Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.03.2013, 15:30   #1
NicNameless
 
CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager - Unglücklich

CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager



Guten Tag zusammen TB.

Folgendes Problem:

Ich starte meinen PC (W7 SP1) im normal Modus, lasse ihn hochfahren
und nach 15-20 sekunden steigt der oben genannte Prozess auf einen CPU-Wert von 99
und schwankt dann so um die 95-100. Öffnen von Dateien oder schließen ist nicht mehr möglich, wenn ich mich beeile und den Prozess schon vorher beende sinkt die CPU wieder,
doch dieser taucht nach ungefähr 15-20 Sekunden wieder auf. Dieser Vorgang kommt etwa 4-5 mal vor dann hab ich Ruhe, für mich natürlich keine Lösung und bin der sache auf den Grund gegangen. Scans hab ich keine erstellt oder sonstiges mit Anti-Malware Programmen gelöscht, lediglich durch den PID herausgefunden dass der Prozess [ svchost.exe (netsvcs) ]
mit einem Prozess namens BITS verknüpft ist. Das genannte Problem habe ich erst seitdem ich eine Bildschirmübertragung bei Skype gestartet hatte, finde aber dennoch keine Probleme bei Skype. Natürlich BITS gegooglet ( Background Intelligent Transfer Service ) für mich kam allein dieser Name verdächtig vor, aber leider besitze ich nur ein Grundwissen und möchte nicht weiter alleine einer Sache auf den Grund gehen wovon ich selbst nicht viel Ahnung habe. Hinzuzufügen ist noch das im abgesicherten Modus kein Prozess auf so einen CPU-Wert kommt. Ich hoffe jemand kann mir helfen..Neuinstallieren kommt für mich weniger in frage.

Alt 13.03.2013, 16:01   #2
M-K-D-B
/// TB-Ausbilder
 
CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager - Standard

CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Alle von dir genannten Dienste sind an sich legitim.
Ich schlage vor, wir schauen uns deinen Rechner etwas genauer an:









Schritt 1
Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.exe
  • Starte bitte dds mit einem Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Setze bitte einen Haken bei
    • dds.txt ( Sollte angehakt sein )
    • attach.txt
    Ändere keine Einstellungen ohne Anweisung
  • Wenn der Scan beendet ist, wird DDS 2 Logfiles auf deinem Desktop erstellen:
    • dds.txt
    • attach.txt
Bitte poste beide Logfiles in deiner nächsten Antwort.





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von DDS,
  • die Logdatei von DeFogger,
  • die Logdatei GMER.
__________________

__________________

Alt 13.03.2013, 21:37   #3
NicNameless
 
CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager - Standard

CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager



Hallo Matthias, danke dass du dir die Zeit für mein Problem nimmst.

Ich hab festgestellt dass sich der Prozess nur dann aktiviert, wenn ich mein inet Kabel reinstecke..aber im abgesicherten Modus mit Netzwerktreiber funktioniert alles ohne Probleme..bei den logs erstellen gabs keine Probleme ich hoff du findest da was, bei dem ganzen Müll den ich da drauf habe.
__________________
Angehängte Dateien
Dateityp: txt attach.txt (6,0 KB, 340x aufgerufen)
Dateityp: txt dds.txt (15,5 KB, 317x aufgerufen)
Dateityp: log defogger_disable.log (502 Bytes, 223x aufgerufen)
Dateityp: log gmer.log (1,9 KB, 234x aufgerufen)

Geändert von NicNameless (13.03.2013 um 21:44 Uhr)

Alt 14.03.2013, 15:20   #4
M-K-D-B
/// TB-Ausbilder
 
CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager - Standard

CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager



Servus,



du bist mit Adware infiziert. Das kann die hohe Auslastung erklären.

Wir bereinigen deinen Rechner erst mal.






Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 15.03.2013, 17:51   #5
NicNameless
 
CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager - Standard

CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager



Hey Matthias ich hoff mal ich hab das alles so richtig gemacht wie du dir das
vorgestellt hast. Nachdem letzten ComboFix scheint das Problem behoben
zu sein du kannst aber dennoch mal die logs durchchecken ob du noch etwas findest.

