4F-AFD9-4B160BE72FB7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{9B94C300-970F-4FEE-B870-981BBF910AF8}C:\program files\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe | 
"UDP Query User{9C466825-D70A-4BEC-AAA0-3602D9651763}C:\program files\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe | 
"UDP Query User{9CF826A5-D413-4971-A913-D2110CAE3FD7}C:\program files\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\program files\dead island\deadislandgame.exe | 
"UDP Query User{9EA69A40-F5E9-4FC0-BB13-4C14A7DEA7FD}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{A88C6010-855A-4C9B-B98E-D5C10E911725}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"UDP Query User{A9BEBB7E-D364-4CDA-AD0E-0D4D96911458}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe | 
"UDP Query User{ACEE8A8D-53CF-4E99-AF59-D3A40DE8C8E3}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe | 
"UDP Query User{AE5FC5AF-AF8B-40C9-ABCB-77E7C17F97E4}C:\users\daniel\downloads\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe" = protocol=17 | dir=in | app=c:\users\daniel\downloads\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe | 
"UDP Query User{B01B26F0-0570-49B3-A244-026AEA744983}C:\udk\udk-2011-06\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-06\binaries\win32\udk.exe | 
"UDP Query User{B2E84D45-7E74-4442-81B5-3833493C29E7}C:\program files\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{B422EB04-EAC7-4EF8-A80F-F381F0AEA15D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{B6566E87-DEF8-4CD7-B9B2-66A7877AA5EC}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{BA4F003C-7EEB-4CB6-ABD9-0980B44EB041}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{BBB8F171-A61B-4063-B920-6C45ACF8AD28}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{C0C0DD53-1425-4EEC-924A-1D705FABDA0B}C:\program files\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\codmp.exe | 
"UDP Query User{C490FEAC-EA0B-47A0-8EB5-A7EF3813C00E}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{C4E5B3BB-9BBB-49C3-B6BB-955BC3403B00}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{CF2D8FF8-4DE1-43B0-8E54-02665D06679A}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | 
"UDP Query User{D11C5427-29D4-43B3-AF89-611366472780}C:\users\daniel\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\local\temp\cprogram filesopera\operaupgrader.exe | 
"UDP Query User{D11F4C86-0044-48C0-9973-FEB45F62A7A2}C:\program files\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"UDP Query User{D13C0E6B-3DC4-4D88-8CF1-4663FA85B655}C:\program files\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\program files\dead island\deadislandgame.exe | 
"UDP Query User{DB1C1E39-0D84-449C-9CB0-28D7F7D7DF77}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{DBFEEA3E-F9E1-4FFA-8E93-A440299980D8}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe | 
"UDP Query User{E0D2D3FD-5582-4242-B37D-DB4622127288}C:\users\daniel\desktop\emkey\mcsharp cli.exe" = protocol=17 | dir=in | app=c:\users\daniel\desktop\emkey\mcsharp cli.exe | 
"UDP Query User{E8ADB729-6819-455A-9DEF-F7AAB86E50AA}C:\users\daniel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{ECBE38DB-0F82-45C0-B97E-91621CDFCDAE}C:\program files\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\fifa 12\game\fifa.exe | 
"UDP Query User{F009A918-8434-42A4-8033-F6F4ACA45CB8}C:\program files\2k sports\nba 2k11\nba2k11 (2).exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k11\nba2k11 (2).exe | 
"UDP Query User{F5FFC2EA-B66C-4051-98D4-B1DED6B81905}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{FE4B8C0C-849B-4476-830B-3A2CDD40B39D}C:\program files\steam\steamapps\money0815\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\money0815\counter-strike source\hl2.exe | 
"UDP Query User{FF18D3A1-7BA2-4812-8849-E6B4496C8746}C:\users\daniel\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\gameranger\gameranger\gameranger.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Truck Tycoon"_is1" = "Truck Tycoon"
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0536BCDF-7EF6-48F6-8765-A3C065A065A5}" = Microsoft Expression Blend SDK for .NET 4
"{06F2E32F-7490-49B2-8376-0754F66F5A96}" = DayZ Commander
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{17BD95E5-2A54-0A2B-82D4-AC782217B3F8}" = CCC Help Thai
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C78514A-5E5A-E653-1271-DAC1744206E3}" = HydraVision
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{203FB0BF-C26B-A69C-E603-E3FB448EFB9B}" = CCC Help Greek
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{2222706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 SDK
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.0.2827
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{276453C2-FFAF-468F-AC7E-8D4162698932}" = ESET NOD32 Antivirus
"{287EAC0F-6C96-4712-97A6-958510872CBB}" = Utility
