Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 100€, GVU, Bildschirmsperre

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.02.2013, 17:19   #1
rougn
 
100€, GVU, Bildschirmsperre - Standard

100€, GVU, Bildschirmsperre



Hi Community
Ich habe mir so nen Plagegeist eingefangen, welcher angeblich von der GVU ist, dieser besagt wie die meisten seiner Art, zahlen und der Rechner ist frei.

Details:
Windows 7
Besitze OTL und muste es schon benutzen
Bin im Abgesicherten Modus mit Netztwerktreibern drinne

Hoffe ich werde auch diesen wieder schnell los...

MfG. Rougn

Alt 16.02.2013, 17:54   #2
DerJazzer
/// Malwareteam
 
100€, GVU, Bildschirmsperre - Standard

100€, GVU, Bildschirmsperre





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld
__________________

__________________

Alt 16.02.2013, 18:05   #3
DerJazzer
/// Malwareteam
 
100€, GVU, Bildschirmsperre - Standard

100€, GVU, Bildschirmsperre



Hallo und

Ich bin Christoph und möchte dir bei deinem Problem helfen.
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (Posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software außer Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen außer ich fordere Dich dazu auf. Erschwert mir nämlich das Auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein PC clean ist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Na wenn du OTL schon hast, dann los:

Starte bitte die OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________
__________________