Gruß Nic

Angehängte Dateien
Dateityp: txt AdwCleaner[S1].txt (10,5 KB, 284x aufgerufen)
Dateityp: txt JRT.txt (1,4 KB, 240x aufgerufen)
Dateityp: txt combofix.txt (15,1 KB, 321x aufgerufen)

Alt 16.03.2013, 09:52   #6
M-K-D-B
/// TB-Ausbilder
 
CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager - Standard

CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager



Servus,




Ich seh da noch Malware auf deinem Rechner.




Schritt 1
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    http://www.trojaner-board.de/132129-cpu-auslastung-95-100-svchost-exe-netsvcs-prozess-task-manager.html#post1029545
    
    Driver::
    isedhbb
    XDva289
    XDva365
    XDva392
    XDva393
    XDva397
    XDva400
    
    Collect::
    c:\windows\System32\drivers\uhthpdj.sys
    c:\users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
    c:\windows\pss\update.exe.Startup
    c:\users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.4302649698936123.exe.lnk
    c:\windows\pss\0.4302649698936123.exe.lnk.Startup
    
    Folder::
    c:\users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\829fxrx6.default\extensions\51123a9227731@51123a922776b.com
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!







Schritt 2
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Schritt 3
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :dir
    c:\users\Nico\AppData\Roaming
    
    :filefind
    Conduit*
    0.4302649698936123.*
    
    :folderfind
    Conduit*
    clsoft*
    Claro*
    MagniPic*
    SweetIM*
    SProtector*
    Softonic*
    Iminent*
    
    :regfind
    Conduit
    clsoft
    Claro
    MagniPic
    SweetIM
    SProtector
    Softonic
    Iminent
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix,
  • die Logdatei von OTL,
  • die Logdatei von SystemLook.
__________________
--> CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager

Alt 16.03.2013, 17:27   #7
NicNameless
 
CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager - Standard

CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager



Alles funkt einwandfrei.
ich hätte nicht gedacht, dass dus mir so einfach machst.



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.03.2013 17:47:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nico\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,72 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 62,97% Memory free
8,72 Gb Paging File | 7,47 Gb Available in Paging File | 85,70% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,41 Gb Total Space | 127,05 Gb Free Space | 13,64% Space Free | Partition Type: NTFS
 