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2FCA153C-ED63-D87B-93FD-7CE44846189B}" = ccc-utility
"{3000829F-3C20-16B9-EBF0-9665BD349DF1}" = Catalyst Control Center Graphics Previews Common
"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{354D756E-C1C4-7ABF-CC12-8DBA3A782625}" = CCC Help Norwegian
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2AD820-0C15-C863-F056-5501091E9B85}" = CCC Help Spanish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F101706-5B5F-99A7-59EE-1CF037FC2A10}" = CCC Help Czech
"{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}" = FIFA 13 Demo
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{488405CF-0BD3-D35E-13BD-4D71ADE5E401}" = ATI Problem Report Wizard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D26B533-269B-4C01-B59E-80A6864824A5}" = Microsoft Expression Encoder 4
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{54054F2E-03B7-2907-3452-3DB1EB85E973}" = CCC Help Dutch
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5B7794CC-CA8F-77BB-AFB7-C1757A43B3F2}" = AMD AVIVO Codecs
"{5D237863-D917-17B9-1645-713A41FB8CC0}" = CCC Help Turkish
"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{634D08B4-CFAC-CCB9-5891-FAB02B3FD9C1}" = TweetDeck
"{66153065-CD04-4AC4-90A4-1F1120137C07}" = A-Plan 2010
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6844E55F-37A1-42BC-B316-326B48C49ADC}" = Pro Evolution Soccer 2012 DEMO
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6CBFDB9F-4DEF-4F39-A76A-BB8DDABA0428}" = XSplit
"{6F95709A-B60B-B099-AF6E-32FB078B0DFA}" = CCC Help French
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{762F16BC-88B5-9689-4191-353FD630DA98}" = CCC Help Japanese
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7799BE29-0992-5FD9-5C44-17843E39A7AB}" = Catalyst Control Center Localization All
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{81E6A0C5-53BA-91C4-E381-BAD1A3F1B04B}" = CCC Help English
"{85030773-2A43-8ACE-F6FD-29958AE19924}" = CCC Help Italian
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{85734060-4F8B-477D-9FBD-44DEAC824BE2}" = SlimDrivers
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{879D5454-1A5E-4F3F-8DCC-69FBE95D0647}" = Adobe Setup
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F0F75F-A226-0399-053D-61448AA4E6F8}" = CCC Help Portuguese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8CA7DA5E-B8BD-4E9F-A6F2-BAF53D503498}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FD0F94D-4594-48A0-BE99-5265367603D8}" = Microsoft Expression Design 4
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{93DF9F1F-17EB-82C0-F82B-9ABC230D6DE5}" = Application Profiles
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{99F1ADE8-AF52-58B6-9F72-0D88ED512616}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A30269D0-4F0B-44BB-A169-C665CA856EEC}}_is1" = Crusader Kings II version 1.06b
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA38CC00-F12C-495E-AF00-7EE413D3BFB2}" = Evince 2.32.0.145
"{AC4F1760-80A5-11D3-8D43-005004680C79}" = UEFA Manager 2000
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B006B9E9-41DD-4479-9177-3743A53B7735}" = Microsoft Expression Blend 3 SDK
"{B0682940-6FFB-4850-80BA-B2FEF0D64BA8}" = Microsoft Expression Blend SDK for Silverlight 4
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4164865-081E-5539-FE40-FA24A909AB30}" = CCC Help Danish
"{B426482A-48BB-6AEE-AE2A-7F501CA0BAF5}" = AMD Catalyst Install Manager
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7886D87-ADA4-46A0-8A8D-02AB16B9F95A}" = Borland Delphi 6
"{B8E8C8EC-5C22-4B02-9C02-D851262F574C}" = Sony Vegas Movie Studio Platinum 8.0
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3F6EF04-8292-482D-9A2B-47CF5758C8FC}" = Microsoft Expression Studio 4
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA368B3-59C8-4EF5-83A0-39DF46588030}" = Adobe Creative Suite 3 Web Premium
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF112B8F-D0B5-3421-BDF1-76CC3A8504A5}" = CCC Help German
"{E089C847-6667-BDA0-A9A3-42C79748E291}" = CCC Help Polish
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8E5C24D-C43D-32F9-9F10-A7113F5D16F8}" = CCC Help Korean
"{E9876984-35CE-4D31-2408-86154AD2AB91}" = CCC Help Swedish
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EBC5D379-7166-D9C6-1FB7-CB1658E125D1}" = CCC Help Chinese Traditional
"{ECBFF841-A2AF-4C89-88FD-D3576330775F}" = SlimCleaner
"{ED082826-CCAC-1F22-67B3-40E6149AB56C}" = CCC Help Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21D2032-60FE-4729-9C87-46F1615FB965}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F31B5936-E765-BF72-EB28-AF4E71966842}" = CCC Help Chinese Standard
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F5DB4726-E7D3-2400-13F9-C470A3C9FD1F}" = Catalyst Control Center
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{F7800FC1-6948-4D64-A9BC-3EEDDA408D25}" = Microsoft Expression Blend 4