Alt 16.02.2013, 18:19   #4
rougn
 
100€, GVU, Bildschirmsperre - Standard

100€, GVU, Bildschirmsperre



Otl.txt
Code:
ATTFilter
OTL logfile created on: 16.02.2013 18:10:22 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kevin\Desktop\Otl Antihacker
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,29 Gb Available Physical Memory | 82,35% Memory free
8,00 Gb Paging File | 7,34 Gb Available in Paging File | 91,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 249,68 Gb Free Space | 53,61% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kevin\Desktop\Otl Antihacker\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (Realtek11nSU) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-368359735-3512986943-1188958451-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-368359735-3512986943-1188958451-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-368359735-3512986943-1188958451-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 FD C9 9D 49 2D CD 01  [binary data]
IE - HKU\S-1-5-21-368359735-3512986943-1188958451-1000\..\SearchScopes,DefaultScope = {4BE7CB5C-3FB6-42B9-9A50-E7CF18A6220A}
IE - HKU\S-1-5-21-368359735-3512986943-1188958451-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-368359735-3512986943-1188958451-1000\..\SearchScopes\{4BE7CB5C-3FB6-42B9-9A50-E7CF18A6220A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKU\S-1-5-21-368359735-3512986943-1188958451-1000\..\SearchScopes\{D6F9A84A-F0EB-4B00-8231-52E652784248}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=e9102aff-7e69-4270-8182-b0859d9ab8c3&apn_sauid=9CA5BB15-FA66-4591-A6A4-B5FFF55004BB
IE - HKU\S-1-5-21-368359735-3512986943-1188958451-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-368359735-3512986943-1188958451-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2012.10.06 12:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions
[2012.10.06 12:04:03 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012.11.04 21:07:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2012.11.04 21:07:02 | 000,213,316 | ---- | M] () (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-21-368359735-3512986943-1188958451-1000..\Run: [Akamai NetSession Interface] C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-368359735-3512986943-1188958451-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk = C:\Users\Kevin\AppData\Local\Temp\0182328c.exe ()
F3:64bit: - HKU\S-1-5-21-368359735-3512986943-1188958451-1000 WinNT: Load - (C:\Users\Kevin\LOCALS~1\Temp\msbyhtoa.scr) - C:\Users\Kevin\LOCALS~1\Temp\msbyhtoa.scr (Microsoft Corporation)
F3 - HKU\S-1-5-21-368359735-3512986943-1188958451-1000 WinNT: Load - (C:\Users\Kevin\LOCALS~1\Temp\msbyhtoa.scr) - C:\Users\Kevin\LOCALS~1\Temp\msbyhtoa.scr (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-368359735-3512986943-1188958451-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-368359735-3512986943-1188958451-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{101BD352-79E4-4A32-A681-99B462CB3D4F}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E16353A-9066-481C-A0B1-A8EFB8DBACEA}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FA640AB-C33D-4F3A-AEA2-3EAA44573148}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FA640AB-C33D-4F3A-AEA2-3EAA44573148}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.16 17:01:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Local Settings
[2013.02.16 16:32:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\EA Games
[2013.02.15 16:01:43 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\League of Legends
[2013.02.13 21:18:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 21:18:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 21:18:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 21:18:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 21:18:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 21:18:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 21:18:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 21:18:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 21:18:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 21:18:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 21:18:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 21:18:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 21:18:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 21:18:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 21:18:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 17:08:32 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 17:08:31 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 17:08:31 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 17:07:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 17:07:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 17:07:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 17:07:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 17:07:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 17:07:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 17:07:31 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.12 19:24:47 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\TS3Client
[2013.02.12 19:24:22 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.02.12 19:24:13 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\TeamSpeak 3 Client
[2013.02.02 11:33:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.02 11:29:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.02 10:44:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.02 10:44:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.02 10:44:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.02 10:44:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.02 10:43:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.30 13:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.30 13:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.22 16:42:16 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\.minecraft
