Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Programme brauchen lange zum starten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.02.2013, 19:17   #16
markusg
/// Malware-holic
 
Programme brauchen lange zum starten - Standard

Programme brauchen lange zum starten



deinstaliere:
3ivx
Adobe Media
Adobe Reader
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Adobe Story
AviSynth
Citron
ControlSpy
DayZ
Detours
DivX
DriverTuner
ESN
Fraps
Free FLV
Free Video
Game
glu
HijackThis
iFunbox
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
No23
ProxySwitcher
Psi
PSP
Rainmeter
Search-Results
SecurityKISS
Sonarca
Steganos
SWF
Winspector
Wireshark

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.02.2013, 19:35   #17
ryuk
 
Programme brauchen lange zum starten - Standard

Programme brauchen lange zum starten



also 1. habe ich gerade festgestellt das Opera keine 2 Minuten zum starten gebraucht hat, scheinbar ist jetzt alles wieder gut. Danke für deine schnelle und kompetente Hilfe!
Hier ist noch der Log
Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 18/02/2013 um 19:30:26 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Root - SYSTEMROOT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Root\Desktop\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Root\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Root\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Root\AppData\Roaming\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Root\AppData\Roaming\Mozilla\Firefox\Profiles\02ptezpp.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.95

Datei : C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.70] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=343&systemid=2&apn_dtid=I[...]

-\\ Opera v12.11.1661.0

Datei : C:\Users\Root\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2645 octets] - [18/02/2013 19:30:26]

########## EOF - C:\AdwCleaner[S1].txt - [2705 octets] ##########
         
__________________


Alt 18.02.2013, 19:54   #18
markusg
/// Malware-holic
 
Programme brauchen lange zum starten - Standard

Programme brauchen lange zum starten



Hi,
das is ja schon mal was.
Lade bitte Hitmanpro:
HitmanPro - Download - Filepony
Doppelklicken, Lizenz, Testlizenz.
Dann auf Scan, nichts löschen.
Auf weiter, Log als XML exportieren, und posten, bzw packen und anhängen.
__________________
__________________

Alt 18.02.2013, 20:12   #19
ryuk
 
Programme brauchen lange zum starten - Standard

Programme brauchen lange zum starten



also ich habe irgendwas falsch gemacht beim 1. versuch. das mit logdatei speichern habe ich zuerst nicht gefunden und einfach auf weiter gedrückt, da ich dachte das dieser knopf später kommt aber dann wurden alle gefärlichen dateien gelöscht :/.
hier ist die logdatei nach dem 2. anlauf
Code:
ATTFilter
HitmanPro 3.7.2.188
www.hitmanpro.com

   Computer name . . . . : SYSTEMROOT
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Systemroot\Root
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-02-18 20:05:18
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 14

   Objects scanned . . . : 2.759.489
   Files scanned . . . . : 64.611
   Remnants scanned  . . : 1.511.863 files / 1.183.015 keys

Suspicious files ____________________________________________________________

   C:\Users\Root\AppData\Local\PunkBuster\APB\pb\pbcl.dll
      Size . . . . . . . : 953.905 bytes
      Age  . . . . . . . : 182.2 days (2012-08-20 15:40:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 9A5BDD44D0817FE21A154412B5989E157455BC24ADBCB238376F73FCEFB14696
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Root\AppData\Local\PunkBuster\APB\pb\PnkBstrK.sys
      Size . . . . . . . : 138.992 bytes
      Age  . . . . . . . : 182.2 days (2012-08-20 15:40:19)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 17E604316606C999C87C896508B3525E4897DFA1522FEE01B86524F46B3D9B3D
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Root\AppData\Local\PunkBuster\BF2\pb\pbcl.dll
      Size . . . . . . . : 910.029 bytes
      Age  . . . . . . . : 338.0 days (2012-03-17 19:19:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 03A037A66ECE5964E3F2915BC6C807D3A74F9F1160405FE1CF446ECE78887A69
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Root\AppData\Local\PunkBuster\BF2\pb\PnkBstrK.sys
      Size . . . . . . . : 138.520 bytes
      Age  . . . . . . . : 338.0 days (2012-03-17 19:15:51)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 787381760B879F39B06762B4AB4B7EB2D9C61FCCEF1C88769BF0C44B67AC1612
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Root\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 82.2 days (2012-11-28 15:05:38)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Root\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 78.1 days (2012-12-02 18:04:55)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Root\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 82.2 days (2012-11-28 15:05:12)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Root\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 139.328 bytes
      Age  . . . . . . . : 82.2 days (2012-11-28 15:05:27)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : F6552C37C04FD92554BD715F9E98B41E3D711C8AC37C757FBCFDDD69738FBE5E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Root\AppData\Local\PunkBuster\COD4\pb\dll\wc002318.dll
      Size . . . . . . . : 967.165 bytes
      Age  . . . . . . . : 150.0 days (2012-09-21 19:58:36)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : B1B32990F47ED2E39EB18AEA0839D9521B87E9ED18C0BCA8E2C6873FBA9D6494
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Root\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
      Size . . . . . . . : 967.165 bytes
      Age  . . . . . . . : 92.9 days (2012-11-17 22:01:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : B1B32990F47ED2E39EB18AEA0839D9521B87E9ED18C0BCA8E2C6873FBA9D6494
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Root\AppData\Local\PunkBuster\COD4\pb\pbclold.dll
      Size . . . . . . . : 967.165 bytes
      Age  . . . . . . . : 233.5 days (2012-06-30 09:04:27)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : B1B32990F47ED2E39EB18AEA0839D9521B87E9ED18C0BCA8E2C6873FBA9D6494
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Root\AppData\Local\PunkBuster\COD4\pb\pbcls.dll
      Size . . . . . . . : 967.213 bytes
      Age  . . . . . . . : 233.5 days (2012-06-30 09:04:27)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4BD30C84D354E3B8B5236F48F62718D6E4F2A6DAA303365B6DFCE45D21DFE853
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Root\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys
      Size . . . . . . . : 139.832 bytes
      Age  . . . . . . . : 233.5 days (2012-06-30 09:14:14)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 3CB5C8CB071375FDE6E9269000B78E65DB29D585B2775E66C8B9F6E47E0012D1
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.


Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-2467767842-2809315797-3914323744-1005\Software\Datamngr\ (SearchQU)
         

Alt 18.02.2013, 20:15   #20
markusg
/// Malware-holic
 
Programme brauchen lange zum starten - Standard

Programme brauchen lange zum starten



lösch mal noch den Fund:
HKU\S-1-5-21-2467767842-2809315797-3914323744-1005\Software\Datamngr
smit hitmanpro
starte neu,poste ein neues OTL log.
evtl. fehlen dir dann Dateien,falls es Fehlalarme beim Scan gab musst du mal nachprüfen und sie evtl. neu laden

poste mir ein neues otl log.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.02.2013, 20:41   #21
ryuk
 
Programme brauchen lange zum starten - Standard

Programme brauchen lange zum starten



habe ein log nachdieser anleitung erstellt, http://www.trojaner-board.de/85104-o...-oldtimer.html
OLT
Code:
ATTFilter
OTL logfile created on: 18.02.2013 20:25:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Root\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 5.82 Gb Available Physical Memory | 72.93% Memory free
15.96 Gb Paging File | 13.84 Gb Available in Paging File | 86.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 205.29 Gb Free Space | 55.10% Space Free | Partition Type: NTFS
Drive D: | 540.23 Gb Total Space | 157.70 Gb Free Space | 29.19% Space Free | Partition Type: NTFS
Drive E: | 100.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SYSTEMROOT | User Name: Root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Users\Root\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe (IObit)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files (x86)\IObit\Game Booster 3\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dump_wmimmc) -- C:\Program Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys File not found
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) -- C:\Windows\SysNative\drivers\vrtaucbl.sys (Eugene V. Muzychenko)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2467767842-2809315797-3914323744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2467767842-2809315797-3914323744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2467767842-2809315797-3914323744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 5D 8C C3 0E 02 CD 01  [binary data]
IE - HKU\S-1-5-21-2467767842-2809315797-3914323744-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2467767842-2809315797-3914323744-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2467767842-2809315797-3914323744-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B8f8fe09b-0bd3-4470-bc1b-8cad42b8203a%7D:0.17
FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
FF - prefs.js..extensions.enabledAddons: %7B563e4790-7e70-11da-a72b-0800200c9a66%7D:0.9f
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
FF - prefs.js..extensions.enabledAddons: admin%40proxy-listen.de:1.0.4.5
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Root\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Root\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Password Manager 2012\spmplugin3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.09 14:20:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.17 19:20:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.17 19:20:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.17 19:20:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.17 19:20:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.17 19:20:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.03 14:30:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.18 19:25:41 | 000,000,000 | ---D | M]
 