Computer Name: NICO-PC | User Name: Nico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02335BE0-1E49-4718-A154-49229B4F39C4}" = lport=56836 | protocol=17 | dir=in | name=pando media booster | 
"{04E62274-46E3-49D9-B617-CE101BA5818B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0ADB4907-D867-4610-9464-4BD5CD5B6672}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0BC41BF2-41FA-476D-81F3-94083062E65A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{0F3798E1-E308-4F7A-B211-D5F247C65C47}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{100B6C81-7122-4505-A29A-FED5623CCDA5}" = lport=57124 | protocol=17 | dir=in | name=pando media booster | 
"{1152BCC9-E01A-4CCD-8BE1-E39A5B25B308}" = lport=57124 | protocol=17 | dir=in | name=pando media booster | 
"{12A9B0BA-D979-4B9C-ACCE-D6BEE8E93932}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{16D1A048-8811-47A8-A809-69E05A76EDEC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1E3B74D5-FEB4-4708-91F1-C8DA24B44D3F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{27E65220-50BB-42BB-80EB-6201EE50C9CA}" = lport=57124 | protocol=6 | dir=in | name=pando media booster | 
"{2A1EEFF9-013F-48AF-8AD3-25C22CBE0CB4}" = lport=57124 | protocol=6 | dir=in | name=pando media booster | 
"{2EDDF1AE-5D22-41B5-8323-4082E9EC9E3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{31F40715-B96C-4FC7-97E2-757F4EF085A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3341A226-EEFD-491A-BB40-8E37A7293CCC}" = lport=56836 | protocol=6 | dir=in | name=pando media booster | 
"{535950D9-A7E3-49E1-BDDB-155E5F033A2F}" = lport=49294 | protocol=6 | dir=in | name=akamai netsession interface | 
"{54699546-1B34-4EF4-9E5F-9ED130D5DD97}" = lport=58752 | protocol=17 | dir=in | name=pando media booster | 
"{5CAC0EA4-4804-4F71-ABBE-EB7459FED629}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5D7A2AC8-67BE-4794-B655-E12B28101CAE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F6BF36E-1F32-4A1D-974A-5B7720C844AA}" = lport=57779 | protocol=17 | dir=in | name=pando media booster | 
"{61388577-72F1-4B67-A55D-3F5B31DB85B2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6541960E-6194-4061-95E7-75F86B13B83A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{6A6123A2-EC9C-4321-B60A-6C837FEBCEF9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{75ABCA76-F9B5-48B3-9404-7B3C5D90121D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{77DADF6A-3A46-4D8F-8726-A68BAF15F763}" = lport=57779 | protocol=6 | dir=in | name=pando media booster | 
"{7942A9FF-7E92-4F7E-BBF4-F4AA37FD0EDF}" = lport=49243 | protocol=6 | dir=in | name=akamai netsession interface | 
"{81432B35-2B27-45FF-860F-A33C0C1D97EC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{859128F3-606F-4590-93F5-57B00AE04B19}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8C0D8AC9-774E-4AA3-BB4F-261D05BE2468}" = lport=58752 | protocol=6 | dir=in | name=pando media booster | 
"{965B9367-82EC-4C30-A0FE-9E992DBACAC1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9D2CAE35-9F84-44F0-8D9F-48E3C0A3AB0F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A52C06C6-09EE-4B23-8C3D-DC4245C68C58}" = lport=56836 | protocol=17 | dir=in | name=pando media booster | 
"{A75F032C-FD03-4104-A50E-6BE8D1652C6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A7A7BC8F-41DC-42DE-B1F2-18FAA1059072}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B16EFCE3-6F2C-4E7A-BAF4-0E6C43070425}" = lport=56836 | protocol=6 | dir=in | name=pando media booster | 
"{B8B21334-1563-4A52-BE86-AF281ACF2648}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BC47F31C-1EE3-47B3-B4A2-C5370CAA9CB1}" = lport=58752 | protocol=17 | dir=in | name=pando media booster | 
"{C1202D93-4B90-4631-82C1-8D0F37D44FB7}" = lport=57779 | protocol=6 | dir=in | name=pando media booster | 
"{C3AABB00-03C7-4F41-8D94-685FD4ED836E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{CD0D27A6-3120-42C6-9F36-55C27807E35A}" = lport=57779 | protocol=17 | dir=in | name=pando media booster | 
"{CE306DF0-4934-4D58-8927-FBC51477472E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D9C991A6-2F74-4623-860A-0CC93A4B1CB3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E098219F-2D01-4C96-BAF2-5638AFE7AA68}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F61F4D52-9E01-4206-9133-FE28E3D0D28D}" = lport=58752 | protocol=6 | dir=in | name=pando media booster | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003BF882-FA72-4A3E-9E7D-9A28E5503201}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{010AB54D-91EA-4687-B607-FBABC021C45A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{01B07DA5-9F4B-4642-8E0C-3C99FDA80974}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{01BA6DFE-C52D-4541-B6A5-7F330EECD763}" = protocol=17 | dir=in | app=c:\program files\ubisoft\farcry 3\bin\fc3editor.exe | 
"{021C52C8-B809-4115-A173-ACE7FA61DD2F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | 