[2013.01.18 21:28:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Otl Antihacker
[2013.01.18 21:11:10 | 000,000,000 | ---D | C] -- C:\_OTL
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.16 17:11:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.16 17:11:18 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.16 17:09:18 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.16 17:09:17 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.16 17:09:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.16 17:07:19 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.16 17:01:18 | 000,000,966 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2013.02.16 17:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.16 16:35:19 | 000,001,418 | ---- | M] () -- C:\Users\Kevin\Desktop\deadspace3 - Verknüpfung (2).lnk
[2013.02.14 17:55:05 | 000,416,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.13 21:21:12 | 001,633,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.13 21:21:12 | 000,696,638 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.13 21:21:12 | 000,651,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.13 21:21:12 | 000,147,934 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.13 21:21:12 | 000,120,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.12 19:24:22 | 000,001,207 | ---- | M] () -- C:\Users\Kevin\Desktop\TeamSpeak 3 Client.lnk
[2013.02.10 22:02:00 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.10 22:02:00 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.30 13:52:48 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.21 14:07:45 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\The War Z.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.16 17:01:18 | 000,000,966 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2013.02.16 16:35:19 | 000,001,418 | ---- | C] () -- C:\Users\Kevin\Desktop\deadspace3 - Verknüpfung (2).lnk
[2013.02.12 19:24:22 | 000,001,207 | ---- | C] () -- C:\Users\Kevin\Desktop\TeamSpeak 3 Client.lnk
[2013.02.02 10:44:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.02 10:44:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.02 10:44:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.02 10:44:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.02 10:44:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.06 17:33:00 | 000,003,154 | ---- | C] () -- C:\Program Files (x86)\visit-nosteam.ro.html
[2012.10.06 17:33:00 | 000,000,081 | ---- | C] () -- C:\Program Files (x86)\update-borderlands2.bat
[2012.05.09 08:14:59 | 001,589,518 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.08 19:26:24 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 16.02.2013 18:10:22 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kevin\Desktop\Otl Antihacker
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,29 Gb Available Physical Memory | 82,35% Memory free
8,00 Gb Paging File | 7,34 Gb Available in Paging File | 91,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 249,68 Gb Free Space | 53,61% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-368359735-3512986943-1188958451-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0166402D-92EE-493B-B3D2-EF31ED37807A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{051D9E51-9A1F-494A-8634-41F73FE30CE0}" = lport=51941 | protocol=6 | dir=in | name=akamai netsession interface | 
"{0C4E719E-1376-479B-AF1D-82096D75D467}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{0E124F3A-599E-41C2-882E-F7D678BE7AAD}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{0F2F4276-6594-4874-8FB3-215D09B13322}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1D1AC684-E4B1-41DE-B9CB-8F65B48263C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1DC69871-6BD1-41C7-9030-478C3772801D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1ED8BC5A-2AF7-4911-8BD4-CA53AD9BC1F1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2A31C6E1-C13B-43C7-B211-2ED2DDB648BC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3B982C10-D570-42ED-8C3D-AFE26118A549}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{47612BF4-3DF7-491B-ACCD-47B5A452153C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4B262B4B-BF54-432B-A2FD-5CE8C5151AF4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5D9963EB-DCEF-48D6-BDE3-CD883801F1F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{70A44CF5-FE2A-497A-B3BD-874BF8BCDF57}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7D995CA8-B01B-4100-9EFD-EE7578C13FE6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{84B4FB04-09FD-4ABE-80FF-0FDB3CCE0E91}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{921F7FB6-3EB0-49E2-8E6E-0CEBAECB5ADE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{94F17AE6-B97A-46A0-BB6C-32BF70F95D5C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9A45AEDD-2A49-4753-BE62-69B86542F737}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9DD35D03-7DAA-47C8-BE75-FF90D9F2E7FE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A6BAA1B1-8359-4950-AE06-F5641AAB6A08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B3DBD73B-53FC-4B5F-98B0-2F5E87E14A89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BC2FDFC6-AD25-4ED4-9A7B-B14A5570975A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C61A6CFD-C183-4BBC-88BE-B6BFB97A384C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C637AEAA-50C5-4755-9900-5B3307B59562}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{CD184FE0-1634-42E2-90CC-763F0BF43D34}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{CF569350-5037-4621-BF38-8F4774FC8704}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DAD18166-8211-4183-95E0-C1176BDDDBCC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DE84C50C-FF86-4D73-BAC6-161BBDE013D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E349EC2F-A93D-4219-927B-0E89B942D946}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{E50C2B4D-84B0-4071-9CE3-9F2855E21EAE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E532608E-9F16-4C00-909F-7D3CF71E3716}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EAEEA4-57C6-49FC-A817-FEA811596F2C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{03176182-E8D9-4994-A485-15CF28AC30BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{03B2EA91-F0FC-4417-91EF-1CE60EFCDF81}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{06DE5CAA-2E33-4B0C-ADB8-BD941C4D61D9}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{083F7D5D-2C0B-4AFA-9F60-CE82F4759CBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splinter cell\system\splintercell.exe | 