[2012.10.17 15:54:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Root\AppData\Roaming\mozilla\Extensions
[2013.01.26 12:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Root\AppData\Roaming\mozilla\Firefox\Profiles\02ptezpp.default\extensions
[2012.10.17 15:57:44 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Root\AppData\Roaming\mozilla\Firefox\Profiles\02ptezpp.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012.12.16 13:20:02 | 000,013,955 | ---- | M] () (No name found) -- C:\Users\Root\AppData\Roaming\mozilla\firefox\profiles\02ptezpp.default\extensions\admin@proxy-listen.de.xpi
[2012.12.13 14:45:11 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\Root\AppData\Roaming\mozilla\firefox\profiles\02ptezpp.default\extensions\firebug@software.joehewitt.com.xpi
[2012.12.14 14:46:50 | 000,010,707 | ---- | M] () (No name found) -- C:\Users\Root\AppData\Roaming\mozilla\firefox\profiles\02ptezpp.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi
[2012.12.14 14:53:17 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\Root\AppData\Roaming\mozilla\firefox\profiles\02ptezpp.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2012.12.14 14:51:53 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Root\AppData\Roaming\mozilla\firefox\profiles\02ptezpp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.01.26 12:46:26 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Root\AppData\Roaming\mozilla\firefox\profiles\02ptezpp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.12.05 14:34:49 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Root\AppData\Roaming\mozilla\firefox\profiles\02ptezpp.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012.12.06 15:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.06 15:45:30 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.10 12:58:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.bearshare.net
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.bearshare.net
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Root\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Root\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Root\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - Extension: Media Hint = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.12_0\
CHR - Extension: YouTube = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig
CHR - Extension: AdBlock = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Linkbucks skip = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjpndobkiolgpnpagkhnknhinnpoajmd\1.6_0\
CHR - Extension: HTTP Headers = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\hplfkkmefamockhligfdcfgfnbcdddbg\1.0.0.2_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Linkbucks Bypass = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfjdbebcogpgoffmnpkbpelaindeedjn\1.1_0\
CHR - Extension: billiger.de Sparberater = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbifbkkajempdkfhlidjfmbfaoihageg\1.4.9_0\
CHR - Extension: Autofill = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2013.02.18 15:49:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-21-2467767842-2809315797-3914323744-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2467767842-2809315797-3914323744-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2467767842-2809315797-3914323744-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2467767842-2809315797-3914323744-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2467767842-2809315797-3914323744-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2467767842-2809315797-3914323744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2467767842-2809315797-3914323744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2467767842-2809315797-3914323744-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2467767842-2809315797-3914323744-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2467767842-2809315797-3914323744-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AE6F90E-32AB-46D3-ABA6-31FC2CE7A67C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.01 01:18:53 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.18 20:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.02.18 19:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.02.18 19:33:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.18 19:27:36 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.02.18 19:27:30 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.02.18 19:27:30 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.02.18 19:27:30 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.02.18 16:27:35 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Roaming\Malwarebytes
[2013.02.18 16:27:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.18 16:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.18 16:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.18 16:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.18 15:41:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.18 15:41:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.18 15:41:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.18 15:41:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.18 15:41:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.18 15:40:39 | 005,033,910 | R--- | C] (Swearware) -- C:\Users\Root\Desktop\ComboFix.exe
[2013.02.17 20:36:13 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Root\Desktop\tdsskiller.exe
[2013.02.17 18:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.02.17 18:52:27 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.02.17 18:51:43 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.02.17 18:26:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.17 12:47:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Root\Desktop\OTL.exe
[2013.02.17 00:10:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.17 00:10:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.17 00:10:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.17 00:10:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.17 00:10:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.17 00:10:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.17 00:10:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.17 00:10:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.17 00:10:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.17 00:10:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.17 00:10:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.17 00:10:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.17 00:10:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.17 00:10:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.17 00:10:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.16 20:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye
[2013.02.16 20:09:45 | 011,216,224 | ---- | C] (Igor Pavlov) -- C:\Users\Root\Desktop\ARMA2_OA_Build_101480.exe
[2013.02.16 19:35:05 | 000,000,000 | ---D | C] -- C:\Users\Root\Documents\BIS Core Engine Other Profiles
[2013.02.16 19:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2013.02.16 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Root\Documents\BIS Core Engine
[2013.02.16 19:30:51 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.16 19:30:50 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.16 19:30:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.16 19:29:57 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.16 19:29:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.16 19:29:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.16 19:29:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.16 19:29:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.16 19:29:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.16 19:29:45 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.16 19:29:07 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Local\Play withSIX
[2013.02.16 19:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks
[2013.02.16 19:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks
[2013.02.15 20:09:44 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Roaming\DivX
[2013.02.15 14:13:48 | 000,000,000 | ---D | C] -- C:\Users\Root\Desktop\FTB
[2013.02.15 14:13:29 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Roaming\ftblauncher
[2013.02.10 19:23:49 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Roaming\ts3overlay_hook_win64
[2013.02.10 19:23:48 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Roaming\ts3overlay
[2013.02.09 14:21:13 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Local\DDMSettings
[2013.02.09 14:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.02.09 14:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.02.09 14:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013.02.09 14:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.02.09 14:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013.02.09 14:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2013.02.09 14:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2013.02.06 15:46:50 | 000,000,000 | ---D | C] -- C:\Users\Root\Desktop\VariableTriggers
[2013.02.06 15:46:47 | 000,000,000 | ---D | C] -- C:\Users\Root\Desktop\SNAP
[2013.02.06 15:46:45 | 000,000,000 | ---D | C] -- C:\Users\Root\Desktop\BATTERY
[2013.02.06 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\Root\Desktop\SLOT
[2013.02.05 14:32:07 | 001,757,264 | ---- | C] (None) -- C:\Users\Root\Desktop\VisualBoyAdvance.exe
[2013.02.04 16:45:06 | 000,000,000 | ---D | C] -- C:\Users\Root\Desktop\BackUp
[2013.02.04 15:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\0xRH
[2013.02.04 15:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\0xRH
[2013.02.03 14:16:54 | 000,000,000 | ---D | C] -- C:\Users\Root\Desktop\pokemon
[2013.02.03 00:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PWUnmask
[2013.02.03 00:43:49 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Unmask
[2013.02.03 00:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Password Unmask
[2013.02.03 00:36:24 | 000,483,328 | ---- | C] (Simon Tatham) -- C:\Users\Root\Desktop\putty.exe
[2013.02.02 12:47:06 | 000,000,000 | ---D | C] -- C:\Users\Root\Desktop\TERA Guides
[2013.02.01 11:57:10 | 000,000,000 | ---D | C] -- C:\Users\Root\Desktop\kavkisfile.com-01-Feb-2013
[2013.01.31 18:21:07 | 000,040,448 | ---- | C] (NirSoft) -- C:\Users\Root\Desktop\OperaPassView.exe
[2013.01.30 23:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flyff
[2013.01.30 23:23:00 | 000,000,000 | ---D | C] -- C:\Users\Root\Desktop\Cave Story+
[2013.01.28 20:53:44 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Roaming\tor
[2013.01.28 20:53:38 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Roaming\Vidalia
[2013.01.28 20:49:33 | 000,000,000 | ---D | C] -- C:\Users\Root\Desktop\SciLorsGrooveshark.comDownloaderV0.4.9.7
[2013.01.19 22:45:04 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Local\kJKxc2SrE2J0FNouaB
[2012.07.14 20:51:23 | 086,400,840 | ---- | C] (K2 Network, Inc.) -- C:\Users\Root\APB_Reloaded_Installer.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.18 19:40:22 | 000,014,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 19:40:22 | 000,014,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 19:33:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.18 19:33:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.18 19:33:12 | 2133,561,343 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.18 19:29:56 | 000,587,671 | ---- | M] () -- C:\Users\Root\Desktop\adwcleaner0.exe
[2013.02.18 19:27:28 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.02.18 19:27:28 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.02.18 19:27:28 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.02.18 19:27:28 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.02.18 19:27:28 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.02.18 19:27:28 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.02.18 19:21:51 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.18 19:21:51 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.18 16:27:27 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.18 15:49:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.18 15:41:21 | 005,033,910 | R--- | M] (Swearware) -- C:\Users\Root\Desktop\ComboFix.exe
[2013.02.18 14:05:24 | 000,002,348 | ---- | M] () -- C:\Users\Root\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.02.17 20:36:13 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Root\Desktop\tdsskiller.exe
[2013.02.17 19:20:13 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.02.17 19:20:12 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.02.17 18:52:28 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.02.17 17:59:32 | 000,044,914 | ---- | M] () -- C:\Users\Root\Desktop\logs.zip
[2013.02.17 13:27:18 | 000,374,784 | ---- | M] () -- C:\Users\Root\Desktop\GMER_2.1.18952.exe
[2013.02.17 13:10:53 | 000,000,000 | ---- | M] () -- C:\Users\Root\defogger_reenable
[2013.02.17 12:47:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Root\Desktop\OTL.exe
[2013.02.17 12:47:09 | 000,050,477 | ---- | M] () -- C:\Users\Root\Desktop\Defogger.exe
[2013.02.17 11:46:20 | 005,478,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.17 01:06:52 | 001,641,818 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.17 01:06:52 | 000,699,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.17 01:06:52 | 000,654,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.17 01:06:52 | 000,149,164 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.17 01:06:52 | 000,122,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.16 21:50:44 | 000,537,171 | ---- | M] () -- C:\Users\Root\Desktop\FTB_Launcher.exe
[2013.02.12 20:37:07 | 000,000,872 | ---- | M] () -- C:\Users\Root\Desktop\InVisible.bat
[2013.02.10 10:53:09 | 000,000,097 | ---- | M] () -- C:\Users\Root\Documents\aw.swr
[2013.02.06 16:05:16 | 000,000,762 | ---- | M] () -- C:\Users\Root\Desktop\desmume.ini
[2013.02.06 15:48:18 | 000,001,536 | ---- | M] () -- C:\Users\Root\Desktop\NO$GBA.INP
[2013.02.05 20:31:13 | 000,116,370 | ---- | M] () -- C:\Users\Root\530033_335463309876823_1442398377_n.jpg
[2013.02.05 14:59:22 | 000,075,378 | ---- | M] () -- C:\Users\Root\Documents\poke1.SNA
[2013.02.05 14:34:51 | 000,065,536 | ---- | M] () -- C:\Users\Root\Desktop\Pokemon - Smaragd-Edition (G).sav
[2013.02.05 14:34:51 | 000,002,019 | ---- | M] () -- C:\Users\Root\Desktop\vba.ini
[2013.02.04 16:45:06 | 000,000,570 | ---- | M] () -- C:\Users\Root\Desktop\slot machine.au3
[2013.02.04 16:44:23 | 000,000,259 | ---- | M] () -- C:\Users\Root\SciTE.session
[2013.02.04 16:42:08 | 000,301,989 | ---- | M] () -- C:\Users\Root\Desktop\slot machine.exe
[2013.02.04 15:56:37 | 000,002,779 | ---- | M] () -- C:\Users\Public\Desktop\GBA Pokemon Game Editor.lnk
[2013.02.03 19:23:34 | 000,000,600 | ---- | M] () -- C:\Users\Root\AppData\Local\PUTTY.RND
[2013.02.03 00:40:22 | 000,000,600 | ---- | M] () -- C:\Users\Root\AppData\Roaming\winscp.rnd
[2013.02.03 00:40:01 | 000,013,993 | ---- | M] () -- C:\Users\Root\Desktop\WinSCP.ini
[2013.02.03 00:36:24 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\Root\Desktop\putty.exe
[2013.02.02 12:50:05 | 000,001,178 | ---- | M] () -- C:\Users\Root\Desktop\TERA-Launcher.exe - Verknüpfung.lnk
[2013.01.31 19:36:51 | 000,000,384 | ---- | M] () -- C:\Users\Root\Desktop\OperaPassView.cfg
[2013.01.31 13:11:11 | 000,000,681 | ---- | M] () -- C:\Users\Root\Desktop\Flyff.lnk
[2013.01.31 10:26:47 | 011,216,224 | ---- | M] (Igor Pavlov) -- C:\Users\Root\Desktop\ARMA2_OA_Build_101480.exe
[2013.01.28 20:49:26 | 011,040,791 | ---- | M] () -- C:\Users\Root\Desktop\SciLorsGrooveshark.comDownloaderV0.4.9.7.zip
[2013.01.28 10:39:37 | 127,061,846 | ---- | M] () -- C:\Users\Root\Desktop\Uplink Source.rar
[2013.01.27 20:01:56 | 000,000,132 | ---- | M] () -- C:\Users\Root\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.01.27 15:31:24 | 000,011,326 | ---- | M] () -- C:\Users\Root\Desktop\lastlogin-decoder.jar
[2013.01.26 23:10:20 | 000,000,342 | ---- | M] () -- C:\Users\Root\Desktop\RECONNECT.bat
[2013.01.25 22:23:03 | 000,642,377 | ---- | M] () -- C:\Users\Root\Desktop\Unbenannt.PNG
[2013.01.22 18:23:06 | 000,000,076 | ---- | M] () -- C:\Users\Root\Desktop\Cursor_Invisible.swf.url
 
========== Files Created - No Company Name ==========
 
[2013.02.18 19:29:56 | 000,587,671 | ---- | C] () -- C:\Users\Root\Desktop\adwcleaner0.exe
[2013.02.18 16:27:27 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.18 15:41:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.18 15:41:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.18 15:41:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.18 15:41:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.18 15:41:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.17 18:57:59 | 000,002,348 | ---- | C] () -- C:\Users\Root\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.02.17 18:53:18 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.02.17 17:59:32 | 000,044,914 | ---- | C] () -- C:\Users\Root\Desktop\logs.zip
[2013.02.17 13:27:18 | 000,374,784 | ---- | C] () -- C:\Users\Root\Desktop\GMER_2.1.18952.exe
[2013.02.17 13:10:53 | 000,000,000 | ---- | C] () -- C:\Users\Root\defogger_reenable
[2013.02.17 12:47:09 | 000,050,477 | ---- | C] () -- C:\Users\Root\Desktop\Defogger.exe
[2013.02.16 21:50:44 | 000,537,171 | ---- | C] () -- C:\Users\Root\Desktop\FTB_Launcher.exe
[2013.02.12 20:36:34 | 000,000,872 | ---- | C] () -- C:\Users\Root\Desktop\InVisible.bat
[2013.02.09 14:14:12 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2013.02.09 14:14:12 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.02.09 14:14:12 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2013.02.09 14:14:12 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.02.09 14:14:12 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2013.02.09 14:14:12 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2013.02.06 16:05:14 | 000,000,762 | ---- | C] () -- C:\Users\Root\Desktop\desmume.ini
[2013.02.06 15:48:18 | 000,001,536 | ---- | C] () -- C:\Users\Root\Desktop\NO$GBA.INP
[2013.02.05 20:31:13 | 000,116,370 | ---- | C] () -- C:\Users\Root\530033_335463309876823_1442398377_n.jpg
[2013.02.05 14:59:22 | 000,075,378 | ---- | C] () -- C:\Users\Root\Documents\poke1.SNA
[2013.02.05 14:38:37 | 000,170,646 | ---- | C] () -- C:\Users\Root\Desktop\NO$GBA.EXE
[2013.02.05 14:34:51 | 000,065,536 | ---- | C] () -- C:\Users\Root\Desktop\Pokemon - Smaragd-Edition (G).sav
[2013.02.05 14:32:14 | 016,777,216 | ---- | C] () -- C:\Users\Root\Desktop\Pokemon - Smaragd-Edition (G).gba
[2013.02.05 14:32:09 | 000,002,019 | ---- | C] () -- C:\Users\Root\Desktop\vba.ini
[2013.02.04 16:42:02 | 000,301,989 | ---- | C] () -- C:\Users\Root\Desktop\slot machine.exe
[2013.02.04 16:41:32 | 000,000,259 | ---- | C] () -- C:\Users\Root\SciTE.session
[2013.02.04 16:40:29 | 000,000,570 | ---- | C] () -- C:\Users\Root\Desktop\slot machine.au3
[2013.02.04 15:56:37 | 000,002,779 | ---- | C] () -- C:\Users\Public\Desktop\GBA Pokemon Game Editor.lnk
[2013.02.02 12:50:05 | 000,001,178 | ---- | C] () -- C:\Users\Root\Desktop\TERA-Launcher.exe - Verknüpfung.lnk
[2013.01.31 18:33:37 | 000,000,384 | ---- | C] () -- C:\Users\Root\Desktop\OperaPassView.cfg
[2013.01.31 18:21:07 | 000,014,874 | ---- | C] () -- C:\Users\Root\Desktop\OperaPassView.chm
[2013.01.31 13:11:11 | 000,000,681 | ---- | C] () -- C:\Users\Root\Desktop\Flyff.lnk
[2013.01.28 20:45:58 | 011,040,791 | ---- | C] () -- C:\Users\Root\Desktop\SciLorsGrooveshark.comDownloaderV0.4.9.7.zip
[2013.01.28 10:38:15 | 127,061,846 | ---- | C] () -- C:\Users\Root\Desktop\Uplink Source.rar
[2013.01.27 15:31:24 | 000,011,326 | ---- | C] () -- C:\Users\Root\Desktop\lastlogin-decoder.jar
[2013.01.26 23:09:24 | 000,000,342 | ---- | C] () -- C:\Users\Root\Desktop\RECONNECT.bat
[2013.01.25 14:04:12 | 000,642,377 | ---- | C] () -- C:\Users\Root\Desktop\Unbenannt.PNG
[2013.01.22 18:23:07 | 000,000,076 | ---- | C] () -- C:\Users\Root\Desktop\Cursor_Invisible.swf.url
[2013.01.20 15:40:48 | 000,413,696 | ---- | C] () -- C:\Users\Root\Desktop\Champion Picker.exe
[2012.12.05 14:11:15 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2012.11.14 20:57:50 | 000,004,466 | ---- | C] () -- C:\Users\Root\hallway_640x360 - Kopie.jpg
[2012.11.14 20:56:18 | 041,122,986 | ---- | C] () -- C:\Users\Root\hallway_640x360 - Kopie.mp4
[2012.11.09 19:00:55 | 000,000,600 | ---- | C] () -- C:\Users\Root\AppData\Local\PUTTY.RND
[2012.10.30 18:59:03 | 000,001,456 | ---- | C] () -- C:\Users\Root\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.10.30 14:48:05 | 000,000,600 | ---- | C] () -- C:\Users\Root\AppData\Roaming\winscp.rnd
[2012.10.14 13:45:33 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.10.08 17:52:28 | 000,854,510 | ---- | C] () -- C:\Users\Root\NHC106.rar
[2012.10.07 18:19:49 | 000,000,218 | ---- | C] () -- C:\Users\Root\.recently-used.xbel
[2012.10.05 20:24:34 | 000,003,584 | ---- | C] () -- C:\Users\Root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.24 14:17:33 | 000,000,046 | ---- | C] () -- C:\Windows\sys2-6scan.ini
[2012.09.24 14:15:25 | 000,001,489 | ---- | C] () -- C:\Windows\swfscanner.INI
[2012.08.27 21:00:50 | 000,000,132 | ---- | C] () -- C:\Users\Root\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.08.27 15:42:53 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.07.14 20:51:23 | 3999,925,254 | ---- | C] () -- C:\Users\Root\Client1.7.0.586601.7z
[2012.07.05 18:11:44 | 000,084,226 | ---- | C] () -- C:\Users\Root\AppData\Roaming\icarus-dxdiag.xml
[2012.07.03 14:53:32 | 000,000,484 | RHS- | C] () -- C:\Users\Root\ntuser.pol
[2012.07.03 14:16:11 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.07.03 13:41:18 | 000,000,197 | ---- | C] () -- C:\Users\Root\SecurityKISSTunnel.config
[2012.06.25 13:15:12 | 000,000,000 | ---- | C] () -- C:\Users\Root\SET
[2012.04.17 14:45:39 | 000,007,603 | ---- | C] () -- C:\Users\Root\AppData\Local\Resmon.ResmonCfg
[2012.04.04 16:25:41 | 000,000,337 | ---- | C] () -- C:\Windows\WPE PRO - modified.INI
[2012.03.16 20:06:31 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.16 20:06:26 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\Pbsvc.exe
[2012.03.16 20:06:26 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.10 00:09:07 | 001,597,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.09 22:32:26 | 000,017,408 | ---- | C] () -- C:\Users\Root\AppData\Local\WebpageIcons.db
[2012.03.09 20:14:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.29 12:40:20 | 000,000,018 | ---- | C] () -- C:\Users\Root\abbrev.properties
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.27 16:22:54 | 000,014,905 | ---- | C] () -- C:\Users\Root\au3abbrev.properties
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.17 18:40:30 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\.minecraft
[2012.06.05 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\.minecraft - Kopie
[2012.06.10 12:10:38 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\.minecraft - Kopie (aeter)
[2012.09.09 12:01:46 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\.Nitrous
[2013.01.22 20:25:21 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\.purple
[2012.05.12 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\.spoutcraft
[2012.08.26 18:12:26 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\.tshock
[2012.12.05 14:11:15 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Apowersoft
[2012.05.12 22:01:12 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\AtomZombieData
[2012.05.12 21:47:32 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Braid
[2012.10.14 13:45:34 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Broken Rules
[2012.03.21 15:23:55 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.08.12 01:32:08 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Crayon Physics Deluxe
[2012.04.10 19:03:32 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Dev-Cpp
[2012.04.08 13:31:02 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\dll-files.com
[2013.02.18 19:26:09 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\DVDVideoSoft
[2012.09.08 16:43:38 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Enterbrain
[2012.04.01 21:26:18 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Faerie Solitaire
[2012.05.29 12:43:44 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\FORGE.minecraft
[2012.06.10 16:36:51 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\FreeFLVConverter
[2013.02.16 21:54:20 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\ftblauncher
[2012.12.17 19:09:54 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\GetRightToGo
[2012.10.07 17:07:30 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\gtk-2.0
[2013.02.05 14:35:57 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\ICQ
[2012.08.30 21:20:30 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\ICSharpCode
[2013.01.13 21:04:39 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\iFunbox_UserCache
[2012.11.06 16:02:35 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Leadertech
[2012.03.09 23:38:57 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\LolClient
[2012.05.20 11:44:59 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\LolClient2
[2012.07.29 22:11:01 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\LolMatches Client
[2012.11.09 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\MySQL-Front
[2012.03.28 12:32:39 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Nicalis
[2012.10.14 10:23:03 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Nifflas
[2012.06.03 19:22:08 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Notepad++
[2012.04.20 19:57:28 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\OpenOffice.org
[2012.03.09 20:16:58 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Opera
[2012.12.01 14:17:52 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Origin
[2012.05.10 15:40:37 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\PE Explorer
[2013.02.16 19:27:56 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Play withSIX
[2012.10.07 12:48:27 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Psi
[2012.03.23 20:13:34 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Publish Providers
[2012.11.09 14:32:57 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Rainmeter
[2012.09.03 14:19:17 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\redsn0w
[2013.01.13 21:08:11 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\SharePod
[2012.09.15 21:14:39 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\six-zsync
[2012.07.03 14:38:39 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Sonarca Sound Recorder Free
[2012.06.09 18:53:17 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Sony
[2013.01.03 14:29:32 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Sony Creative Software Inc
[2012.09.15 15:41:23 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\SPORE
[2013.02.18 19:28:48 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Steganos
[2012.03.15 19:16:15 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\TeamViewer
[2012.10.05 20:12:13 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\TechSmith
[2012.04.29 20:46:49 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Teeworlds
[2013.02.18 15:50:08 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\TS3Client
[2013.02.16 19:21:55 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\ts3overlay
[2013.02.16 19:21:55 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\ts3overlay_hook_win64
[2012.06.05 19:15:16 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\TunkDesign Inc
[2013.01.01 01:12:24 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\uTorrent
[2012.05.21 10:24:15 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\wargaming.net
[2012.04.04 16:51:46 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\Wireshark
[2012.12.16 13:23:13 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\WNR
[2012.06.02 21:53:09 | 000,000,000 | ---D | M] -- C:\Users\Root\AppData\Roaming\WorldPainter
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 18.02.2013, 20:43   #22
ryuk
 