"{FC384AF3-A370-2EE7-3F65-965C3819780B}" = Catalyst Control Center InstallProxy
"{FCBEFF93-3A91-F55E-4CB6-DD6E30B84964}" = CCC Help Hungarian
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF3E2850-BD2E-4B56-A89D-21E588D518E0}" = Adobe Contribute CS3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.03.00.8048
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_b0efd5c6e27241b2a2a88dbddd25245" = Adobe Creative Suite 3 Web Premium hinzufügen oder entfernen
"Any Video Converter_is1" = Any Video Converter 3.2.5
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BabylonToolbar" = Babylon toolbar on IE
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Blend_4.0.20621.0" = Microsoft Expression Blend 4
"bwin Poker JPC_is1" = bwin Poker JPC 1.0.0
"Call of Duty" = Call of Duty
"Clonk Endeavour" = Clonk Endeavour 4.95.5
"Company of Heroes" = Company of Heroes
"conduitEngine" = Conduit Engine
"Crusader Kings II_is1" = Crusader Kings II
"DAEMON Tools Pro" = DAEMON Tools Pro
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Design_7.0.20516.0" = Microsoft Expression Design 4
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"Encoder_4.0.1651.0" = Microsoft Expression Encoder 4
"ESL Wire_is1" = ESL Wire 1.15
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"ExpressionStudio_4.0.20705.0" = Microsoft Expression Studio 4
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"Fraps" = Fraps (remove only)
"Free Download Manager_is1" = Free Download Manager 3.8
"Free Studio_is1" = Free Studio version 5.1.6
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"GMouse" = GIGABYTE FORCE Driver
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.04" = GPL Ghostscript
"Guild Wars 2" = Guild Wars 2
"HaskellPlatform-2011.2.0.1" = Haskell Platform 2011.2.0.1
"HP Photo Creations" = HP Photo Creations
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"IsoBuster_is1" = IsoBuster 2.8.5
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"ManyCam" = ManyCam 2.6.30 (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neat Image_is1" = Neat Image v6 Demo (with plug-in)
"nxclient_is1" = NX Client for Windows 3.5.0-7
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.2.2-gui-1.0.3
"Opera 12.00.1467" = Opera 12.00
"Origin" = Origin
"PDF Blender" = PDF Blender
"pdfsam" = pdfsam
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Quick Memory Editor_is1" = Quick Memory Editor 5.5
"SeriousSam2" = Serious Sam 2
"SopCast" = SopCast 3.3.2
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 107100" = Bastion
"Steam App 11020" = TrackMania Nations Forever
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 207770" = Men Of War: Assault Squad GOTY Demo
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 44320" = DiRT 3
"Steam App 48000" = LIMBO
"Steam App 570" = Dota 2
"Steam App 630" = Alien Swarm
"Steam App 730" = Counter-Strike: Global Offensive Beta
"Steam App 90600" = Company of Heroes Retail Beta
"StreamTorrent 1.0" = StreamTorrent 1.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"UDK-522cfbeb-fe69-4745-9be3-6eefbed06f46" = Unreal Development Kit: 2011-06
"Uninstall_is1" = Uninstall 1.0.0.1
"Unity" = Unity
"Unknown Device Identifier_is1" = Unknown Device Identifier 7.00
"Veetle TV" = Veetle TV 0.9.18
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"Web_4.0.1303.0" = Microsoft Expression Web 4
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Wubi" = Ubuntu
"xchat" = XChat 2 (remove only)
"Xfire" = Xfire (remove only)
"XMedia Recode" = XMedia Recode 3.0.7.6
"xvid" = XviD MPEG-4 Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2188088278-3483027397-1906438238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"326f4024ebc1f4c4" = JungleTimer
"Dropbox" = Dropbox
"Game Organizer" = GameXN GO
"GameRanger" = GameRanger
"Google Chrome" = Google Chrome
"mIRC" = mIRC
"Octoshape Streaming Services" = Octoshape Streaming Services
"SCN FIFA 13 DEMO EXPANDER" = SCN FIFA 13 DEMO EXPANDER
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2188088278-3483027397-1906438238-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.12.2012 16:00:00 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.12.2012 06:05:54 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.12.2012 15:55:51 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.12.2012 07:18:22 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.12.2012 14:15:24 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.12.2012 13:43:11 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.12.2012 12:18:48 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.12.2012 11:08:34 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.12.2012 11:57:58 | Computer Name = Daniel-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.0.1467.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 13e0  Anfangszeit: 01cdd880868ea603  Zeitpunkt der Beendigung:
 14
 