"{028F2178-DD1C-4336-8286-0A8E413438D1}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{0296CA8F-CC35-43D7-B177-F3B46F6A7ACB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{02DB7D03-40A5-49C8-908B-3078150CBCDB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{06418EF0-B744-44E3-A3AC-A689D90886B6}" = protocol=6 | dir=in | app=c:\program files\electronic arts\fifa 12\game\fifa.exe | 
"{0729AC52-1467-480A-BA49-F7CCEBCDF2A2}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{07571006-3505-4E6F-9E9D-151D22FE5E89}" = protocol=17 | dir=in | app=c:\cherrydegames\dragon nest\dragonnest.exe | 
"{09787AC5-C6F0-4EB5-A471-BF4AC017BE6C}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{09C4926B-E996-426A-A9EC-F9793F7CF1A9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{0A8494DC-A371-47D3-81E8-05600077323D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{0BA27798-0B32-43D8-A56B-F5094D2F4B8E}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{0BE0D3E9-872B-4E87-81A2-D60FB8137AD4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{0C68F5A9-44CF-4EBF-A9DE-7C050ABF42CE}" = protocol=6 | dir=in | app=c:\program files\dragon nest europe\dragonnest.exe | 
"{0CC88938-9BEC-4DC0-8AA1-777C95C7023C}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{0D1290BE-5078-44E9-93C0-A07E31D70298}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{0ECDED96-884D-4B7D-9499-88D496520BAD}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{0F5C2268-5E19-48CB-B13C-3C5EF783556E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{13738D1D-BC94-4B58-B0C3-F1BFBD21C223}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{1474AB15-0F5D-4252-B9D7-38CD917FFDA9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space 3\deadspace3.exe | 
"{14BF3B65-FFA2-432D-982D-9B26B4BC3794}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{1A6074B1-A289-428A-9A0D-D5C02C5EEBF9}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\ac3mp.exe | 
"{1BA7AA79-9EC4-47E7-8D1E-7FE439A3A42C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\farcry 3\bin\fc3updater.exe | 
"{1C1D1EDD-7787-4463-BFF4-D885EB96A55E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{1C9AB6EA-C470-4300-90FA-29DD38342BB4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\planetside 2\launchpad.exe | 
"{1F904FA0-B4C3-4FB3-94ED-ADC55E156CAA}" = protocol=17 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx9.exe | 
"{21A5F55A-3F38-4DC8-9F74-DC2C827F0905}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{21AEDBD0-F47C-4E17-AE82-1E2BA3D0D88F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{232E42D7-7E54-4FA9-A420-CFC49624AA40}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{26D053D1-86BA-4858-8458-5C4625412972}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{26F091E9-7AFB-4293-AB05-415D492368DF}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{28F67791-F2F2-4085-B47A-2A27FA7B3578}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{296AF923-B4FA-406B-B46C-D276AA80FF41}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{29A6C101-F2AC-43C7-8BF8-78A8611F7C92}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{29E9B2F4-D566-43F2-88F4-B18FEECBFA4B}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{2A93C24E-0B74-47CC-8667-BE6A231378E1}" = protocol=6 | dir=in | app=c:\program files\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{2B549BEE-7FFE-47A0-8313-AF92100671A9}" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space 3\deadspace3.exe | 
"{2B9F011F-9DBB-4775-9D28-D35675B87CC9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{2E38725E-7833-41D3-AACB-038EE5B2984F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{2F9D5D32-D918-4CB9-9EB0-AB89A73EADAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3045139A-6A96-492F-901E-37A806564295}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{30D234E1-768A-4592-9D57-2C0BB44374AA}" = protocol=6 | dir=in | app=c:\program files\microsoft games\fable iii\fable3.exe | 
"{32709FC3-E5A6-4671-AA8D-59E096BB3D7A}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{32D2D6CE-7CD3-4EAB-BA52-115920A9EBFE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{36074B06-27B0-4255-BCB8-C81162009D72}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{36825A6F-CBBB-4457-8E4A-A6FDF773FEBF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37E92CC3-A8BE-4F94-BAD3-C5071738382F}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | 
"{39C7C26E-394F-43DA-BFBD-E6CBB76F49A4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{39D968AA-8B0F-40C4-BDBF-A325A10B7FEC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{3C710CC0-007A-4AB8-8B16-849B754C435E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3D5F909A-83AC-4A96-8193-0EAB3A4582B1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{3E36F486-57C8-4581-A229-256D3A3FB08F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{3F01749C-EEF7-4B7B-82E8-24301A7D473E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3F7F922A-A989-4519-9680-E1EC0628E2DF}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe | 