Programme brauchen lange zum starten - Standard

Programme brauchen lange zum starten



extras
Code:
ATTFilter
OTL Extras logfile created on: 17.02.2013 13:15:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Root\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 69.92% Memory free
15.96 Gb Paging File | 13.73 Gb Available in Paging File | 85.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 201.81 Gb Free Space | 54.16% Space Free | Partition Type: NTFS
Drive D: | 540.23 Gb Total Space | 157.66 Gb Free Space | 29.18% Space Free | Partition Type: NTFS
Drive E: | 100.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SYSTEMROOT | User Name: Root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files (x86)\Photoshop\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files (x86)\Photoshop\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0439A57E-F778-434A-ADAA-3C1E8D6444BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C739BDD-93C2-4691-A888-4C9EA63B56FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{15990194-2BD8-4156-893C-E070592F2800}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1C0FF142-4BB7-4AAD-B267-2122BB975023}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{246A3150-1CAC-4CC3-ADE4-F0D5F8C3F178}" = rport=138 | protocol=17 | dir=out | app=system | 
"{36A5B7F2-26D8-447E-B308-9AB1E8C8425D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3AAF451F-E979-4023-B46A-56E9EFB7E55F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3BA9C3CD-5A50-458E-A769-67D4D0AE8C97}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{426BF746-6B16-4DBC-A361-2208539F2B07}" = lport=56567 | protocol=6 | dir=in | name=pando media booster | 
"{44D69EF4-6FD8-4FDA-9DB7-56D03AE9A3D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4A5219B3-C197-49A4-84E3-7D69D2080933}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4FAAC0B8-7C61-44B4-9EFB-66E21A1BF560}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{58FF5002-CCC7-4EE5-A58F-440E1D2CD11C}" = lport=3074 | protocol=17 | dir=in | name=aw3 | 
"{5BB322C6-43FF-4BD4-AAFD-D4C11116BE6F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5CA8AEA8-E477-45E4-80AA-63F8AF955B56}" = lport=139 | protocol=6 | dir=in | app=system | 
"{66BADAFC-86BB-430E-97D8-7FD850FE535F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{68A12417-7938-42EB-B3F1-F8A2E50DB488}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6D02405C-0A5B-497F-A6E3-B40F21A9F91B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{70B7BE5A-C154-4433-AE75-ABC4B6926F8C}" = lport=56567 | protocol=6 | dir=in | name=pando media booster | 
"{72E3EC6D-84C8-484D-AECF-0EFCB22B6B69}" = lport=123 | protocol=17 | dir=in | name=udp | 
"{7701055E-C72C-4C49-BBA2-AB6F7C517FDA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{89A3BF0E-902F-4609-A159-4CD68E96B777}" = rport=3074 | protocol=6 | dir=out | name=aw34 | 
"{91B900E0-FCC2-480F-8B3A-2FABE9BCFC1E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{92646C34-B24D-4F6B-A70A-F122058E92CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{96723A7F-931C-48B5-B574-4321AA0DC8A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9EBB3907-3AC6-44B9-9B22-6117339D14DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A06BC328-3F9C-4023-A29E-7725ECD11C24}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A171F65D-CCFE-4704-B59F-95402CF4877A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{A28CC37E-703F-46D7-8F9C-D8A305D18B47}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A670E57B-53FD-464D-92DB-CB988307E582}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC650E14-C489-46D5-B758-1ECE644F5643}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B043957F-210C-4A74-9549-82F1C60DB689}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C6599D56-E95C-41D9-833B-D942DE87C79B}" = lport=3074 | protocol=6 | dir=in | name=aw | 
"{CD854E81-83CB-47CA-AFDE-A43F58201741}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DE2E87DC-9965-4539-A1AB-AC391FAFBA49}" = lport=56567 | protocol=17 | dir=in | name=pando media booster | 
"{E18C69C3-A85B-4EE3-8905-A609A2C7BEEE}" = lport=7777 | protocol=17 | dir=in | name=terraria2 | 
"{E22EEE62-11B3-4306-B6C4-453414823BD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E6594A62-D678-4ECB-8714-73E0E4AD5065}" = rport=3074 | protocol=17 | dir=out | name=awe | 
"{F0BA44E2-A92B-40EE-B812-3B26A5C62E71}" = lport=7777 | protocol=6 | dir=in | name=terraria | 
"{F344232C-0225-474B-BA1D-2F110B3B3703}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F5A75B57-7CEE-4E7D-8AB6-34E02F2DB317}" = lport=56567 | protocol=17 | dir=in | name=pando media booster | 
"{F9A6003C-8D8D-48A9-BEEA-68F805C5EC8E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FF798233-6E4C-44FB-97E6-A62F76145D0D}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0274CCBF-C0EF-4DAE-B3AD-C43623143CA8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saira\settings.exe | 
"{02873699-CDD4-4758-B49B-B730A5EDB2A6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\ride carnival tycoon\ridecarnivaltycoon.exe | 
"{02BE42B7-F39D-46E5-867D-7A15F1D5F84F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{0446BA9F-F13A-48C4-A59E-769727F4DACE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{05164584-C909-468E-B912-5439E96CF2ED}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead - kopie\expansion\beta\arma2oa.exe | 
"{0540E063-4D65-4C45-9582-9E85F9911AF0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{054A20EB-1EA5-41EE-867B-E027B462D33C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hacker evolution untold\hacker evolution untold.exe | 
"{06F3B063-0AB0-4F9F-B37A-55D0C74B849D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe | 
"{084F3503-ADC1-4665-A8AA-C62B5EDE45C0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{0BC6C1C9-A610-497C-81BC-326EF4B712B2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saira\settings.exe | 
"{0BC89BA2-C427-4591-96F8-9118C257DC57}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm | 
"{0C3BC281-24B5-4F98-A069-CC6708AEF8BB}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{0CEEAEDC-1F0D-4534-88E0-CB8096334542}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0E000579-2885-4D6B-81DB-1465D66482A1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{0E3A6992-4F4B-4DFE-A98A-A4E4585AB345}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\defcon\defcon.exe | 
"{1048DAF6-9B1D-488B-AEA4-F4EB28921E63}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\zombie shooter 2\zombieshooter2.exe | 
"{139B64BB-6A5B-4CFE-ADB2-7F98B1C63EFE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bit.trip runner\runner.exe | 
"{15AE7777-5A42-4BE7-9C49-4E3A24BF500B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\jamestown\jamestown.exe | 
"{17BEE1C1-DAF4-4231-9D2F-E67CAC4F341F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\battlefield 2\bf2.exe | 
"{1B6750C0-529A-465A-9622-283441B5794D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BE5CBB6-D0C6-4CC8-B6D9-DB776F49FAAE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\jamestown\jamestown.exe | 
"{1DA0BABF-F91B-4DFA-B3FA-A321BD166A23}" = protocol=6 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\xampp\apache\bin\httpd.exe | 
"{1F432BAD-31E6-4B29-86E0-308BC5FD9DC8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\cogs\cogs.exe | 
"{200DBFE2-D84D-43A5-AEEE-E1E0B36C21ED}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{21355465-597D-4FBE-B8F4-E3A337D80B01}" = protocol=6 | dir=in | app=c:\users\root\documents\arma 2\expansion\beta\arma2oa.exe | 
"{21980604-4283-4625-A668-E407F86E7226}" = protocol=6 | dir=in | app=d:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | 
"{21C2983D-5837-417B-A08C-658AD38F8D66}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\faerie solitaire\faeriesolitaire.exe | 
"{21D0016D-6B61-4DD2-A62E-1CA07F3E0CD4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{227F3AFA-E2B6-4A3E-B564-C86A9B4623BC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hacker evolution duality\hacker evolution duality.exe | 
"{22CB156C-5DE1-405D-AA8A-8A19C47F432B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{23F929CC-7617-4B44-948C-E36A9C99BE19}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{240820DC-2967-4290-9BD3-AE13152C8098}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bit.trip runner\runner.exe | 
"{249AF563-CB17-41C0-8943-2E67C858A67F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{24DDE494-6D41-4416-8AB9-FECF2AA74956}" = protocol=6 | dir=out | app=system | 
"{25FCB631-FCE3-4F48-A418-D0F911221B8D}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe | 
"{2751B081-8107-4B33-A4FA-437FE8CE2335}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{2791B497-E053-4A6B-A9CE-7DDE84402CC4}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\uplink\uplink.exe | 
"{287C625C-FFDE-43C1-B0C6-65161D571397}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{28AF3830-0CC4-420D-866D-CA559D690C51}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2A9B23B4-E371-436F-B1A3-6AB34A7830DD}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{2AFB23D7-A37B-43F1-82F8-481B50CD93E8}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screen-recording-suite.exe | 
"{2B9A046F-CA88-46E8-8ECE-D5BD67B0357E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{2C8DE4CF-CAA2-4B09-B2F6-0470032AB418}" = protocol=6 | dir=in | app=d:\steam\steamapps\itsme258\counter-strike source\hl2.exe | 
"{2D67AE1B-D65C-4756-AEC0-24E3A4CB8EDE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\machinarium\machinarium.exe | 
"{2F257971-ECCA-4991-B8CE-B408B64F3A66}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\your doodles are bugged!\yourdoodlesarebugged.exe | 
"{3172A4A5-E90A-4D90-9AD9-25EBD86F88F0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{31818FA2-2D31-4F7C-A88E-F800945ECA18}" = protocol=17 | dir=in | app=d:\program files (x86)\tera - kopie\tera-launcher.exe | 
"{319AD6FA-9797-47E0-905D-27925D9AC5ED}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{33A3136C-3B6E-4698-BE73-9C897CD62AEA}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{3708D12F-AC79-4979-ADA6-CB3885D6003F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\cogs\cogs.exe | 
"{370EAFD5-FF2A-458B-98CE-BAEB15D8D3FD}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\nightsky\nightsky.exe | 
"{37CEC898-1F36-4C89-95B7-180477463700}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{384E26BB-44AC-4570-B779-1A91F6D47F91}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\defcon\defcon.exe | 
"{387F1DDB-105B-423F-827B-D5FB0F59D376}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{39FC0F17-DAB8-4677-9694-644394C64086}" = protocol=17 | dir=in | app=c:\program files (x86)\psi\psi.exe | 
"{3A51AC3A-5A52-4E7F-8D10-A545E1534E75}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\osmos\osmos.exe | 
"{3BB1AFEA-3ABF-43A3-984B-3E7746085AF7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{3ED25736-684F-4A39-B55C-65579AAF43CF}" = protocol=6 | dir=in | app=d:\steam\steamapps\itsme258\garrysmod\hl2.exe | 
"{41919680-A0DC-4F52-AD6F-40678429F295}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{43789E1B-EDD0-4D8A-A56C-9E9C9BEBC8DC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{467B3ECD-4124-444C-944E-66864B557577}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{488DC317-A2B0-4B7C-AF58-DB9CD2FDE4E3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hacker evolution duality\hacker evolution duality.exe | 
"{4895AA1C-F7DD-4EDC-A17C-DC057159567D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe | 
"{490F62D2-3079-4180-91E6-8D6EAEE93836}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{4961BDF0-5746-4BE9-BEC3-6B37996896AF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{497FED08-46D7-418F-B1CA-003CEF2144C1}" = protocol=17 | dir=in | app=d:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | 
"{4AFAA329-7487-4158-B4D4-3744475B803D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{4CED581B-8585-462A-BEA2-EB731F3502D7}" = protocol=17 | dir=in | app=d:\program files (x86)\tera\tera-launcher.exe | 
"{4D3C088F-BF8C-481C-BD0F-7F8F8F2E6E25}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{4EF24508-0EA9-4B8B-9A18-5F84379EF3B2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\terraria\terraria.exe | 
"{512D2596-B52F-4F0B-AE7D-352ECA8D6CEE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{5131F2B3-17C0-4FCC-B16C-D0CD38BC1916}" = protocol=17 | dir=in | app=d:\origin\crysis 3 mp alpha\bin32\crysis 3 mp alpha.exe | 
"{52DE77F2-7131-43D3-B203-99035D25D0A2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{53949BC2-259F-46CB-AFB8-1098A65C95A7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\terraria\terraria.exe | 
"{5464C83D-C7F0-413E-85F8-277794558A25}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{55B158C1-3C47-45CF-BFAC-ECE3A1C02612}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{55F63C71-1D2C-4AE3-BF08-D4969128802D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\rainbow six vegas\binaries\runme.exe | 
"{561DF159-55A4-46E0-96B1-12511B0E285A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{565BA135-3765-44E1-A966-A921D584F010}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\machinarium\machinarium.exe | 
"{56BBBBD2-5D23-4643-AEF9-A165C8C512CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5750FD25-5E81-43A7-983F-633DBADF7519}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bully scholarship edition\bully.exe | 
"{57B7CCCE-E4DF-41EA-B105-FCA9A37041FD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe | 
"{58FE3854-2650-457E-B7CC-70B646A40AA5}" = protocol=6 | dir=in | app=d:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"{591804B4-5717-4D1B-A363-5A2E738E24A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{593417F8-9776-423A-87E2-A0B9E54E3DAC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5C32207F-BCA5-4248-8C6C-0438B4369AEE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\frozen synapse\frozensynapse.exe | 
"{5C6F9509-9DF9-4869-A545-444A5D3C2247}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hacker evolution duality\hacker evolution duality.exe | 
"{5CAFCD08-66FF-412D-AA54-72355B653527}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5CF52534-846E-4BBE-A1DD-9C39CB514F2F}" = protocol=6 | dir=in | app=c:\program files (x86)\warmux\warmux.exe | 
"{5DA17866-E9DB-4057-AE48-79C9BFC13811}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\srtool~1\dtuser.exe | 
"{5EC7DDE5-188B-4DA7-BD14-1612DF7AF7D0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{5EFB52E4-DD5F-4A0A-BFE6-B18712652535}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{614D22AB-AA47-4E48-99FF-44182462E4FD}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{61BD5734-F0E5-4E0C-B410-F7DC1BFE17BC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6379ACB9-FBFB-45E3-85C9-E4783A4198D0}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"{65AD1F77-8FDC-4378-AAC5-4B2E2ED364F5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\mafia\setup.exe | 
"{65C35695-D5A5-4B60-A1EB-847C9CB2A174}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\eets\eets.exe | 
"{6670EBE3-9EF3-4FAE-A05B-7260E36BA31F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\mafia\setup.exe | 
"{66A56320-3215-4A2D-9ADB-BA97EFA95A9E}" = protocol=6 | dir=in | app=d:\steam\steamapps\itsme258\bloody good time\bgt.exe | 
"{66B6AEE2-AE50-4B65-B3C8-D9ADB238977E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saira\saira.exe | 
"{6C4ED7D7-C7B0-4EBA-8F3D-08C0AB33C947}" = protocol=6 | dir=in | app=c:\program files (x86)\psi\psi.exe | 
"{6C5AFF04-2871-428B-ABA9-B1ACF7F21955}" = protocol=17 | dir=in | app=d:\origin\battlefield 3\bf3.exe | 
"{6DE5843F-B96F-4C1B-AD42-D6EEE96BA45B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saira\saira.exe | 
"{6FE8A48E-E348-4B95-8D7A-ABF2FC670936}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{70EB797D-7F94-49A1-9663-79042AA36BAA}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{72180012-25A7-49B1-AA22-20D6A1010D5F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{73FA75B6-FB39-4DD1-B4BE-C83A7BAB6DE8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{74C3554E-4B01-4C24-BBDC-9BCB08052BB5}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"{75484A20-8F89-42BD-9D98-137159F46AE6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7723FB12-E561-40A3-AB67-ADEDC964D6DC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{78C56B9E-24FB-4811-BD4F-E39B05F514CE}" = protocol=6 | dir=in | app=c:\users\root\appdata\local\play withsix\tools\mingw\bin\rsync.exe | 
"{797225E3-667A-404D-AF1D-B271F9768A68}" = protocol=6 | dir=in | app=c:\program files (x86)\proxy switcher standard\proxyswitcher.exe | 
"{79B09B81-488E-4289-BEDE-5748C943EC53}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{7ABCF600-E3D0-4F3D-9A17-4C36A06B6D92}" = protocol=17 | dir=in | app=c:\users\root\appdata\local\play withsix\tools\mingw\bin\rsync.exe | 
"{7BC28C8C-39E3-4B03-BACB-78B0759D5176}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\uplink\uplink.exe | 
"{7C5665A1-9CB9-45BF-998E-23756649E33C}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{7F631A5E-2075-4888-AE9E-B02A7951CC78}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{8046C012-ADF8-4B90-BDD0-02BCF042CC1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8096F998-A83C-4834-B729-4D1F1ABD567D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\mafia\game.exe | 
"{8194F9F6-0926-47EA-AC2A-1553FFE06D22}" = protocol=17 | dir=in | app=c:\program files (x86)\proxy switcher standard\proxyswitcher.exe | 
"{82BB46DB-F50B-4A63-9953-FF2295C8C1A3}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{85EA01FB-F058-4BA9-ABC3-20DF7E995186}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{87E5AC28-B569-4EB7-924E-C4D353C64BAC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hacker evolution untold\hacker evolution mod editor.exe | 
"{88AE57C2-71A5-4EFD-96EF-2ADC13CCC97C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\darwinia\darwinia.exe | 
"{895297F0-EF68-49B1-84A2-66FD017342C2}" = protocol=58 | dir=in | app=system | 
"{8AC21160-3F15-4D90-9A72-6C587695938C}" = dir=in | app=%programfiles%\securitykiss tunnel\securitykisstunnel.exe | 
"{8CAB0B54-73A3-4E81-9394-D957756AC31A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{8D5E0AF5-44AE-4A57-8249-0B08C1C211FE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\battlefield 2\bf2.exe | 
"{8D9C7953-1059-4E7F-8C26-70CDCF243B1D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe | 
"{8E158EC7-C5D3-4170-9479-F55ED7E2E56A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8F2A93DE-3680-47F2-A377-5A26B77CB014}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{8F72D7C5-9977-4847-A40E-DBE339F1F666}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screenrecordingsuite.exe | 
"{8FDCDA0F-9DA6-46EA-9CFB-85E9F4A63B38}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"{91800F63-E427-4386-8A76-993C95777C64}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{921AA8A4-ADC0-4594-94D8-99BF1E824B1E}" = protocol=6 | dir=in | app=d:\origin\battlefield 3\bf3.exe | 
"{94EB04DE-A984-4C7C-8051-861603EFA1FF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{952569F5-0B34-4A4E-B336-55BE75ED3DF3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\frozen synapse\frozensynapse.exe | 
"{96C48538-BEAD-4E6C-9B2B-84370D33C7AA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\swordsandsoldiershd\swords and soldiers launcher.exe | 
"{96F9B6FC-0C6E-4BD9-A3AC-7E3B922CC43B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{979DC9A2-3269-4941-B959-793BA73EDC3F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hacker evolution untold\hacker evolution untold.exe | 
"{98655337-2A8E-473F-AC57-6D7B27C9E313}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"{9976243F-A53F-4FC3-B3F5-DEEC1FBB8269}" = protocol=6 | dir=in | app=d:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{9B1E943C-F360-4431-8E45-371E714309E8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{9C104835-7AEE-4736-B2A8-52B8F73DE8D7}" = protocol=17 | dir=in | app=c:\users\root\documents\arma 2\expansion\beta\arma2oa.exe | 
"{9C45355C-2EFD-4C03-82AD-59FF82FF0627}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"{9C5DE694-0B5D-4338-87DF-3D8EBE79007C}" = protocol=17 | dir=in | app=d:\steam\steamapps\itsme258\bloody good time\bgt.exe | 
"{9C645DEA-05FE-41CD-8C4E-2B0AC820B04A}" = protocol=6 | dir=in | app=d:\program files (x86)\tera\tera-launcher.exe | 
"{9C70D444-ABFA-4C75-A780-424A6BA55BDD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\and yet it moves\and yet it moves.exe | 
"{9CB7CA17-6F5D-406D-8653-D854FB20F8AF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sega classics\segagenesisclassics.exe | 