"{0982240F-EA12-433B-B2F2-3A10E52CBB3B}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{0996B536-2327-496E-8094-48E20FE63FF3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{0C9E4099-CA00-4536-8B28-7BD1A2C34D13}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{0F8162B1-E007-48C7-BE3E-64BB348486C8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{0FE1334C-F5A3-4BC7-A459-14A6B0189545}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{10967AD9-7A8A-48A2-9E85-8965557020AE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{114A0A30-95E1-4DE2-8195-81F40DAF22C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{15AE66E7-CCC4-4A0E-9A22-BE2694280ACB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1935C14B-ABF5-4846-A0BB-B4262AA646D0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{19922618-9661-4AFC-9FE2-E740879BD571}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{2505FAE1-EC41-443F-834C-4DC52F650496}" = protocol=17 | dir=in | app=c:\users\kevin\appdata\local\akamai\netsession_win.exe | 
"{26F4357A-1FDE-4A02-82BF-C87E7EDDFDAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{270AF4FF-4E2F-46DF-B066-5EF1242CB294}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{28DC85A4-7E6D-4BBC-AF7F-CC7675BD3A2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2D6D465D-BC9B-4BB4-8FA8-C2ED5B517BA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{36AD228E-54E2-42A8-A287-95E7B039BA06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{41B27C5A-2695-469B-8745-448D7133C6A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{42032717-0EB8-48AF-90AB-4A928FA81DC8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4315A7AB-2951-4D10-A78E-84EAF8BB4CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{443E2FC1-62C3-4760-8C12-2C83E73A0573}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{453AB279-9C6D-43DF-8303-2E4BBD0F56A4}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{45CBAD8D-5441-44A2-AF6E-9DD87227071C}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{497852EC-DFC7-494B-9191-0E2683968B58}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{4F698B70-D3DD-4F0E-A168-58925E36BD4A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{521097D4-DD26-4050-A882-CA87EF26F791}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\borderlands 2 nosteam\binaries\win32\borderlands2.exe | 
"{52736525-EA67-4582-A086-066AEDE0DF72}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{52BF90F3-7B80-418F-A496-12A4F6516368}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{532EA2E4-55A0-4477-AD8D-F655395BA582}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{56F4A348-998A-497D-9D49-DE3D3FAC5C74}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{5D03653C-1124-492B-A910-5C0924D5C80D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{600920E7-CC2E-4AEE-B96D-152F522885D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{672020BE-B6B2-4A2C-A720-23721B943274}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6A450536-78AC-488D-99EE-FF7805EF892F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splinter cell\system\splintercell.exe | 
"{6AEA3005-C1D6-4889-B1FC-DFF2E328F655}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C13964B-1AEA-40EB-8A65-2545E986920F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{6D73525C-33EF-4FD6-A036-B6A1EB82E025}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\borderlands 2 nosteam\binaries\win32\borderlands2.exe | 
"{73462D1A-0E89-4E7A-BDA6-6AF7A470D039}" = dir=in | app=c:\users\kevin\documents\the war z\warz.exe | 
"{78F92018-4BD1-481E-B021-D121D8AD407B}" = protocol=58 | dir=in | app=system | 
"{7B15F1CB-D9BE-44D9-996A-6CFBFA2BC523}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{7BC87383-5558-4F5A-A5C5-0B62CE1BE6B2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7D510731-2443-4EA5-8C5B-CB5DD2A76D27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{827746A1-AA25-421E-A833-985E05DBBF74}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{9041EB6E-D298-44A9-BE66-144B09B21776}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{918B9271-8E0A-4940-A9B7-E421C820CB58}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{91A9579D-D88C-416B-813C-2C6890477D9E}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{91C395BD-5718-4E08-868F-840110BE1B76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{97AC036C-2A6D-41AA-A4F3-BFC5832967CD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{97C6922C-5DED-45AA-8C2C-051E48C2E04D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{9847AFCB-C0CB-4AF7-9ACF-4C5E7F0072DB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{9C3A39EC-1885-4CC9-BD7E-A6C5F71B662B}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe | 
"{A1C394E3-9AA9-42AC-814C-5ABB07E41A79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A212659B-FE5B-497B-8BF4-8A964DD7D88E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A37C6EB0-B9A5-44C3-B4F5-9D70105511D0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{AB40547F-5990-45D1-99AD-721E0F67962A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{B1F93134-B610-41EF-A92F-4AB630843A27}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{B7463571-F0E8-447A-BC59-E4C2D41DBCEF}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{B747AA8B-2D4E-459D-8F4B-01643A94EB12}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{B774D590-0A15-4CE4-AE68-3E63DFDF7CA8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B7CD4773-DEC3-4ECC-B7B9-8CAE308637BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{B829B004-29D9-497D-B276-2088367172EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{B9ECF2D6-2F05-41CA-9975-E6DAC29F12EF}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe | 