Error - 14.12.2012 07:55:31 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NEXON_EU_Downloader_Engine.exe, Version 2.5.10.0,
 Zeitstempel 0x4f966659, fehlerhaftes Modul NEXON_EU_Downloader_Engine.exe, Version
 2.5.10.0, Zeitstempel 0x4f966659, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c145,
Prozess-ID
 0xc20, Anwendungsstartzeit 01cdd9f1e5bdcd52.
 
Error - 14.12.2012 07:56:46 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 26.10.2012 03:39:34 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108865
Description = Function: CWinsecApiImpersonateUser::acquireTokens File: .\IPC\WinsecAPI.cpp
Line:
 93 CWinsecApiImpersonateUser::getUserImpersonationToken returned NULL
 
Error - 26.10.2012 03:39:34 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File:
 .\IPC\WinsecAPI.cpp Line: 73 Invoked Function: CWinsecApiImpersonateUser::acquireTokens
Return
 Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 26.10.2012 03:39:34 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
 105 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return
 Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 26.10.2012 03:39:34 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
 57 Invoked Function: CapiCertUtils Return Code: -32833517 (0xFE0B0013) Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 26.10.2012 03:39:34 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
 39 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32833517 (0xFE0B0013)
Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 26.10.2012 03:39:34 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
 1540 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
 -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 26.10.2012 03:39:49 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
 Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 26.10.2012 03:41:19 | Computer Name = Daniel-PC | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 26.10.2012 03:41:25 | Computer Name = Daniel-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1421 NULL object. Cannot establish a connection at this time.
 