"{9D8938EA-94CB-4B93-9AFD-4BEDCE9FFBC8}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"{9EB463DB-0D25-4166-BC01-078D9580912C}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{A1A66095-0796-4112-80E9-C52435B2E5ED}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{A4D4C1A4-3677-4F1E-84F0-3F9AA77AF80C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\swordsandsoldiershd\swords and soldiers launcher.exe | 
"{A52F0F25-CD48-4BD9-9172-C7AB9C269343}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{A5B96BFF-880B-46F5-B015-13B735056AB0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A8B5728D-2C4E-41AF-B3F2-DFB8F077027D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{A93541B9-EDA1-4C6A-A2D3-40D4F558D6B0}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe | 
"{AB634519-1CC7-4069-8751-5680330A0EB0}" = protocol=6 | dir=in | app=d:\origin\crysis 3 mp alpha\bin32\crysis 3 mp alpha.exe | 
"{AC904FE9-43BC-416D-AF09-86CFE7C4B3BF}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{AF913184-4EF0-4280-9E30-8C18DF78F4B4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B0109AC3-B436-49AD-8683-82C5950D3B82}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B22C988F-A4D2-4D45-909D-30AC6607B00A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B28C091F-428B-4A66-9F33-7D08B0643FCC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\your doodles are bugged!\yourdoodlesarebugged.exe | 
"{B421A1C2-9926-4EAF-BDDE-BE2677C7C9D3}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{B42E3CE4-2214-427D-9E8A-3A09B71329F8}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"{B4AC15D8-AB96-4830-B9CE-79352EEEF1ED}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe | 
"{B55DE12C-BE78-4264-8E5E-7E95791F2F3C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{B7086384-7F29-4E2F-8E7C-0F80A8343DCC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{B756E767-4171-4B17-B875-87D352C38D3E}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"{B83353EB-124E-44F6-8DD0-258B66A11CE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B862A80B-2429-4C03-AF5D-128DA7C1F68F}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe | 
"{BC57D389-C9C6-49B3-91C2-549C518C2CC8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{BE370A41-1FE4-48F6-B24F-0776A5C52F64}" = protocol=17 | dir=in | app=c:\program files (x86)\warmux\warmux.exe | 
"{C0AF0DA5-B2FD-4ECA-A893-2BFEB6FAC6CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C287C26B-A828-43E6-A109-A21944FE1193}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe | 
"{C2FE0BC6-A231-4831-9E10-66B5626A678A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\zombie shooter\zombieshooter.exe | 
"{C3E99012-F322-4CCA-BD4B-11D669B345D6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hacker evolution untold\hacker evolution mod editor.exe | 
"{C43740AB-82D5-474B-ABDC-53E952B17C94}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\srtool~1\dtuser.exe | 
"{C4FD8624-AAAA-4752-BD3A-CAE65D5E2556}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{C64FE86C-8B9F-4741-8C28-35619CF386B7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\and yet it moves\and yet it moves.exe | 
"{C845F630-D897-4880-AECD-BEEA8EDCDD00}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{C8A300E2-7BC3-4687-BC8C-1F6E93D20F58}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\eets\eets.exe | 
"{C9505DA9-4693-47D6-8BBF-5559938E7CBC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{CA161B75-23B7-4D38-AC64-76B357D3C586}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\zombie shooter 2\zombieshooter2.exe | 
"{CA1BBBDE-C1FB-410D-86F1-602413C4CF90}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe | 
"{CB0DD9CB-A5EF-43FD-8494-B4D29920B04B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{CB694EE8-F9E4-457B-AC4B-5496AAB4FCF2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{CC28745C-4F89-44BD-A72A-A99541D49F71}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CC6AFBCB-9225-400A-AD30-9FC3442771FC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{CD1D1AF8-3712-46C6-9A44-6CA084DA671D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\mafia\game.exe | 
"{CE1EA41F-57CD-4385-A709-93E71286B8D7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sega classics\segagenesisclassics.exe | 
"{D0975BC7-419A-4B66-B7AB-8519E427E227}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{D0A8F65D-2EDC-482E-8037-7D0654470FE8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D238AD07-256D-4C33-B1D5-0575C91723C9}" = protocol=17 | dir=in | app=d:\steam\steamapps\itsme258\counter-strike source\hl2.exe | 
"{D28478C4-4579-48C8-9ACC-27639815215C}" = protocol=17 | dir=in | app=d:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"{D490CC74-24CE-46BE-A26D-203F7EAC22B5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{D4D29440-5DF9-4740-9CA5-1747F3A5C78F}" = protocol=17 | dir=in | app=d:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{D645ACB6-6F44-4730-9A73-B8C5E7B4AF86}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{D6E2FD80-A852-4768-B8A9-38AEEF87AA5D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{D7E98BE2-A6EC-4A1F-9EF6-9DA61B279117}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"{D8AA2460-C10E-48B3-AC1E-F19048AE28EE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\faerie solitaire\faeriesolitaire.exe | 
"{D90AB94E-C040-464B-A2D2-E6A4CBBAD4A6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\rainbow six vegas\binaries\runme.exe | 
"{DAAD5E21-EB2B-4ADB-9F04-422A3F53800F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DBB4C754-21B4-402F-BC3C-A06F68DACCCF}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"{DC1C45C0-AD79-4B67-9182-3FB2B27DD6CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCE318CC-D9A9-43E5-A101-89CBC41EDE7B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DEA3E19C-C26D-4A32-9C9B-D9314531CE1A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{E0E70AD8-D280-458B-BF3A-DEB6AC7D8CCD}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{E23405B1-61FC-4823-BB7B-62F9FEC3715B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bully scholarship edition\bully.exe | 
"{E3BF47D2-1BDC-48E9-A461-564D541614DF}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{E4331CD0-A6EB-4FCC-9BDD-44B5E6E8A11D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead - kopie\expansion\beta\arma2oa.exe | 
"{E51FBF71-9621-40F6-AC37-06E25AEC39BF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe | 
"{E7129F65-5BF3-41DA-B7FD-CF0817C8AAEE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{E7EB217C-A5C9-4368-B764-6456E5D44712}" = protocol=6 | dir=in | app=d:\program files (x86)\tera - kopie\tera-launcher.exe | 
"{EA034642-E35F-410A-A8DB-8A31F0E01EDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EB146ED6-628E-413D-B40E-0298F5C32F50}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\zombie shooter\zombieshooter.exe | 
"{EB874236-3166-4518-9568-D28A2602F624}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{ED218D14-E3A3-4691-82D4-C4B684E9A272}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe | 
"{EDFF83CD-2D07-4E44-98F5-AEB60D47D817}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\darwinia\darwinia.exe | 
"{EE7DB023-80C7-46E0-953D-1F8D2C6F5846}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{EFF1DC77-9A45-42BC-849C-84D01BCFDA44}" = protocol=17 | dir=in | app=d:\steam\steamapps\itsme258\garrysmod\hl2.exe | 
"{F19410E4-E27D-42D9-BDB2-3E6C53336468}" = protocol=17 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\the real shit\xampp\xampp\apache\bin\httpd.exe | 
"{F1A01D61-31AB-4EEE-BC53-0968C27372CF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F32444E7-D95F-4E32-8DC2-784E2173800B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hacker evolution duality\hacker evolution duality.exe | 
"{F386A3DD-CA19-413F-84C6-71D19273F7E3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F3ACFEF1-B99C-429C-94A4-FECB83F37C9E}" = protocol=17 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\xampp\apache\bin\httpd.exe | 
"{F401CFAD-02B6-4148-9483-E7F3FECAAEFB}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{F628FC0B-A4BA-473B-89E3-3BBBA9204241}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\ride carnival tycoon\ridecarnivaltycoon.exe | 
"{F6437B0A-BD07-45D2-96D6-276345F4131B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm | 
"{F7EFC87E-6470-434D-B6FB-D14BBC48B2D9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{F81EA130-EE3A-4A1D-BA76-DD0EF32ABEBF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\osmos\osmos.exe | 
"{F86E60AC-1D41-4774-8855-DD6DDE96AC65}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F89A9FCB-93AA-4B53-BDC2-0D0A77672D2E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\nightsky\nightsky.exe | 
"{FDBEF573-D3EB-488D-A262-A589DFFD7DC1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{FE44B46B-0B35-4373-9E4B-BEB32D54B65C}" = protocol=6 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\the real shit\xampp\xampp\apache\bin\httpd.exe | 
"{FF310BA4-F045-437C-ABBF-A44FF358C6FA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{FF851D28-B99A-49DE-8C9F-77B9D9D32BE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{1075CD2D-A097-4677-A315-2BA980D0998C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{18380749-5BB4-4F38-8993-88FF8A572BC7}C:\program files (x86)\psi\psi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\psi\psi.exe | 
"TCP Query User{29DE6719-C246-40C3-8A4C-C4E31B467E99}C:\users\root\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\root\documents\arma 2\expansion\beta\arma2oa.exe | 
"TCP Query User{2E68FD53-87D8-440F-AF39-74ECC5DA7E85}C:\users\root\desktop\all the shit\moar shit\the real shit\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\the real shit\xampp\xampp\apache\bin\httpd.exe | 
"TCP Query User{3854B33A-44BA-4493-887E-96D23FAB951C}D:\steam\steamapps\common\arma 2 operation arrowhead - kopie\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead - kopie\expansion\beta\arma2oa.exe | 
"TCP Query User{3B3CA2D2-7953-48DE-BEDF-E21F6B6CEEDF}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{3D25C8D5-B9E5-4168-983D-20B5E95D9520}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{4134F468-55B4-40BF-AAF0-D373D1F32B7B}C:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe | 
"TCP Query User{4662B24F-93AD-4AFF-ACF8-52E1680F940C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{66B5B9DD-659C-47AE-9862-FCD3667A6170}D:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{7BA52CD0-ACE5-4182-9DBB-043A29011253}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"TCP Query User{7D113FD4-4E4B-4D24-943B-2F51E45D9C22}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe | 
"TCP Query User{83872114-B5CC-42D3-88CB-80804D21226D}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{84591BC8-D755-4DE5-9E2F-C21479C0EC5D}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{958AC8B0-9F18-4077-A498-1F20CA9C1CAC}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{97046C55-237D-49AA-9AFC-BC002FB16831}D:\program files (x86)\tera - kopie\tera-launcher.exe" = protocol=6 | dir=in | app=d:\program files (x86)\tera - kopie\tera-launcher.exe | 
"TCP Query User{C7E7ACB1-B222-43C6-A297-680EC01095E9}C:\users\root\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=6 | dir=in | app=c:\users\root\appdata\local\play withsix\tools\mingw\bin\rsync.exe | 
"TCP Query User{CED1292D-7F33-4A00-B7C6-E298675342C5}C:\users\root\desktop\all the shit\moar shit\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\xampp\apache\bin\httpd.exe | 
"TCP Query User{D9C86890-97E6-4D21-AD63-5CBCCFCC211F}C:\program files (x86)\warmux\warmux.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warmux\warmux.exe | 
"TCP Query User{DC3F0AC3-1122-4853-8AC0-C885E90D474C}D:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=d:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"TCP Query User{E80510C1-6584-48C3-9B2B-0EB2F3DAC5A6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{EB1F7ADD-4165-4A3E-B47F-A0BCE374A2F1}D:\steam\steamapps\itsme258\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\itsme258\counter-strike source\hl2.exe | 
"TCP Query User{F30A40C9-8B5E-4EBF-845A-43E9AFEB3805}D:\steam\steam.exe" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"TCP Query User{FFF77245-0C75-44DC-BB99-2626A4745483}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe | 
"UDP Query User{008D68AF-2206-430D-A507-F8EE45013D6F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{03C6AA6D-90AE-4D82-9686-7E0402BCF90D}C:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe | 
"UDP Query User{0F7C9701-E03E-48F5-B177-5C61F71BD12E}D:\steam\steam.exe" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"UDP Query User{136C63DA-3D1D-4225-AF27-B489E3FD634E}C:\program files (x86)\psi\psi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\psi\psi.exe | 
"UDP Query User{305085DF-9A30-400B-BA67-0B6815A814E8}C:\users\root\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=17 | dir=in | app=c:\users\root\appdata\local\play withsix\tools\mingw\bin\rsync.exe | 
"UDP Query User{37443BE9-7CEF-440E-A926-C51E185A7DAA}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{39D93847-9B07-4735-A98C-B0D040A1BE25}D:\program files (x86)\tera - kopie\tera-launcher.exe" = protocol=17 | dir=in | app=d:\program files (x86)\tera - kopie\tera-launcher.exe | 
"UDP Query User{42428FC1-ED32-4EAB-B8E0-8597A4CCFEEC}C:\users\root\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\root\documents\arma 2\expansion\beta\arma2oa.exe | 
"UDP Query User{43DF9178-3930-434B-BA96-CD6F5F440577}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"UDP Query User{56D43E4D-D546-4DBC-9C47-C00C2133EF89}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{5FB8585E-BD7F-4770-B65F-98F62B5A2108}C:\users\root\desktop\all the shit\moar shit\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\xampp\apache\bin\httpd.exe | 
"UDP Query User{8A3C7692-A7B3-4964-AF4B-064A5625CEA0}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{994C31C5-37DA-4C63-9C52-DD79F2C05B64}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{9BDF97F3-48B0-46BD-A880-D618627FFF84}D:\steam\steamapps\common\arma 2 operation arrowhead - kopie\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead - kopie\expansion\beta\arma2oa.exe | 
"UDP Query User{9BE41905-27D0-48A7-A589-71D68383FFDA}C:\users\root\desktop\all the shit\moar shit\the real shit\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\the real shit\xampp\xampp\apache\bin\httpd.exe | 
"UDP Query User{A02CA608-B817-4F29-9779-E18E92979897}C:\program files (x86)\warmux\warmux.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warmux\warmux.exe | 
"UDP Query User{ABEE0700-4ADF-4251-A010-78FB04A6BCB1}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe | 
"UDP Query User{C7C203AF-AF35-495C-96A6-77F792294513}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe | 
"UDP Query User{C9E9E2D7-5595-46C5-A10B-CBD5D8DC8B7A}D:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=d:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"UDP Query User{E25D2E04-73A6-4BED-BFA2-73DA2B0A7C79}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{E882B72D-243D-43EC-8485-4CFE7313C5D3}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{ECF2B4A2-70FB-4E67-95A9-846693B534FD}D:\steam\steamapps\itsme258\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\itsme258\counter-strike source\hl2.exe | 
"UDP Query User{EFC09190-1740-493D-A4CD-D11C269E7415}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{FDD5DDC9-478A-4F87-A2C4-EC22C56AFCA3}D:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\program files (x86)\tera\tera-launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"4144-4862-0472-7103" = WorldPainter 0.8.7
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.35
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"SecurityKISS Tunnel_is1" = SecurityKISS Tunnel v0.2.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"WinRAR archiver" = WinRAR 4.11 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15D44296-62E0-4979-BFF5-1E09ABFE49E0}" = DayZ Commander
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C0622F2-2E68-468C-AA43-0CF81D3ACF14}" = Detours Express 3.0
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{42DCB650-F003-4535-A5CD-32AD815CD2DD}" = Play withSIX
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C278A1B-D7CA-4F9D-A74D-CB9866EB137A}" = Steganos Password Manager 2012
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5C5778DB-3E5A-499D-865D-740E67D1F165}" = LogMeIn
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6B2847D2-E3DD-44C0-BAC2-58D12221691F}" = TechSmith Screen Capture Codec
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6BE7495E-8DF1-11E1-BB7D-F04DA23A5C58}" = Vegas Pro 11.0
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DEB7DB-5DDD-456f-AEC6-4D09A2D3A75F}_is1" = Citron 2.5
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{894084B6-BC69-43B7-BF06-B93AECFEA520}" = GameSpy Comrade
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D811B72-D54C-47D9-B14B-1506E5E89B50}" = Crysis®3 MP Alpha
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{ABFBF663-741E-4792-B2E7-04B8E6C0A84B}" = ControlSpy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA61C81A-124F-432D-8042-E32E98A9BE97}" = Detours Express 3.0
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE9C28A5-2098-466E-9F52-1AE9DA155E4F}" = Adobe After Effects CS5.5 Third Party Content
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Süß & Schrecklich Ergänzungs-Pack
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{CB04D8E1-7B9C-4F35-B2E2-E87CBE520805}" = Adobe After Effects CS5.5
"{CB2B4C2B-0805-4E06-873D-CECB046A5BE8}" = Camtasia Studio 8
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5B7B2BB-6B7E-4AD4-9F2F-7CCF2B48AA58}" = Pokemon Game Editor
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 Königs- Edition
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{dd50af03-2381-49ad-933d-7a30a6ca9e33}" = Nero 9 Essentials
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"3ivx MPEG-4 5.0.4" = 3ivx MPEG-4 5.0.4 (remove only)
"4Story_DE_is1" = 4Story DE 3.9.154
"655B116F-5CF5-4376-9A36-9FB163ED609F_is1" = Sonarca Sound Recorder Free 3.8.3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"APB Reloaded" = APB Reloaded
"aTube Catcher" = aTube Catcher
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"AutoHotkey" = AutoHotkey 1.0.48.05
"AutoItv3" = AutoIt v3.3.8.1
"AviSynth" = AviSynth 2.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"bearsharetoolbarguid" = Search-Results Toolbar
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Flare" = Flare 0.6 
"Fraps" = Fraps (remove only)
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Free Video Dub_is1" = Free Video Dub version 2.0.8.504
"Game Booster_is1" = Game Booster 3
"GamersFirst LIVE!" = GamersFirst LIVE!
"GhostMouse_is1" = GhostMouse
"glu" = glu 1.0.22
"GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.93.20
"HijackThis" = HijackThis 2.0.2
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"lavfilters_is1" = LAV Filters 0.50.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySQL-Front_is1" = MySQL-Front
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OnlineControl_is1" = OnlineControl 1.2
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.2.2
"Opera 12.11.1661" = Opera 12.11
"Origin" = Origin
"Password Unmask 2.0" = Password Unmask 2.0
"PE Explorer_is1" = PE Explorer 1.99 R6
"Pidgin" = Pidgin
"ProxySwitcher Standard_is1" = ProxySwitcher Standard
"Psi" = Psi (remove only)
"PSP Video 9" = PSP Video 9 6
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"RPGVXAce_E_is1" = RPG MAKER VX Ace
"RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP
"Sacred Underworld_is1" = Sacred Underworld
"Schriftenbibliothek_is1" = Schriftenbibliothek
"SciTE4AutoIt3" = SciTE4AutoIt3 12/29/2011
"ShiftWindow_is1" = ShiftWindow 1.02
"SpongeBob SquarePants Employee of the Month" = SpongeBob SquarePants Employee of the Month
"StarCraft II" = StarCraft II
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 6100" = Eets
"SWF Scanner" = SWF Scanner
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.0
"VMware_Workstation" = VMware Workstation
"Warmux" = Warmux
"Winspector - Ultimate Windows Spy Utility_is1" = Winspector
"Wireshark" = Wireshark 1.6.6
"World of Warcraft" = World of Warcraft
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"244a1e8693fd9c7e" = Techne
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.02.2013 17:00:02 | Computer Name = Systemroot | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: schtasks.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79da3  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x1630  Startzeit der fehlerhaften Anwendung: 0x01ce0bbf6be54790
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\schtasks.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: a9f894aa-77b2-11e2-8258-c860008cd582
 