"{BA89CF65-12BA-4F28-84D0-F2D23CB580A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC63101C-1B36-4636-921B-05DEA45EAC4D}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{BE90AF0D-9CF1-400E-B609-35195E56F3DA}" = protocol=6 | dir=out | app=system | 
"{C4033367-6743-4C71-A4C5-CB5326E8B039}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{C4E3735E-BC2C-42ED-9AB4-217121AF0C73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C650F8C0-21DD-480A-B022-7E7FD1D0D2DA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{C6A627C7-767E-4172-AE8A-69B3EBEFCEED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C6E09351-F762-4107-92C9-F1B28F37FC9A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{C8A2359F-9CA5-4272-A4FC-C8BF9A412FE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8B9245F-0599-4614-9F70-3FA0D63D3D8A}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{CB14A6C2-6BB4-402B-A525-EA0CE91F7E11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB78924D-4933-4E38-AF57-ADDD9531D63E}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{CDEC0012-CCC0-4DB5-953A-9058FFD6E765}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{CF0FDA9B-9709-43B5-882A-7E44BC296BDC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{D29A49E7-D96F-45BD-BD23-322EBC2034E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{D688EA37-3B65-4138-9234-43F96918C3DA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{D8533DA1-9B80-4BD7-AE08-15DB798640C1}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{DB9160DB-3D96-46AA-8C64-33C9A9876526}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{DE2A693A-A91E-472F-9D5E-00E144E76EB3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{E1DFED41-8B2A-4DB6-A06E-3E2D9C4E7EAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E488EE53-97D3-49D4-8D37-4A932EA3C1B2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{EC8B4791-8C67-4663-A371-BF9C8852E4A6}" = protocol=6 | dir=in | app=c:\users\kevin\appdata\local\akamai\netsession_win.exe | 
"{EF712387-5F0B-41E8-8C1F-0A2413C96601}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F2103EC2-B8C9-49A5-8993-8AF9CBEE7D23}" = protocol=17 | dir=in | app=c:\program files (x86)\borderlands 2 nos team\binaries\win32\borderlands2.exe | 
"{F6D0EF2A-5AAF-4EA7-959B-A213FB6AD9FF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{FBBAD343-2E3E-4152-A9A2-3D3EDAAC980D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{FCAF2EB8-7456-4A3D-890F-03C21B44403A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FEB75948-B537-4D62-89AC-9B2846C84BCD}" = protocol=6 | dir=in | app=c:\program files (x86)\borderlands 2 nos team\binaries\win32\borderlands2.exe | 
"{FF6EE780-BA6D-4582-9D9A-EF63569EE364}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"TCP Query User{139E60C8-86E8-4213-8CE2-989E11443501}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{16BFEC57-5CC9-4569-95C0-6D833F16159C}C:\program files (x86)\borderlands 2 nosteam\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\borderlands 2 nosteam\binaries\win32\borderlands2.exe | 
"TCP Query User{1A992380-BE2A-4B42-AB0E-CE5FAF7A9209}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{2BF54C9B-8493-4218-9627-E4A8C9F4B03A}C:\program files (x86)\borderlands 2 nosteam\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\borderlands 2 nosteam\binaries\win32\borderlands2.exe | 
"TCP Query User{39555FE3-B977-4EF3-8C57-A5E44A8AEA83}C:\program files (x86)\2k games\borderlands 2\borderlands 2 nosteam\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\borderlands 2 nosteam\binaries\win32\borderlands2.exe | 
"TCP Query User{3DE44A1C-341F-4791-B644-D622B95A5B3E}C:\users\kevin\downloads\assassin's creed iii pc game  ^^nosteam^^\assassin's creed 3\ac3sp.exe" = protocol=6 | dir=in | app=c:\users\kevin\downloads\assassin's creed iii pc game  ^^nosteam^^\assassin's creed 3\ac3sp.exe | 
"TCP Query User{4B9B4BE7-624D-47D0-A3D8-8A9DB7F899DD}C:\program files (x86)\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{5EF2E1FD-4929-42BE-8827-6AB813EBA948}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | 
"TCP Query User{784247D6-B155-4194-85C2-35DA00038024}C:\windows\temp\temp12.exe" = protocol=6 | dir=in | app=c:\windows\temp\temp12.exe | 
"TCP Query User{7FBBB15A-F16D-43A2-912C-C37A12186216}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{85A1E7AE-72D3-48DC-B36B-AAAD7D864742}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{9030F257-9924-4985-A109-DE988AE155C3}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"TCP Query User{D0FEFAFA-E5F2-4DD2-A9A1-25FA11494C56}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{D2E7CC87-DE6C-4F30-B326-5E8F708F294D}C:\users\kevin\downloads\borderlands 2 pc full game  ^^nosteam^^\borderlands 2 nosteam\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\users\kevin\downloads\borderlands 2 pc full game  ^^nosteam^^\borderlands 2 nosteam\binaries\win32\borderlands2.exe | 
"TCP Query User{D8737431-05E6-4DC9-BC48-9C3688664013}C:\program files (x86)\borderlands 2 nos team\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\borderlands 2 nos team\binaries\win32\borderlands2.exe | 
"TCP Query User{DDFAF3BF-9236-4FE4-9BD5-E7709F115F68}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{EB18F9E5-6C7B-4214-AC24-31CB8E6BA332}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{EE2139AB-3D37-4C10-8930-18123AF9013E}C:\users\kevin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{F1A2CFB8-999D-4840-9DDB-34C96D9666F2}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{F9E4C150-FCFA-4281-A947-80CF49162614}C:4\alex\diablo\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:4\alex\diablo\diablo iii\diablo iii.exe | 