"{4150B3F5-0206-48EA-9A36-7F2A867B80A1}" = protocol=17 | dir=in | app=c:\koramgame\stonline\_launcher.exe | 
"{41EB28AD-4F35-4B97-AD36-C5906D0ABAE8}" = protocol=17 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx10.exe | 
"{4602643C-D5CE-40E0-91C1-6E33CFC75428}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{47AE7073-E41F-4689-A824-9808BD6BAB20}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{499C192B-6B04-4D03-A162-30AD94B4D7DF}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{49DE52B1-031F-4D2B-9115-7F1EBCCA7A02}" = protocol=17 | dir=in | app=c:\program files\blastshark\lunia\blastshark.exe | 
"{4A20154C-23D7-4FFB-96C7-DA73A912D15A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4BD9ABB9-B776-42EB-8863-365B10467842}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\from dust\from_dust.exe | 
"{4D0F9315-7B9F-42CA-B1AF-1D30D24F6742}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4FAD5314-AEFA-48EB-8C62-895FE422FEAF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4FC8AA60-8A8A-4E86-AFF1-1F7D6D8F40B6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{502DC4AB-200F-4B2E-86AB-0B51CED8C976}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{506B3D3B-48F7-40F4-A990-98FFB75E6F65}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{507C1258-A1DB-4ABB-8881-BEEB0743D514}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{50E3ECB1-1C47-4292-A2B8-2678AF8743B3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{530930CF-A61C-4CBA-96D4-ACE8FE416DE2}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{5360B4CD-5CFB-4D16-9E3C-69A150673C5E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{544D1828-C5ED-468D-B5FF-14ADACD62850}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{545482E6-72FC-4C7A-81D9-E3C6FD00CFF7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\planetside 2\launchpad.exe | 
"{54F43614-8DEF-4D1E-84D0-9566ADC21872}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hackslashloot\hackslashloot.exe | 
"{5804F3EF-FE6D-4AD5-B2B5-EC5BD04E43A4}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{58C17B43-0A37-4DB5-94A3-643C7EC6ED13}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{5A3A46B7-6319-4A36-9F4C-51979722BDAD}" = protocol=17 | dir=in | app=c:\program files\4pl-insight\insight.exe | 
"{5B333BF9-6CA6-4979-8E92-CAD82C4BC28C}" = dir=out | app=%programfiles%\clonk rage\clonk.exe | 
"{5B57063B-31F9-4461-8858-77494EAC1376}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{5E75456F-2D15-493C-8B98-B9E1BFBCE442}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{5F4AD4F6-DF6F-4499-8304-6CD3CDFD7145}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{61937EED-B549-4175-AFD9-506AF2EBE6BF}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{640D731B-54C1-470F-B2B5-A1908858A7BF}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{67668BB1-BB8B-4EC2-87F1-7D04BE18AC79}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{69F1989C-43C6-4912-B8EB-CDE55EB0DA64}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{6E67D308-548F-4757-B03A-C591DF738A7D}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe | 
"{72573CC0-D085-45B6-8476-EA4C02A40804}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{731B8096-D326-4621-A245-9BB54E5500BD}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{740F964E-95AE-48B6-976F-8A48C291C919}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{762F1D8F-985B-45E3-9A94-39CDE46A7736}" = protocol=6 | dir=in | app=c:\program files\ubisoft\farcry 3\bin\farcry3.exe | 
"{7839E4F0-0493-498B-8A7A-1A524025E863}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{785C647F-4283-419A-B9E1-AFEAD2BA8E51}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{790A1F8E-6236-497F-A6EF-BCC5B70177B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C6CEE40-16D9-4333-8B6C-CBB9B22FADA4}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{7CF2ABEB-CDB9-4D39-9C62-A99E567789C4}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 3\bf3.exe | 
"{7D32E2F6-562D-4C95-8C06-87BC5EC653ED}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{7DC8F097-8636-4BFD-B555-2B9F2738A072}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{7E1767DE-F370-481F-B6EE-90AAAF7A4649}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{7E4005B3-272A-4169-8A8A-D3869B56BCD7}" = protocol=6 | dir=in | app=c:\program files\capcom\dead rising 2\deadrising2.exe | 
"{7F4CDBA2-33D7-48F2-B787-7853B9DCC9A6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2\arma2.exe | 
"{80F540C5-49A7-4329-9765-0F161B25CA4D}" = protocol=17 | dir=in | app=c:\program files\electronic arts\fifa 12\game\fifa.exe | 
"{82745C52-36C6-497D-BF60-63970C203BCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{84C271A3-3C60-4713-9D29-73F7EA28666D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hackslashloot\hackslashloot.exe | 