Error - 16.02.2013 05:57:50 | Computer Name = Systemroot | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WLIDSvcM.exe, Version: 6.500.3165.0,
 Zeitstempel: 0x4a8b055b  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0xaa0  Startzeit der fehlerhaften Anwendung: 0x01ce0c2c10885adc
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Common Files\Microsoft Shared\Windows
 Live\WLIDSvcM.exe  Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung:
 528c885c-781f-11e2-add2-c860008cd582
 
Error - 17.02.2013 06:47:07 | Computer Name = Systemroot | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.1,
 Zeitstempel: 0x4ba21f5d  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x10d8  Startzeit der fehlerhaften Anwendung: 0x01ce0cfc20f79ef8
Pfad
 der fehlerhaften Anwendung: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 5f544fad-78ef-11e2-803c-c860008cd582
 
[ System Events ]
Error - 17.02.2013 08:17:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "DATA" den Befehl "chkdsk" aus.
 
Error - 17.02.2013 08:18:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
 
Error - 17.02.2013 08:18:52 | Computer Name = Systemroot | Source = Ntfs | ID = 131
Description = Die Dateisystemstruktur auf Volume "D:" kann nicht korrigiert werden.
Führen
 Sie das Dienstprogramm CHKDSK auf Volume "D:" aus.
 
Error - 17.02.2013 08:18:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "DATA" den Befehl "chkdsk" aus.
 
Error - 17.02.2013 08:19:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
 
Error - 17.02.2013 08:19:52 | Computer Name = Systemroot | Source = Ntfs | ID = 131
Description = Die Dateisystemstruktur auf Volume "D:" kann nicht korrigiert werden.
Führen
 Sie das Dienstprogramm CHKDSK auf Volume "D:" aus.
 
Error - 17.02.2013 08:19:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "DATA" den Befehl "chkdsk" aus.
 
Error - 17.02.2013 08:20:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
 
Error - 17.02.2013 08:20:52 | Computer Name = Systemroot | Source = Ntfs | ID = 131
Description = Die Dateisystemstruktur auf Volume "D:" kann nicht korrigiert werden.
Führen
 Sie das Dienstprogramm CHKDSK auf Volume "D:" aus.
 
Error - 17.02.2013 08:20:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "DATA" den Befehl "chkdsk" aus.
 