Error - 26.10.2012 03:43:52 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
 
[ System Events ]
Error - 14.01.2013 05:54:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.01.2013 05:54:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 14.01.2013 05:54:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.01.2013 05:54:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 14.01.2013 05:54:56 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = 
 
Error - 14.01.2013 05:54:56 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 14.01.2013 06:17:51 | Computer Name = Daniel-PC | Source = netbt | ID = 4321
Description = Der Name "DANIEL-PC      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.01.2013 06:17:54 | Computer Name = Daniel-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{3E7E103B-45E5-4941-AFA8-78C01B7F06F1} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 14.01.2013 06:17:54 | Computer Name = Daniel-PC | Source = netbt | ID = 4321
Description = Der Name "DANIEL-PC      :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.104
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.01.2013 06:22:09 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
__________________


Alt 19.01.2013, 15:35   #3
t'john
/// Helfer-Team
 
GVU auf Vista ; kein zugriff auf abgesischtern Modus! - Standard

GVU auf Vista ; kein zugriff auf abgesischtern Modus!





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
O20 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000 Winlogon: Shell - (C:\Users\Daniel\AppData\Roaming\skype.dat) - C:\Users\Daniel\AppData\Roaming\skype.dat ()
[2012.01.11 16:20:32 | 000,058,880 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\skype.dat
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C8B8CEBD
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
__________________

Alt 28.01.2013, 13:46   #4
MoNeY
 
GVU auf Vista ; kein zugriff auf abgesischtern Modus! - Standard

GVU auf Vista ; kein zugriff auf abgesischtern Modus!



OTL:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2188088278-3483027397-1906438238-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Daniel\AppData\Roaming\skype.dat deleted successfully.
C:\Users\Daniel\AppData\Roaming\skype.dat moved successfully.
File C:\Users\Daniel\AppData\Roaming\skype.dat not found.
ADS C:\ProgramData\TEMP:C8B8CEBD deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Daniel
->Temp folder emptied: 3206707618 bytes
->Temporary Internet Files folder emptied: 342886077 bytes
->Java cache emptied: 85134928 bytes
->FireFox cache emptied: 682194714 bytes
->Google Chrome cache emptied: 290871014 bytes
->Opera cache emptied: 63240848 bytes
->Flash cache emptied: 3143201 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Uni
->Temp folder emptied: 8509018 bytes
->Temporary Internet Files folder emptied: 18520536 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 827092109 bytes
->Opera cache emptied: 8460723 bytes
->Flash cache emptied: 63365 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7859407150 bytes
RecycleBin emptied: 972546536 bytes
 
Total Files Cleaned = 13.703,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01282013_084935
         
AdwCleaner

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2188088278-3483027397-1906438238-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Daniel\AppData\Roaming\skype.dat deleted successfully.
C:\Users\Daniel\AppData\Roaming\skype.dat moved successfully.
File C:\Users\Daniel\AppData\Roaming\skype.dat not found.
ADS C:\ProgramData\TEMP:C8B8CEBD deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Daniel
->Temp folder emptied: 3206707618 bytes
->Temporary Internet Files folder emptied: 342886077 bytes
->Java cache emptied: 85134928 bytes
->FireFox cache emptied: 682194714 bytes
->Google Chrome cache emptied: 290871014 bytes
->Opera cache emptied: 63240848 bytes
->Flash cache emptied: 3143201 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Uni
->Temp folder emptied: 8509018 bytes
->Temporary Internet Files folder emptied: 18520536 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 827092109 bytes
->Opera cache emptied: 8460723 bytes
->Flash cache emptied: 63365 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7859407150 bytes
RecycleBin emptied: 972546536 bytes
 
Total Files Cleaned = 13.703,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01282013_084935

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 28.01.2013, 18:14   #5
t'john
/// Helfer-Team
 
GVU auf Vista ; kein zugriff auf abgesischtern Modus! - Standard

GVU auf Vista ; kein zugriff auf abgesischtern Modus!



Schritt 2 und 3?