"{875A5BCB-BC41-47A5-8546-1DBE99F600FB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{89A3F335-0FCD-4204-894B-CC7E9E3C6B51}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{8AEBA881-78A6-4E70-9822-EB95B5B912FB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{902A8724-0AF5-46C1-A2BB-B1D39CF03713}" = dir=in | app=c:\users\nico\documents\the war z\warz.exe | 
"{91D3C95A-44FC-4F1B-B189-3547D6159D07}" = protocol=17 | dir=in | app=c:\program files\microsoft games\fable iii\fable3.exe | 
"{94D79855-12B4-483D-8332-6E9727472B4D}" = protocol=6 | dir=in | app=c:\program files\squareenix\final fantasy xiv\ffxivboot.exe | 
"{95276F80-C62B-4AC3-83A3-E5444BB30DC8}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{95DF9CD8-90C0-469D-8200-78D65E99B825}" = protocol=6 | dir=in | app=c:\program files\blastshark\lunia\blastshark.exe | 
"{96783BE3-A00A-43A3-8D0B-816C3B04F1B8}" = protocol=6 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx9.exe | 
"{9679CC9A-FF34-4169-B342-E6E17B81DDED}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{9754F627-7459-4475-ABB5-7B6F49ED033C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\ac3sp.exe | 
"{97559F0E-EEF0-4D6F-9F5A-FC0DEE17AF72}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{977AB498-1A2A-4291-83BA-CF8E59E64789}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2\arma2.exe | 
"{978EDBD6-39F1-4C74-A2FC-7C6C231BAA25}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\ac3mp.exe | 
"{995BAB02-131E-4825-A4FF-533D04F6FDC8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{9A78FF5D-D461-4D19-ABE8-D4A19D048F7B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{9DE66D86-BF18-47A3-BA6B-8D0342DAB9E7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{A12E82D9-F13A-40ED-BC78-20B26D3D3DBC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{A16774CF-0DF6-4388-B1BC-2041873407FB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | 
"{A4976FA4-3097-462E-BEB2-A6632D075983}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{A4F10DA8-B47F-413E-AABD-4BCF1A851FDA}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{A576FD9D-C6EF-4F39-8381-E7A658E14A56}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{A5B1ABC0-0F4D-42AA-8864-B783685EE254}" = protocol=6 | dir=in | app=c:\program files\capcom\streetfighteriv\streetfighteriv.exe | 
"{A9A6ECDC-9F5F-41E4-8D94-D9DA6B6731DC}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{A9AF91CC-744A-4723-8A48-020D80FB7FFE}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | 
"{AA8D0CB8-71A0-479A-997D-A3199D955379}" = protocol=17 | dir=in | app=c:\program files\capcom\dead rising 2\deadrising2.exe | 
"{AC638A22-5D37-4093-909A-C854C8BC6B87}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{AC7B35B2-0A33-4AC1-87F4-00218B384592}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{AE4D0B73-F948-49CD-92B3-148903606498}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{AF7FFC70-BC6F-48AA-A858-898B90FC0DC0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B0CF681B-F762-48F1-A73D-41B6E0694FD1}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{B23C0059-0EED-4DA6-93A0-AC533252FB30}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{B253DDC7-6B41-44C9-8DF1-C13218D2BA3D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B2CF5A58-58AB-408A-8EBB-748A96E79619}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{B35A8971-A287-4F4F-87BE-5C9774574264}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{B372A5B2-28CA-4564-BB30-65AF90987FAC}" = protocol=17 | dir=in | app=c:\program files\capcom\streetfighteriv\streetfighteriv.exe | 
"{B5087E03-9D29-43CD-9355-EBAFBDF1D310}" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"{B6E11D22-5D3D-4B7A-ABC7-2DC3309A0629}" = protocol=6 | dir=in | app=c:\cherrydegames\dragon nest\dragonnest.exe | 
"{B94A90E5-AA71-4082-B26D-A1281FA35DED}" = protocol=6 | dir=in | app=c:\program files\ubisoft\farcry 3\bin\fc3updater.exe | 
"{BA11FEA7-5CC0-4A97-8817-A753DD142DE4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{BA3D0F7D-E435-419F-BC88-D31480AA0E1F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{BB21E15B-75BA-441A-A826-40BF240DAC58}" = protocol=6 | dir=in | app=c:\koramgame\stonline\_launcher.exe | 
"{BC3F15AC-F213-4D49-B3F1-7804D4CDB512}" = protocol=6 | dir=in | app=c:\program files\ubisoft\farcry 3\bin\fc3editor.exe | 
"{BC5F1635-3A35-442C-B1BB-BC7228118D8B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{BE782921-98D2-4192-929C-8DB0E8023FFE}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) most wanted\nfs13.exe | 
"{BF99753B-99C7-4FE4-B8D8-72BBB7C24DF5}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{C11586B0-944C-4718-A7A2-42906780CFD5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4A675A8-463F-4BC4-A83E-75EF18D07B26}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{C50E96BB-4D49-4116-BE67-B08AD518EB3B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\farcry 3\bin\farcry3.exe | 