 
< End of report >
         

Alt 18.02.2013, 20:50   #23
ryuk
 
Programme brauchen lange zum starten - Standard

Programme brauchen lange zum starten



extras
Code:
ATTFilter
OTL Extras logfile created on: 17.02.2013 13:15:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Root\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 69.92% Memory free
15.96 Gb Paging File | 13.73 Gb Available in Paging File | 85.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 201.81 Gb Free Space | 54.16% Space Free | Partition Type: NTFS
Drive D: | 540.23 Gb Total Space | 157.66 Gb Free Space | 29.18% Space Free | Partition Type: NTFS
Drive E: | 100.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SYSTEMROOT | User Name: Root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files (x86)\Photoshop\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files (x86)\Photoshop\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0439A57E-F778-434A-ADAA-3C1E8D6444BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C739BDD-93C2-4691-A888-4C9EA63B56FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{15990194-2BD8-4156-893C-E070592F2800}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1C0FF142-4BB7-4AAD-B267-2122BB975023}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{246A3150-1CAC-4CC3-ADE4-F0D5F8C3F178}" = rport=138 | protocol=17 | dir=out | app=system | 
"{36A5B7F2-26D8-447E-B308-9AB1E8C8425D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3AAF451F-E979-4023-B46A-56E9EFB7E55F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3BA9C3CD-5A50-458E-A769-67D4D0AE8C97}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{426BF746-6B16-4DBC-A361-2208539F2B07}" = lport=56567 | protocol=6 | dir=in | name=pando media booster | 
"{44D69EF4-6FD8-4FDA-9DB7-56D03AE9A3D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4A5219B3-C197-49A4-84E3-7D69D2080933}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4FAAC0B8-7C61-44B4-9EFB-66E21A1BF560}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{58FF5002-CCC7-4EE5-A58F-440E1D2CD11C}" = lport=3074 | protocol=17 | dir=in | name=aw3 | 
"{5BB322C6-43FF-4BD4-AAFD-D4C11116BE6F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5CA8AEA8-E477-45E4-80AA-63F8AF955B56}" = lport=139 | protocol=6 | dir=in | app=system | 
"{66BADAFC-86BB-430E-97D8-7FD850FE535F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{68A12417-7938-42EB-B3F1-F8A2E50DB488}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6D02405C-0A5B-497F-A6E3-B40F21A9F91B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{70B7BE5A-C154-4433-AE75-ABC4B6926F8C}" = lport=56567 | protocol=6 | dir=in | name=pando media booster | 
"{72E3EC6D-84C8-484D-AECF-0EFCB22B6B69}" = lport=123 | protocol=17 | dir=in | name=udp | 
"{7701055E-C72C-4C49-BBA2-AB6F7C517FDA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{89A3BF0E-902F-4609-A159-4CD68E96B777}" = rport=3074 | protocol=6 | dir=out | name=aw34 | 
"{91B900E0-FCC2-480F-8B3A-2FABE9BCFC1E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{92646C34-B24D-4F6B-A70A-F122058E92CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{96723A7F-931C-48B5-B574-4321AA0DC8A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9EBB3907-3AC6-44B9-9B22-6117339D14DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A06BC328-3F9C-4023-A29E-7725ECD11C24}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A171F65D-CCFE-4704-B59F-95402CF4877A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{A28CC37E-703F-46D7-8F9C-D8A305D18B47}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A670E57B-53FD-464D-92DB-CB988307E582}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC650E14-C489-46D5-B758-1ECE644F5643}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B043957F-210C-4A74-9549-82F1C60DB689}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C6599D56-E95C-41D9-833B-D942DE87C79B}" = lport=3074 | protocol=6 | dir=in | name=aw | 
"{CD854E81-83CB-47CA-AFDE-A43F58201741}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DE2E87DC-9965-4539-A1AB-AC391FAFBA49}" = lport=56567 | protocol=17 | dir=in | name=pando media booster | 
"{E18C69C3-A85B-4EE3-8905-A609A2C7BEEE}" = lport=7777 | protocol=17 | dir=in | name=terraria2 | 
"{E22EEE62-11B3-4306-B6C4-453414823BD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E6594A62-D678-4ECB-8714-73E0E4AD5065}" = rport=3074 | protocol=17 | dir=out | name=awe | 
"{F0BA44E2-A92B-40EE-B812-3B26A5C62E71}" = lport=7777 | protocol=6 | dir=in | name=terraria | 
"{F344232C-0225-474B-BA1D-2F110B3B3703}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F5A75B57-7CEE-4E7D-8AB6-34E02F2DB317}" = lport=56567 | protocol=17 | dir=in | name=pando media booster | 
"{F9A6003C-8D8D-48A9-BEEA-68F805C5EC8E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FF798233-6E4C-44FB-97E6-A62F76145D0D}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0274CCBF-C0EF-4DAE-B3AD-C43623143CA8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saira\settings.exe | 
"{02873699-CDD4-4758-B49B-B730A5EDB2A6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\ride carnival tycoon\ridecarnivaltycoon.exe | 
"{02BE42B7-F39D-46E5-867D-7A15F1D5F84F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{0446BA9F-F13A-48C4-A59E-769727F4DACE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{05164584-C909-468E-B912-5439E96CF2ED}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead - kopie\expansion\beta\arma2oa.exe | 
"{0540E063-4D65-4C45-9582-9E85F9911AF0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{054A20EB-1EA5-41EE-867B-E027B462D33C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hacker evolution untold\hacker evolution untold.exe | 
"{06F3B063-0AB0-4F9F-B37A-55D0C74B849D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe | 
"{084F3503-ADC1-4665-A8AA-C62B5EDE45C0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{0BC6C1C9-A610-497C-81BC-326EF4B712B2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saira\settings.exe | 
"{0BC89BA2-C427-4591-96F8-9118C257DC57}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm | 
"{0C3BC281-24B5-4F98-A069-CC6708AEF8BB}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{0CEEAEDC-1F0D-4534-88E0-CB8096334542}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0E000579-2885-4D6B-81DB-1465D66482A1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{0E3A6992-4F4B-4DFE-A98A-A4E4585AB345}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\defcon\defcon.exe | 
"{1048DAF6-9B1D-488B-AEA4-F4EB28921E63}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\zombie shooter 2\zombieshooter2.exe | 
"{139B64BB-6A5B-4CFE-ADB2-7F98B1C63EFE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bit.trip runner\runner.exe | 
"{15AE7777-5A42-4BE7-9C49-4E3A24BF500B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\jamestown\jamestown.exe | 
"{17BEE1C1-DAF4-4231-9D2F-E67CAC4F341F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\battlefield 2\bf2.exe | 
"{1B6750C0-529A-465A-9622-283441B5794D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BE5CBB6-D0C6-4CC8-B6D9-DB776F49FAAE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\jamestown\jamestown.exe | 
"{1DA0BABF-F91B-4DFA-B3FA-A321BD166A23}" = protocol=6 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\xampp\apache\bin\httpd.exe | 
"{1F432BAD-31E6-4B29-86E0-308BC5FD9DC8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\cogs\cogs.exe | 
"{200DBFE2-D84D-43A5-AEEE-E1E0B36C21ED}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{21355465-597D-4FBE-B8F4-E3A337D80B01}" = protocol=6 | dir=in | app=c:\users\root\documents\arma 2\expansion\beta\arma2oa.exe | 
"{21980604-4283-4625-A668-E407F86E7226}" = protocol=6 | dir=in | app=d:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | 
"{21C2983D-5837-417B-A08C-658AD38F8D66}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\faerie solitaire\faeriesolitaire.exe | 
"{21D0016D-6B61-4DD2-A62E-1CA07F3E0CD4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{227F3AFA-E2B6-4A3E-B564-C86A9B4623BC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hacker evolution duality\hacker evolution duality.exe | 
"{22CB156C-5DE1-405D-AA8A-8A19C47F432B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{23F929CC-7617-4B44-948C-E36A9C99BE19}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{240820DC-2967-4290-9BD3-AE13152C8098}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bit.trip runner\runner.exe | 
"{249AF563-CB17-41C0-8943-2E67C858A67F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{24DDE494-6D41-4416-8AB9-FECF2AA74956}" = protocol=6 | dir=out | app=system | 
"{25FCB631-FCE3-4F48-A418-D0F911221B8D}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe | 
"{2751B081-8107-4B33-A4FA-437FE8CE2335}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{2791B497-E053-4A6B-A9CE-7DDE84402CC4}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\uplink\uplink.exe | 
"{287C625C-FFDE-43C1-B0C6-65161D571397}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{28AF3830-0CC4-420D-866D-CA559D690C51}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2A9B23B4-E371-436F-B1A3-6AB34A7830DD}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{2AFB23D7-A37B-43F1-82F8-481B50CD93E8}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screen-recording-suite.exe | 
"{2B9A046F-CA88-46E8-8ECE-D5BD67B0357E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{2C8DE4CF-CAA2-4B09-B2F6-0470032AB418}" = protocol=6 | dir=in | app=d:\steam\steamapps\itsme258\counter-strike source\hl2.exe | 
"{2D67AE1B-D65C-4756-AEC0-24E3A4CB8EDE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\machinarium\machinarium.exe | 
"{2F257971-ECCA-4991-B8CE-B408B64F3A66}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\your doodles are bugged!\yourdoodlesarebugged.exe | 
"{3172A4A5-E90A-4D90-9AD9-25EBD86F88F0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{31818FA2-2D31-4F7C-A88E-F800945ECA18}" = protocol=17 | dir=in | app=d:\program files (x86)\tera - kopie\tera-launcher.exe | 
"{319AD6FA-9797-47E0-905D-27925D9AC5ED}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{33A3136C-3B6E-4698-BE73-9C897CD62AEA}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{3708D12F-AC79-4979-ADA6-CB3885D6003F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\cogs\cogs.exe | 
"{370EAFD5-FF2A-458B-98CE-BAEB15D8D3FD}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\nightsky\nightsky.exe | 
"{37CEC898-1F36-4C89-95B7-180477463700}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{384E26BB-44AC-4570-B779-1A91F6D47F91}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\defcon\defcon.exe | 
"{387F1DDB-105B-423F-827B-D5FB0F59D376}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{39FC0F17-DAB8-4677-9694-644394C64086}" = protocol=17 | dir=in | app=c:\program files (x86)\psi\psi.exe | 
"{3A51AC3A-5A52-4E7F-8D10-A545E1534E75}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\osmos\osmos.exe | 
"{3BB1AFEA-3ABF-43A3-984B-3E7746085AF7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{3ED25736-684F-4A39-B55C-65579AAF43CF}" = protocol=6 | dir=in | app=d:\steam\steamapps\itsme258\garrysmod\hl2.exe | 
"{41919680-A0DC-4F52-AD6F-40678429F295}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{43789E1B-EDD0-4D8A-A56C-9E9C9BEBC8DC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{467B3ECD-4124-444C-944E-66864B557577}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{488DC317-A2B0-4B7C-AF58-DB9CD2FDE4E3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hacker evolution duality\hacker evolution duality.exe | 
"{4895AA1C-F7DD-4EDC-A17C-DC057159567D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe | 
"{490F62D2-3079-4180-91E6-8D6EAEE93836}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{4961BDF0-5746-4BE9-BEC3-6B37996896AF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{497FED08-46D7-418F-B1CA-003CEF2144C1}" = protocol=17 | dir=in | app=d:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | 
"{4AFAA329-7487-4158-B4D4-3744475B803D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{4CED581B-8585-462A-BEA2-EB731F3502D7}" = protocol=17 | dir=in | app=d:\program files (x86)\tera\tera-launcher.exe | 
"{4D3C088F-BF8C-481C-BD0F-7F8F8F2E6E25}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{4EF24508-0EA9-4B8B-9A18-5F84379EF3B2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\terraria\terraria.exe | 
"{512D2596-B52F-4F0B-AE7D-352ECA8D6CEE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{5131F2B3-17C0-4FCC-B16C-D0CD38BC1916}" = protocol=17 | dir=in | app=d:\origin\crysis 3 mp alpha\bin32\crysis 3 mp alpha.exe | 
"{52DE77F2-7131-43D3-B203-99035D25D0A2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{53949BC2-259F-46CB-AFB8-1098A65C95A7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\terraria\terraria.exe | 
"{5464C83D-C7F0-413E-85F8-277794558A25}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{55B158C1-3C47-45CF-BFAC-ECE3A1C02612}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{55F63C71-1D2C-4AE3-BF08-D4969128802D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\rainbow six vegas\binaries\runme.exe | 
"{561DF159-55A4-46E0-96B1-12511B0E285A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{565BA135-3765-44E1-A966-A921D584F010}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\machinarium\machinarium.exe | 
"{56BBBBD2-5D23-4643-AEF9-A165C8C512CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5750FD25-5E81-43A7-983F-633DBADF7519}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bully scholarship edition\bully.exe | 
"{57B7CCCE-E4DF-41EA-B105-FCA9A37041FD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe | 
"{58FE3854-2650-457E-B7CC-70B646A40AA5}" = protocol=6 | dir=in | app=d:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"{591804B4-5717-4D1B-A363-5A2E738E24A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{593417F8-9776-423A-87E2-A0B9E54E3DAC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5C32207F-BCA5-4248-8C6C-0438B4369AEE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\frozen synapse\frozensynapse.exe | 
"{5C6F9509-9DF9-4869-A545-444A5D3C2247}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hacker evolution duality\hacker evolution duality.exe | 
"{5CAFCD08-66FF-412D-AA54-72355B653527}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5CF52534-846E-4BBE-A1DD-9C39CB514F2F}" = protocol=6 | dir=in | app=c:\program files (x86)\warmux\warmux.exe | 
"{5DA17866-E9DB-4057-AE48-79C9BFC13811}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\srtool~1\dtuser.exe | 
"{5EC7DDE5-188B-4DA7-BD14-1612DF7AF7D0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{5EFB52E4-DD5F-4A0A-BFE6-B18712652535}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{614D22AB-AA47-4E48-99FF-44182462E4FD}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{61BD5734-F0E5-4E0C-B410-F7DC1BFE17BC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6379ACB9-FBFB-45E3-85C9-E4783A4198D0}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"{65AD1F77-8FDC-4378-AAC5-4B2E2ED364F5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\mafia\setup.exe | 
"{65C35695-D5A5-4B60-A1EB-847C9CB2A174}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\eets\eets.exe | 
"{6670EBE3-9EF3-4FAE-A05B-7260E36BA31F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\mafia\setup.exe | 
"{66A56320-3215-4A2D-9ADB-BA97EFA95A9E}" = protocol=6 | dir=in | app=d:\steam\steamapps\itsme258\bloody good time\bgt.exe | 
"{66B6AEE2-AE50-4B65-B3C8-D9ADB238977E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saira\saira.exe | 
"{6C4ED7D7-C7B0-4EBA-8F3D-08C0AB33C947}" = protocol=6 | dir=in | app=c:\program files (x86)\psi\psi.exe | 
"{6C5AFF04-2871-428B-ABA9-B1ACF7F21955}" = protocol=17 | dir=in | app=d:\origin\battlefield 3\bf3.exe | 
"{6DE5843F-B96F-4C1B-AD42-D6EEE96BA45B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saira\saira.exe | 
"{6FE8A48E-E348-4B95-8D7A-ABF2FC670936}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{70EB797D-7F94-49A1-9663-79042AA36BAA}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{72180012-25A7-49B1-AA22-20D6A1010D5F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{73FA75B6-FB39-4DD1-B4BE-C83A7BAB6DE8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{74C3554E-4B01-4C24-BBDC-9BCB08052BB5}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"{75484A20-8F89-42BD-9D98-137159F46AE6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7723FB12-E561-40A3-AB67-ADEDC964D6DC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{78C56B9E-24FB-4811-BD4F-E39B05F514CE}" = protocol=6 | dir=in | app=c:\users\root\appdata\local\play withsix\tools\mingw\bin\rsync.exe | 
"{797225E3-667A-404D-AF1D-B271F9768A68}" = protocol=6 | dir=in | app=c:\program files (x86)\proxy switcher standard\proxyswitcher.exe | 
"{79B09B81-488E-4289-BEDE-5748C943EC53}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{7ABCF600-E3D0-4F3D-9A17-4C36A06B6D92}" = protocol=17 | dir=in | app=c:\users\root\appdata\local\play withsix\tools\mingw\bin\rsync.exe | 
"{7BC28C8C-39E3-4B03-BACB-78B0759D5176}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\uplink\uplink.exe | 
"{7C5665A1-9CB9-45BF-998E-23756649E33C}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{7F631A5E-2075-4888-AE9E-B02A7951CC78}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{8046C012-ADF8-4B90-BDD0-02BCF042CC1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8096F998-A83C-4834-B729-4D1F1ABD567D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\mafia\game.exe | 
"{8194F9F6-0926-47EA-AC2A-1553FFE06D22}" = protocol=17 | dir=in | app=c:\program files (x86)\proxy switcher standard\proxyswitcher.exe | 
"{82BB46DB-F50B-4A63-9953-FF2295C8C1A3}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{85EA01FB-F058-4BA9-ABC3-20DF7E995186}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{87E5AC28-B569-4EB7-924E-C4D353C64BAC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hacker evolution untold\hacker evolution mod editor.exe | 
"{88AE57C2-71A5-4EFD-96EF-2ADC13CCC97C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\darwinia\darwinia.exe | 
"{895297F0-EF68-49B1-84A2-66FD017342C2}" = protocol=58 | dir=in | app=system | 
"{8AC21160-3F15-4D90-9A72-6C587695938C}" = dir=in | app=%programfiles%\securitykiss tunnel\securitykisstunnel.exe | 
"{8CAB0B54-73A3-4E81-9394-D957756AC31A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{8D5E0AF5-44AE-4A57-8249-0B08C1C211FE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\battlefield 2\bf2.exe | 
"{8D9C7953-1059-4E7F-8C26-70CDCF243B1D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe | 
"{8E158EC7-C5D3-4170-9479-F55ED7E2E56A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8F2A93DE-3680-47F2-A377-5A26B77CB014}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{8F72D7C5-9977-4847-A40E-DBE339F1F666}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screenrecordingsuite.exe | 
"{8FDCDA0F-9DA6-46EA-9CFB-85E9F4A63B38}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"{91800F63-E427-4386-8A76-993C95777C64}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{921AA8A4-ADC0-4594-94D8-99BF1E824B1E}" = protocol=6 | dir=in | app=d:\origin\battlefield 3\bf3.exe | 
"{94EB04DE-A984-4C7C-8051-861603EFA1FF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{952569F5-0B34-4A4E-B336-55BE75ED3DF3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\frozen synapse\frozensynapse.exe | 
"{96C48538-BEAD-4E6C-9B2B-84370D33C7AA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\swordsandsoldiershd\swords and soldiers launcher.exe | 
"{96F9B6FC-0C6E-4BD9-A3AC-7E3B922CC43B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{979DC9A2-3269-4941-B959-793BA73EDC3F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hacker evolution untold\hacker evolution untold.exe | 
"{98655337-2A8E-473F-AC57-6D7B27C9E313}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"{9976243F-A53F-4FC3-B3F5-DEEC1FBB8269}" = protocol=6 | dir=in | app=d:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{9B1E943C-F360-4431-8E45-371E714309E8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{9C104835-7AEE-4736-B2A8-52B8F73DE8D7}" = protocol=17 | dir=in | app=c:\users\root\documents\arma 2\expansion\beta\arma2oa.exe | 
"{9C45355C-2EFD-4C03-82AD-59FF82FF0627}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"{9C5DE694-0B5D-4338-87DF-3D8EBE79007C}" = protocol=17 | dir=in | app=d:\steam\steamapps\itsme258\bloody good time\bgt.exe | 
"{9C645DEA-05FE-41CD-8C4E-2B0AC820B04A}" = protocol=6 | dir=in | app=d:\program files (x86)\tera\tera-launcher.exe | 
"{9C70D444-ABFA-4C75-A780-424A6BA55BDD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\and yet it moves\and yet it moves.exe | 
"{9CB7CA17-6F5D-406D-8653-D854FB20F8AF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sega classics\segagenesisclassics.exe | 