"UDP Query User{1736A7B5-F73D-4DB8-BE2D-F14B3AD1EDF1}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{173753AB-55C5-430A-9D51-614C9E8EEC8A}C:4\alex\diablo\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:4\alex\diablo\diablo iii\diablo iii.exe | 
"UDP Query User{1968B88E-788D-4DFC-AFCA-A4F92CFFC6E6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{1E9D0ADE-086E-4B25-9697-7E2785D91B8A}C:\program files (x86)\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{216A930B-4BED-4FC8-9DFA-C3930F2EEDAE}C:\program files (x86)\borderlands 2 nosteam\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\borderlands 2 nosteam\binaries\win32\borderlands2.exe | 
"UDP Query User{22695028-E4D6-4877-8D48-5865334CF839}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{23F2B4B5-53BE-4108-A954-7FE56B8C2376}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{30F2EA86-D52F-4741-A931-A77A0E8A9D5F}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{6F20DCD8-729A-4F1B-8D8A-8C5233BF3BFE}C:\program files (x86)\borderlands 2 nos team\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\borderlands 2 nos team\binaries\win32\borderlands2.exe | 
"UDP Query User{765718A9-6624-47AE-A0F7-622AC7B65C72}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | 
"UDP Query User{919AFDC1-6587-43B4-A7A1-F2CB4E03C038}C:\program files (x86)\borderlands 2 nosteam\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\borderlands 2 nosteam\binaries\win32\borderlands2.exe | 
"UDP Query User{B6E50A6B-4328-446F-82FA-E9569D339AA8}C:\windows\temp\temp12.exe" = protocol=17 | dir=in | app=c:\windows\temp\temp12.exe | 
"UDP Query User{C3DCEB08-8013-472D-B3BE-44FC0E3B3499}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{D73AFC8B-E1DC-44AC-8270-4742E4D77A27}C:\users\kevin\downloads\borderlands 2 pc full game  ^^nosteam^^\borderlands 2 nosteam\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\users\kevin\downloads\borderlands 2 pc full game  ^^nosteam^^\borderlands 2 nosteam\binaries\win32\borderlands2.exe | 
"UDP Query User{DC0F7327-7D0E-4C63-A551-C50DB186BCB3}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"UDP Query User{DD1DDB1C-A44F-4528-BA68-7E109F60540F}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{E41BE98D-6655-4691-8FF3-BDE6FDFB8A44}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{E6198034-35A2-4B86-B5CF-F2176363CEE9}C:\users\kevin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{FBF446D3-3429-44C5-AD27-88BFB39FC289}C:\users\kevin\downloads\assassin's creed iii pc game  ^^nosteam^^\assassin's creed 3\ac3sp.exe" = protocol=17 | dir=in | app=c:\users\kevin\downloads\assassin's creed iii pc game  ^^nosteam^^\assassin's creed 3\ac3sp.exe | 
"UDP Query User{FDA51FED-EC5D-47D9-8D1C-2E18A48E12C3}C:\program files (x86)\2k games\borderlands 2\borderlands 2 nosteam\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\borderlands 2 nosteam\binaries\win32\borderlands2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON SX230 Series" = EPSON SX230 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Opera 12.02.1578" = Opera 12.02
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{224E185A-DCC7-45C5-B04D-77E6CE82D83E}_is1" = tConfig version 0.28.2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version 1.0
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Diablo III" = Diablo III
"Dishonored_is1" = Dishonored
"Elsword_DE_is1" = Elsword_DE
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX230 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX230 Series
"EPSON SX230 Series Useg" = Benutzerhandbuch EPSON SX230 Series
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Google Chrome" = Google Chrome
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 105600" = Terraria
"Steam App 113200" = The Binding Of Isaac
"Steam App 1250" = Killing Floor
"Steam App 13560" = Tom Clancy's Splinter Cell
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 620" = Portal 2
"Terraria Game Launcher GUI_is1" = Terraria Game Launcher GUI version 1.2.2
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-368359735-3512986943-1188958451-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.02.2013 05:22:59 | Computer Name = Kevin-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 11.02.2013 05:23:00 | Computer Name = Kevin-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 11.02.2013 14:53:12 | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.02.2013 09:26:09 | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2013 11:35:08 | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.02.2013 12:56:31 | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.02.2013 09:44:06 | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.02.2013 09:48:05 | Computer Name = Kevin-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 16.02.2013 05:01:27 | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.02.2013 12:08:15 | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 08.02.2013 08:51:17 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 08.02.2013 08:51:17 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 09.02.2013 04:40:20 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 09.02.2013 04:40:20 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 10.02.2013 05:51:11 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 10.02.2013 05:51:11 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 11.02.2013 04:41:27 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 11.02.2013 04:41:27 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 11.02.2013 05:02:15 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 11.02.2013 05:02:15 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
Falls die vorliegenden Daten nicht genug seien sollten, einfach bescheit sagen ^^