__________________
Mfg, t'john
Das TB unterstützen

Alt 29.01.2013, 15:04   #6
MoNeY
 
GVU auf Vista ; kein zugriff auf abgesischtern Modus! - Standard

GVU auf Vista ; kein zugriff auf abgesischtern Modus!



Ich habe Schritt 2 und 3 auch ausgeführt und ich konnte mich wieder einloggen ohne das die Nachricht erscheint .

Alt 29.01.2013, 15:30   #7
t'john
/// Helfer-Team
 
GVU auf Vista ; kein zugriff auf abgesischtern Modus! - Standard

GVU auf Vista ; kein zugriff auf abgesischtern Modus!



Und warum postest du die Logs nicht?
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.03.2013, 04:39   #8
t'john
/// Helfer-Team
 
GVU auf Vista ; kein zugriff auf abgesischtern Modus! - Standard

GVU auf Vista ; kein zugriff auf abgesischtern Modus!



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU auf Vista ; kein zugriff auf abgesischtern Modus!
adblock, adobe, antivirus, babylontoolbar, bho, bingbar, bonjour, converter, cs3, cs3/contributeieplugin.dll, defender, downloader, error, eset nod32, firefox, flash player, format, free download, google, gvu- trojaner, home, installation, launch, logfile, mozilla, mp3, object, realtek, registry, security, server, software, spotify web helper, vista, winload toolbar



Ähnliche Themen: GVU auf Vista ; kein zugriff auf abgesischtern Modus!


  1. Windows Vista SP2: Kein Zugriff mehr auf viele Programme.
    Log-Analyse und Auswertung - 17.04.2014 (7)
  2. Trojaner Interpol Win XP - trotz abgesicherten Modus kein Zugriff - Standard AW: Trojaner Interpol Win XP - trotz abgesicherten Modus kein
    Log-Analyse und Auswertung - 18.02.2014 (18)
  3. BKA-Trojaner Sperrbildschirm Windows Vista (32bit) kein abgesicherter Modus
    Log-Analyse und Auswertung - 07.01.2014 (14)
  4. BKA Virus, auch im abgesicherten Modus kein Zugriff auf PC
    Log-Analyse und Auswertung - 30.09.2013 (29)
  5. Trojaner Interpol Win XP - trotz abgesicherten Modus kein Zugriff
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (15)
  6. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (7)
  7. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Log-Analyse und Auswertung - 06.09.2013 (1)
  8. GVU Trojaner, kein Zugriff im angesicherten Modus auf Komandozeile cmd
    Log-Analyse und Auswertung - 06.09.2013 (3)
  9. GVU Trojaner kein Zugriff via Abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (15)
  10. GVU Trojaner und kein Zugriff auf abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (12)
  11. VISTA,weißer Bildschirm, kein abgesicherter Modus :-(
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (9)
  12. Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (63)
  13. Win7 Ukash Bundespolizei kein Zugriff mehr im normalen Modus
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (18)
  14. Win 7 startet nicht im abgesichertem Modus, kein Firewall Zugriff, langsame Internet-Verbindung
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (3)
  15. (2x) GEMA-Trojaner, kein Zugriff möglich, kein Laufwerk vorhanden
    Mülltonne - 25.03.2012 (1)
  16. BUNDESPOLIZEOVIRUS und kein ZUGRIFF auf ABGESICHERTEN MODUS
    Log-Analyse und Auswertung - 14.03.2012 (1)
  17. BKA , kein Zugriff auf abgesicherten Modus, Vista
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (15)

Zum Thema GVU auf Vista ; kein zugriff auf abgesischtern Modus! - Hallo , ich habe mir den GVU eingefangen . Wie im Titel beschrieben , kann ich nicht auf den abgesicherten Modus vom Profil zugreifen . Aber ich habe die Scans - GVU auf Vista ; kein zugriff auf abgesischtern Modus!...
Archiv
Du betrachtest: GVU auf Vista ; kein zugriff auf abgesischtern Modus! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.