"{9D8938EA-94CB-4B93-9AFD-4BEDCE9FFBC8}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"{9EB463DB-0D25-4166-BC01-078D9580912C}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{A1A66095-0796-4112-80E9-C52435B2E5ED}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{A4D4C1A4-3677-4F1E-84F0-3F9AA77AF80C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\swordsandsoldiershd\swords and soldiers launcher.exe | 
"{A52F0F25-CD48-4BD9-9172-C7AB9C269343}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{A5B96BFF-880B-46F5-B015-13B735056AB0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A8B5728D-2C4E-41AF-B3F2-DFB8F077027D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{A93541B9-EDA1-4C6A-A2D3-40D4F558D6B0}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe | 
"{AB634519-1CC7-4069-8751-5680330A0EB0}" = protocol=6 | dir=in | app=d:\origin\crysis 3 mp alpha\bin32\crysis 3 mp alpha.exe | 
"{AC904FE9-43BC-416D-AF09-86CFE7C4B3BF}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{AF913184-4EF0-4280-9E30-8C18DF78F4B4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B0109AC3-B436-49AD-8683-82C5950D3B82}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B22C988F-A4D2-4D45-909D-30AC6607B00A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B28C091F-428B-4A66-9F33-7D08B0643FCC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\your doodles are bugged!\yourdoodlesarebugged.exe | 
"{B421A1C2-9926-4EAF-BDDE-BE2677C7C9D3}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{B42E3CE4-2214-427D-9E8A-3A09B71329F8}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"{B4AC15D8-AB96-4830-B9CE-79352EEEF1ED}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\metro 2033\metro2033.exe | 
"{B55DE12C-BE78-4264-8E5E-7E95791F2F3C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{B7086384-7F29-4E2F-8E7C-0F80A8343DCC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{B756E767-4171-4B17-B875-87D352C38D3E}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"{B83353EB-124E-44F6-8DD0-258B66A11CE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B862A80B-2429-4C03-AF5D-128DA7C1F68F}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe | 
"{BC57D389-C9C6-49B3-91C2-549C518C2CC8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{BE370A41-1FE4-48F6-B24F-0776A5C52F64}" = protocol=17 | dir=in | app=c:\program files (x86)\warmux\warmux.exe | 
"{C0AF0DA5-B2FD-4ECA-A893-2BFEB6FAC6CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C287C26B-A828-43E6-A109-A21944FE1193}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe | 
"{C2FE0BC6-A231-4831-9E10-66B5626A678A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\zombie shooter\zombieshooter.exe | 
"{C3E99012-F322-4CCA-BD4B-11D669B345D6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hacker evolution untold\hacker evolution mod editor.exe | 
"{C43740AB-82D5-474B-ABDC-53E952B17C94}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\srtool~1\dtuser.exe | 
"{C4FD8624-AAAA-4752-BD3A-CAE65D5E2556}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{C64FE86C-8B9F-4741-8C28-35619CF386B7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\and yet it moves\and yet it moves.exe | 
"{C845F630-D897-4880-AECD-BEEA8EDCDD00}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{C8A300E2-7BC3-4687-BC8C-1F6E93D20F58}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\eets\eets.exe | 
"{C9505DA9-4693-47D6-8BBF-5559938E7CBC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{CA161B75-23B7-4D38-AC64-76B357D3C586}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\zombie shooter 2\zombieshooter2.exe | 
"{CA1BBBDE-C1FB-410D-86F1-602413C4CF90}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe | 
"{CB0DD9CB-A5EF-43FD-8494-B4D29920B04B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{CB694EE8-F9E4-457B-AC4B-5496AAB4FCF2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{CC28745C-4F89-44BD-A72A-A99541D49F71}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CC6AFBCB-9225-400A-AD30-9FC3442771FC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{CD1D1AF8-3712-46C6-9A44-6CA084DA671D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\mafia\game.exe | 
"{CE1EA41F-57CD-4385-A709-93E71286B8D7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sega classics\segagenesisclassics.exe | 
"{D0975BC7-419A-4B66-B7AB-8519E427E227}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{D0A8F65D-2EDC-482E-8037-7D0654470FE8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D238AD07-256D-4C33-B1D5-0575C91723C9}" = protocol=17 | dir=in | app=d:\steam\steamapps\itsme258\counter-strike source\hl2.exe | 
"{D28478C4-4579-48C8-9ACC-27639815215C}" = protocol=17 | dir=in | app=d:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"{D490CC74-24CE-46BE-A26D-203F7EAC22B5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{D4D29440-5DF9-4740-9CA5-1747F3A5C78F}" = protocol=17 | dir=in | app=d:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{D645ACB6-6F44-4730-9A73-B8C5E7B4AF86}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{D6E2FD80-A852-4768-B8A9-38AEEF87AA5D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{D7E98BE2-A6EC-4A1F-9EF6-9DA61B279117}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"{D8AA2460-C10E-48B3-AC1E-F19048AE28EE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\faerie solitaire\faeriesolitaire.exe | 
"{D90AB94E-C040-464B-A2D2-E6A4CBBAD4A6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\rainbow six vegas\binaries\runme.exe | 
"{DAAD5E21-EB2B-4ADB-9F04-422A3F53800F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DBB4C754-21B4-402F-BC3C-A06F68DACCCF}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"{DC1C45C0-AD79-4B67-9182-3FB2B27DD6CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCE318CC-D9A9-43E5-A101-89CBC41EDE7B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DEA3E19C-C26D-4A32-9C9B-D9314531CE1A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{E0E70AD8-D280-458B-BF3A-DEB6AC7D8CCD}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{E23405B1-61FC-4823-BB7B-62F9FEC3715B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bully scholarship edition\bully.exe | 
"{E3BF47D2-1BDC-48E9-A461-564D541614DF}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{E4331CD0-A6EB-4FCC-9BDD-44B5E6E8A11D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead - kopie\expansion\beta\arma2oa.exe | 
"{E51FBF71-9621-40F6-AC37-06E25AEC39BF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe | 
"{E7129F65-5BF3-41DA-B7FD-CF0817C8AAEE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{E7EB217C-A5C9-4368-B764-6456E5D44712}" = protocol=6 | dir=in | app=d:\program files (x86)\tera - kopie\tera-launcher.exe | 
"{EA034642-E35F-410A-A8DB-8A31F0E01EDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EB146ED6-628E-413D-B40E-0298F5C32F50}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\zombie shooter\zombieshooter.exe | 
"{EB874236-3166-4518-9568-D28A2602F624}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{ED218D14-E3A3-4691-82D4-C4B684E9A272}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe | 
"{EDFF83CD-2D07-4E44-98F5-AEB60D47D817}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\darwinia\darwinia.exe | 
"{EE7DB023-80C7-46E0-953D-1F8D2C6F5846}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{EFF1DC77-9A45-42BC-849C-84D01BCFDA44}" = protocol=17 | dir=in | app=d:\steam\steamapps\itsme258\garrysmod\hl2.exe | 
"{F19410E4-E27D-42D9-BDB2-3E6C53336468}" = protocol=17 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\the real shit\xampp\xampp\apache\bin\httpd.exe | 
"{F1A01D61-31AB-4EEE-BC53-0968C27372CF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F32444E7-D95F-4E32-8DC2-784E2173800B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hacker evolution duality\hacker evolution duality.exe | 
"{F386A3DD-CA19-413F-84C6-71D19273F7E3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F3ACFEF1-B99C-429C-94A4-FECB83F37C9E}" = protocol=17 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\xampp\apache\bin\httpd.exe | 
"{F401CFAD-02B6-4148-9483-E7F3FECAAEFB}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{F628FC0B-A4BA-473B-89E3-3BBBA9204241}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\ride carnival tycoon\ridecarnivaltycoon.exe | 
"{F6437B0A-BD07-45D2-96D6-276345F4131B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm | 
"{F7EFC87E-6470-434D-B6FB-D14BBC48B2D9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{F81EA130-EE3A-4A1D-BA76-DD0EF32ABEBF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\osmos\osmos.exe | 
"{F86E60AC-1D41-4774-8855-DD6DDE96AC65}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F89A9FCB-93AA-4B53-BDC2-0D0A77672D2E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\nightsky\nightsky.exe | 
"{FDBEF573-D3EB-488D-A262-A589DFFD7DC1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{FE44B46B-0B35-4373-9E4B-BEB32D54B65C}" = protocol=6 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\the real shit\xampp\xampp\apache\bin\httpd.exe | 
"{FF310BA4-F045-437C-ABBF-A44FF358C6FA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{FF851D28-B99A-49DE-8C9F-77B9D9D32BE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{1075CD2D-A097-4677-A315-2BA980D0998C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{18380749-5BB4-4F38-8993-88FF8A572BC7}C:\program files (x86)\psi\psi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\psi\psi.exe | 
"TCP Query User{29DE6719-C246-40C3-8A4C-C4E31B467E99}C:\users\root\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\root\documents\arma 2\expansion\beta\arma2oa.exe | 
"TCP Query User{2E68FD53-87D8-440F-AF39-74ECC5DA7E85}C:\users\root\desktop\all the shit\moar shit\the real shit\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\the real shit\xampp\xampp\apache\bin\httpd.exe | 
"TCP Query User{3854B33A-44BA-4493-887E-96D23FAB951C}D:\steam\steamapps\common\arma 2 operation arrowhead - kopie\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead - kopie\expansion\beta\arma2oa.exe | 
"TCP Query User{3B3CA2D2-7953-48DE-BEDF-E21F6B6CEEDF}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{3D25C8D5-B9E5-4168-983D-20B5E95D9520}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{4134F468-55B4-40BF-AAF0-D373D1F32B7B}C:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe | 
"TCP Query User{4662B24F-93AD-4AFF-ACF8-52E1680F940C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{66B5B9DD-659C-47AE-9862-FCD3667A6170}D:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{7BA52CD0-ACE5-4182-9DBB-043A29011253}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"TCP Query User{7D113FD4-4E4B-4D24-943B-2F51E45D9C22}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe | 
"TCP Query User{83872114-B5CC-42D3-88CB-80804D21226D}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{84591BC8-D755-4DE5-9E2F-C21479C0EC5D}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{958AC8B0-9F18-4077-A498-1F20CA9C1CAC}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{97046C55-237D-49AA-9AFC-BC002FB16831}D:\program files (x86)\tera - kopie\tera-launcher.exe" = protocol=6 | dir=in | app=d:\program files (x86)\tera - kopie\tera-launcher.exe | 
"TCP Query User{C7E7ACB1-B222-43C6-A297-680EC01095E9}C:\users\root\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=6 | dir=in | app=c:\users\root\appdata\local\play withsix\tools\mingw\bin\rsync.exe | 
"TCP Query User{CED1292D-7F33-4A00-B7C6-E298675342C5}C:\users\root\desktop\all the shit\moar shit\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\xampp\apache\bin\httpd.exe | 
"TCP Query User{D9C86890-97E6-4D21-AD63-5CBCCFCC211F}C:\program files (x86)\warmux\warmux.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warmux\warmux.exe | 
"TCP Query User{DC3F0AC3-1122-4853-8AC0-C885E90D474C}D:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=d:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"TCP Query User{E80510C1-6584-48C3-9B2B-0EB2F3DAC5A6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{EB1F7ADD-4165-4A3E-B47F-A0BCE374A2F1}D:\steam\steamapps\itsme258\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\itsme258\counter-strike source\hl2.exe | 
"TCP Query User{F30A40C9-8B5E-4EBF-845A-43E9AFEB3805}D:\steam\steam.exe" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"TCP Query User{FFF77245-0C75-44DC-BB99-2626A4745483}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe | 
"UDP Query User{008D68AF-2206-430D-A507-F8EE45013D6F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{03C6AA6D-90AE-4D82-9686-7E0402BCF90D}C:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe | 
"UDP Query User{0F7C9701-E03E-48F5-B177-5C61F71BD12E}D:\steam\steam.exe" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"UDP Query User{136C63DA-3D1D-4225-AF27-B489E3FD634E}C:\program files (x86)\psi\psi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\psi\psi.exe | 
"UDP Query User{305085DF-9A30-400B-BA67-0B6815A814E8}C:\users\root\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=17 | dir=in | app=c:\users\root\appdata\local\play withsix\tools\mingw\bin\rsync.exe | 
"UDP Query User{37443BE9-7CEF-440E-A926-C51E185A7DAA}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{39D93847-9B07-4735-A98C-B0D040A1BE25}D:\program files (x86)\tera - kopie\tera-launcher.exe" = protocol=17 | dir=in | app=d:\program files (x86)\tera - kopie\tera-launcher.exe | 
"UDP Query User{42428FC1-ED32-4EAB-B8E0-8597A4CCFEEC}C:\users\root\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\root\documents\arma 2\expansion\beta\arma2oa.exe | 
"UDP Query User{43DF9178-3930-434B-BA96-CD6F5F440577}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"UDP Query User{56D43E4D-D546-4DBC-9C47-C00C2133EF89}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{5FB8585E-BD7F-4770-B65F-98F62B5A2108}C:\users\root\desktop\all the shit\moar shit\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\xampp\apache\bin\httpd.exe | 
"UDP Query User{8A3C7692-A7B3-4964-AF4B-064A5625CEA0}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{994C31C5-37DA-4C63-9C52-DD79F2C05B64}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{9BDF97F3-48B0-46BD-A880-D618627FFF84}D:\steam\steamapps\common\arma 2 operation arrowhead - kopie\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead - kopie\expansion\beta\arma2oa.exe | 
"UDP Query User{9BE41905-27D0-48A7-A589-71D68383FFDA}C:\users\root\desktop\all the shit\moar shit\the real shit\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\root\desktop\all the shit\moar shit\the real shit\xampp\xampp\apache\bin\httpd.exe | 
"UDP Query User{A02CA608-B817-4F29-9779-E18E92979897}C:\program files (x86)\warmux\warmux.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warmux\warmux.exe | 
"UDP Query User{ABEE0700-4ADF-4251-A010-78FB04A6BCB1}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe | 
"UDP Query User{C7C203AF-AF35-495C-96A6-77F792294513}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe | 
"UDP Query User{C9E9E2D7-5595-46C5-A10B-CBD5D8DC8B7A}D:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=d:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"UDP Query User{E25D2E04-73A6-4BED-BFA2-73DA2B0A7C79}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{E882B72D-243D-43EC-8485-4CFE7313C5D3}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{ECF2B4A2-70FB-4E67-95A9-846693B534FD}D:\steam\steamapps\itsme258\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\itsme258\counter-strike source\hl2.exe | 
"UDP Query User{EFC09190-1740-493D-A4CD-D11C269E7415}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{FDD5DDC9-478A-4F87-A2C4-EC22C56AFCA3}D:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\program files (x86)\tera\tera-launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"4144-4862-0472-7103" = WorldPainter 0.8.7
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.35
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"SecurityKISS Tunnel_is1" = SecurityKISS Tunnel v0.2.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"WinRAR archiver" = WinRAR 4.11 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15D44296-62E0-4979-BFF5-1E09ABFE49E0}" = DayZ Commander
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C0622F2-2E68-468C-AA43-0CF81D3ACF14}" = Detours Express 3.0
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{42DCB650-F003-4535-A5CD-32AD815CD2DD}" = Play withSIX
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C278A1B-D7CA-4F9D-A74D-CB9866EB137A}" = Steganos Password Manager 2012
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5C5778DB-3E5A-499D-865D-740E67D1F165}" = LogMeIn
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6B2847D2-E3DD-44C0-BAC2-58D12221691F}" = TechSmith Screen Capture Codec
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6BE7495E-8DF1-11E1-BB7D-F04DA23A5C58}" = Vegas Pro 11.0
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DEB7DB-5DDD-456f-AEC6-4D09A2D3A75F}_is1" = Citron 2.5
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{894084B6-BC69-43B7-BF06-B93AECFEA520}" = GameSpy Comrade
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D811B72-D54C-47D9-B14B-1506E5E89B50}" = Crysis®3 MP Alpha
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{ABFBF663-741E-4792-B2E7-04B8E6C0A84B}" = ControlSpy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA61C81A-124F-432D-8042-E32E98A9BE97}" = Detours Express 3.0
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE9C28A5-2098-466E-9F52-1AE9DA155E4F}" = Adobe After Effects CS5.5 Third Party Content
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Süß & Schrecklich Ergänzungs-Pack
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{CB04D8E1-7B9C-4F35-B2E2-E87CBE520805}" = Adobe After Effects CS5.5
"{CB2B4C2B-0805-4E06-873D-CECB046A5BE8}" = Camtasia Studio 8
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5B7B2BB-6B7E-4AD4-9F2F-7CCF2B48AA58}" = Pokemon Game Editor
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 Königs- Edition
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{dd50af03-2381-49ad-933d-7a30a6ca9e33}" = Nero 9 Essentials
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2 = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"3ivx MPEG-4 5.0.4" = 3ivx MPEG-4 5.0.4 (remove only)
"4Story_DE_is1" = 4Story DE 3.9.154
"655B116F-5CF5-4376-9A36-9FB163ED609F_is1" = Sonarca Sound Recorder Free 3.8.3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"APB Reloaded" = APB Reloaded
"aTube Catcher" = aTube Catcher
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"AutoHotkey" = AutoHotkey 1.0.48.05
"AutoItv3" = AutoIt v3.3.8.1
"AviSynth" = AviSynth 2.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"bearsharetoolbarguid" = Search-Results Toolbar
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Flare" = Flare 0.6 
"Fraps" = Fraps (remove only)
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Free Video Dub_is1" = Free Video Dub version 2.0.8.504
"Game Booster_is1" = Game Booster 3
"GamersFirst LIVE!" = GamersFirst LIVE!
"GhostMouse_is1" = GhostMouse
"glu" = glu 1.0.22
"GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.93.20
"HijackThis" = HijackThis 2.0.2
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"lavfilters_is1" = LAV Filters 0.50.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySQL-Front_is1" = MySQL-Front
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OnlineControl_is1" = OnlineControl 1.2
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.2.2
"Opera 12.11.1661" = Opera 12.11
"Origin" = Origin
"Password Unmask 2.0" = Password Unmask 2.0
"PE Explorer_is1" = PE Explorer 1.99 R6
"Pidgin" = Pidgin
"ProxySwitcher Standard_is1" = ProxySwitcher Standard
"Psi" = Psi (remove only)
"PSP Video 9" = PSP Video 9 6
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"RPGVXAce_E_is1" = RPG MAKER VX Ace
"RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP
"Sacred Underworld_is1" = Sacred Underworld
"Schriftenbibliothek_is1" = Schriftenbibliothek
"SciTE4AutoIt3" = SciTE4AutoIt3 12/29/2011
"ShiftWindow_is1" = ShiftWindow 1.02
"SpongeBob SquarePants Employee of the Month" = SpongeBob SquarePants Employee of the Month
"StarCraft II" = StarCraft II
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 6100" = Eets
"SWF Scanner" = SWF Scanner
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.0
"VMware_Workstation" = VMware Workstation
"Warmux" = Warmux
"Winspector - Ultimate Windows Spy Utility_is1" = Winspector
"Wireshark" = Wireshark 1.6.6
"World of Warcraft" = World of Warcraft
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"244a1e8693fd9c7e" = Techne
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.02.2013 17:00:02 | Computer Name = Systemroot | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: schtasks.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79da3  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x1630  Startzeit der fehlerhaften Anwendung: 0x01ce0bbf6be54790
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\schtasks.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: a9f894aa-77b2-11e2-8258-c860008cd582
 