Nach einer kleinen Warterei, habe ich mich schlussentlich dafür entschieden meinen PC zu formatieren und alles neu drauf zu machen

MfG. Rougn

Alt 17.02.2013, 12:19   #5
DerJazzer
/// Malwareteam
 
100€, GVU, Bildschirmsperre - Standard

100€, GVU, Bildschirmsperre



Du solltest dich ein wenig in Geduld üben. Wir machen das hier alles in unserer Freizeit, was aber nicht heißt, dass wir unsere gesamte Freizeit hier verbringen. Abgesehen davon finde ich es durchaus legitim, an einem Samstag Abend nicht vor dem PC zu sitzen und auf Antworten von Usern zu warten, die schon das dritte Mal wegen derselben Sache hier sind und offensichtlich die Hinweise und Tipps, die wir ihnen bezüglich Absicherung des PCs und sicherem Umgamg mit dem Internet geben, nicht beachten. Die vom TB werden's ja richten.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Antwort

Themen zu 100€, GVU, Bildschirmsperre
abgesicherte, abgesicherten, abgesicherten modus, angeblich, bildschirmsperre, eingefangen, gefangen, gen, modus, plagegeist, rechner, schnell, zahlen



Ähnliche Themen: 100€, GVU, Bildschirmsperre


  1. Windows 7 64-bit: Kurzzeitige Bildschirmsperre, beschädigter abgesicherter Modus.
    Log-Analyse und Auswertung - 22.12.2013 (13)
  2. Interpol Virus Bildschirmsperre
    Log-Analyse und Auswertung - 19.12.2013 (5)
  3. Virus mit Bildschirmsperre, abegsichter Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 07.12.2013 (30)
  4. Windows 7: Interpol Meldung, Bildschirmsperre
    Plagegeister aller Art und deren Bekämpfung - 18.10.2013 (15)
  5. Windows 7: Interpol Trojaner mit Bildschirmsperre
    Log-Analyse und Auswertung - 04.10.2013 (3)
  6. wgsdgsdgdsgsd.exe mit Bildschirmsperre
    Log-Analyse und Auswertung - 30.01.2013 (13)
  7. Bildschirmsperre: Bundespolizei trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (4)
  8. Bildschirmsperre Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (9)

Zum Thema 100€, GVU, Bildschirmsperre - Hi Community Ich habe mir so nen Plagegeist eingefangen, welcher angeblich von der GVU ist, dieser besagt wie die meisten seiner Art, zahlen und der Rechner ist frei. Details: Windows - 100€, GVU, Bildschirmsperre...
Archiv
Du betrachtest: 100€, GVU, Bildschirmsperre auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.