Error - 16.02.2013 05:57:50 | Computer Name = Systemroot | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WLIDSvcM.exe, Version: 6.500.3165.0,
 Zeitstempel: 0x4a8b055b  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0xaa0  Startzeit der fehlerhaften Anwendung: 0x01ce0c2c10885adc
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Common Files\Microsoft Shared\Windows
 Live\WLIDSvcM.exe  Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung:
 528c885c-781f-11e2-add2-c860008cd582
 
Error - 17.02.2013 06:47:07 | Computer Name = Systemroot | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.1,
 Zeitstempel: 0x4ba21f5d  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x10d8  Startzeit der fehlerhaften Anwendung: 0x01ce0cfc20f79ef8
Pfad
 der fehlerhaften Anwendung: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 5f544fad-78ef-11e2-803c-c860008cd582
 
[ System Events ]
Error - 17.02.2013 08:17:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "DATA" den Befehl "chkdsk" aus.
 
Error - 17.02.2013 08:18:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
 
Error - 17.02.2013 08:18:52 | Computer Name = Systemroot | Source = Ntfs | ID = 131
Description = Die Dateisystemstruktur auf Volume "D:" kann nicht korrigiert werden.
Führen
 Sie das Dienstprogramm CHKDSK auf Volume "D:" aus.
 
Error - 17.02.2013 08:18:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "DATA" den Befehl "chkdsk" aus.
 
Error - 17.02.2013 08:19:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
 
Error - 17.02.2013 08:19:52 | Computer Name = Systemroot | Source = Ntfs | ID = 131
Description = Die Dateisystemstruktur auf Volume "D:" kann nicht korrigiert werden.
Führen
 Sie das Dienstprogramm CHKDSK auf Volume "D:" aus.
 
Error - 17.02.2013 08:19:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "DATA" den Befehl "chkdsk" aus.
 
Error - 17.02.2013 08:20:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
 
Error - 17.02.2013 08:20:52 | Computer Name = Systemroot | Source = Ntfs | ID = 131
Description = Die Dateisystemstruktur auf Volume "D:" kann nicht korrigiert werden.
Führen
 Sie das Dienstprogramm CHKDSK auf Volume "D:" aus.
 
Error - 17.02.2013 08:20:52 | Computer Name = Systemroot | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "DATA" den Befehl "chkdsk" aus.
 
 
< End of report >
         

Alt 18.02.2013, 20:59   #24
markusg
/// Malware-holic
 
Programme brauchen lange zum starten - Standard

Programme brauchen lange zum starten



Hi,
otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
CHR - homepage: hxxp://search.bearshare.net
CHR - default_search_provider: Search Results (Enabled)
CHR - homepage: hxxp://search.bearshare.net
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Starte neu, teste, wie der PC läuft.
Programme Wie Browser, vom Firefox, über Internetexplorer, auf ungewollte Toolbars und weiterleitung bzw sonstige Probleme testen.
Teste auch sonstige Programme.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.02.2013, 21:12   #25
ryuk
 
Programme brauchen lange zum starten - Standard

Programme brauchen lange zum starten



Code:
ATTFilter
All processes killed
========== OTL ==========
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kabraxis
->Temp folder emptied: 0 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Root
->Temp folder emptied: 2702513 bytes
->Temporary Internet Files folder emptied: 2325711 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 9589992 bytes
->Opera cache emptied: 60507481 bytes
->Flash cache emptied: 882 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10587 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 72.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02182013_210650

Files\Folders moved on Reboot...
C:\Users\Root\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM-2874014982\vmauthd.log moved successfully.
C:\Windows\temp\vmware-SYSTEM-2874014982\vmware-usbarb-SYSTEM-2280.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
die log vom fix, für heute mache ich erstmal schluss, werde mich morgen nochmal melden ob noch weitere probleme auftreten.

Alt 18.02.2013, 21:13   #26
markusg
/// Malware-holic
 
Programme brauchen lange zum starten - Standard

Programme brauchen lange zum starten



ok wir müssen das gerät nämlich noch absichern.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.02.2013, 15:03   #27
ryuk
 
Programme brauchen lange zum starten - Standard

Programme brauchen lange zum starten



okay, scheinbar ist jetzt alles wie es sein sollte.

Alt 19.02.2013, 17:02   #28
markusg
/// Malware-holic
 
Programme brauchen lange zum starten - Standard

Programme brauchen lange zum starten



Hi,
otl öffnen, bereinigen, pc startet neu, remover werden gelöscht.
Lösche übrig gebliebene Remover, Setups, Logs, leere den Papierkorb.

PC absichern:

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Programme brauchen lange zum starten
alle programme, anhang, arten, benötige, brauche, gefunde, gestartet, innerhalb, kis, lange, problem, programme, sekunden, starte, starten, virus, wenig



Ähnliche Themen: Programme brauchen lange zum starten


  1. Seiten brauchen lange zum Laden, Programme melden keine Verbindung, PC etwas langsam
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (18)
  2. Win7- Systemstart und programme brauchen ewig beim laden
    Log-Analyse und Auswertung - 08.05.2015 (27)
  3. Windows 7 Rechner braucht zu lange zum Starten
    Alles rund um Windows - 31.08.2014 (25)
  4. Firefox und Thunderbird brauchen 2 Minuten zum starten, keine Internetverbindung trotz WLAN-Empfang
    Log-Analyse und Auswertung - 28.08.2014 (3)
  5. Windows7 : sämtliche Browser brauchen sehr lange um eine seite aufzubauen
    Log-Analyse und Auswertung - 31.03.2014 (11)
  6. windows 7 - programme schließen nicht, surfen unmöglich wegen ständigen Popups und Weiterleitungen, lange Ladezeiten der Programme -Virus?
    Plagegeister aller Art und deren Bekämpfung - 22.12.2013 (9)
  7. Programme laden extrem lange
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (7)
  8. Pc Laggt Und braucht sehr lange um hochzufahren und die Spiele Zu starten
    Plagegeister aller Art und deren Bekämpfung - 20.06.2011 (19)
  9. Dateien brauchen lange um zu starten
    Plagegeister aller Art und deren Bekämpfung - 20.02.2011 (1)
  10. IE expolrer oder Firefox , brauchen lange, irgend etwas ist da versteckt,
    Log-Analyse und Auswertung - 30.08.2010 (8)
  11. Exe Dateien brauchen lange zum Starten
    Log-Analyse und Auswertung - 01.06.2009 (3)
  12. Notebook braucht lange beim Starten
    Log-Analyse und Auswertung - 31.05.2009 (11)
  13. Rechner startet sehr langsam und Programme brauchen ewig zum öffnen
    Log-Analyse und Auswertung - 09.03.2009 (1)
  14. programme brauchen lange zum laden oder bleiben hängen
    Plagegeister aller Art und deren Bekämpfung - 23.06.2008 (3)
  15. pc braucht 10 minuten zum hochfahren,programme brauchen minuten zum starten,hängt si.
    Plagegeister aller Art und deren Bekämpfung - 16.08.2007 (22)
  16. programme brauchen sehr lange zum öffnen und schliessen!
    Log-Analyse und Auswertung - 02.06.2006 (3)
  17. Hilfe! Programme brauchen teilw. 2min zum öffnen und schliessen!
    Mülltonne - 01.06.2006 (2)

Zum Thema Programme brauchen lange zum starten - deinstaliere: 3ivx Adobe Media Adobe Reader Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen - Programme brauchen lange zum starten...
Archiv
Du betrachtest: Programme brauchen lange zum starten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.