"{C6DEA2AB-478F-46D2-A1E8-63751CB59E29}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{CA9D4DAF-F646-4533-9D99-CD0C787E5245}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\ac3sp.exe | 
"{CCAED287-2BAC-4621-AD64-A43BAFBAC4B5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{CFA4DE53-A06E-464B-8D54-622460D9A9A6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{D1CB3989-72AD-4530-90CC-986AB03590F8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D4023205-09AF-462D-B7E6-D0D09AECD6C5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{D4C35AAD-B8CD-4BA1-9D15-BA42E9600634}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{D4E1214A-3C9C-45E0-9656-48DC152D0D47}" = protocol=6 | dir=in | app=c:\program files\4pl-insight\insight.exe | 
"{D523F436-C4C5-4262-A2F4-8677C599A243}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{D557BF2F-F912-4F0D-8A64-1FE98E6FEEDF}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{D55A53B3-4DB4-473A-9A29-8FE420F78F96}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{D60AE6AC-E63A-4D62-BD3A-ACF888657ACE}" = protocol=17 | dir=in | app=c:\program files\dragon nest europe\dragonnest.exe | 
"{D8367820-81C8-42D4-9A39-EDD511A33F23}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{D8EA5CE7-9528-4491-9BB6-A43BA19C9291}" = protocol=17 | dir=in | app=c:\program files\squareenix\final fantasy xiv\ffxivboot.exe | 
"{DC03466C-E4AB-4DC9-9450-CA397E45398A}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe | 
"{DC87A1CC-E391-492A-8FF4-626CE343BC3A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{DE21667F-342F-49D9-B892-D0A8892D1289}" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"{E2C14EF3-A378-4AF1-8456-DC3A27F1E22A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{E2DC21C5-BD1C-4048-83EF-4674CCF11299}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{E4EE4E4A-0EAB-438A-A4E5-6CAF2D444E2D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{E686FDA9-AF34-4BA2-9F71-73CC729FED5E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 3\bf3.exe | 
"{E6F4D726-22AD-405B-A1DD-97E85D9AF913}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\from dust\from_dust.exe | 
"{E7378A4B-505E-4322-BE08-C7F41BED0151}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{E918C9E9-9E40-430E-B288-34F7C2ADD901}" = protocol=6 | dir=out | app=system | 
"{E983C4E8-59E8-4BC8-8E45-8B45D29C721D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{E9A657BB-FC85-49B9-B106-4FF66D18C9FC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{E9FC4F54-6A64-4BB1-82E8-E16F23C5001F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{EA4A3379-6950-49A3-B668-A7A590E749E8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{EB040EF1-3538-4829-B8A4-889225216DF1}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe | 
"{EBE06711-DBC1-43A2-AD80-18F50B5901BB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{EBE7D581-2DB8-4095-A10A-5087F60A8039}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{ECE8EDFA-446F-4CB6-BB88-A2F33A3DBD65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1271BCE-AEDE-4A26-92EA-C7D3E4D64672}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{F27CB811-C24C-4A3A-9B56-6729CAF73C78}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{F2A1885A-45D9-43CF-B26F-33DBA61F15DA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{F4314C39-A4E2-44F7-A6C5-8F68F18CD661}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{F905CB6A-FCB3-4371-865D-20F1E6653DF6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{F9082911-6AFF-4EEE-A535-4B1D1866BE58}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{FB12021D-065F-4104-81BC-8AA319974874}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) most wanted\nfs13.exe | 
"{FC1713CB-AD93-4412-BA3B-29C7A3BFB0B3}" = protocol=6 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx10.exe | 
"{FCC9F7E4-4BB3-4F49-BE4F-E942A229A55B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{FF604D47-61DD-4EE1-9BF0-151592966E43}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{05B6A036-A82C-4F35-BFF9-2B70479BD734}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{077C7348-9E99-42E6-8C38-B9F4419EF1F6}C:\users\nico\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nico\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{095E62B3-566D-4C3D-A5DB-0247B0E6B2BB}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{09E42803-3911-4917-9AEF-FAD78597CF4E}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{11C9D77C-CC21-4DFA-AD8E-4BF6B395621E}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{12349862-F69E-4221-9759-EC8A740B4526}C:\program files\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files\guild wars 2\gw2.exe | 
"TCP Query User{293B49FA-BC66-405F-AF18-006266FD65A9}C:\users\nico\downloads\championsonlinef2p.exe" = protocol=6 | dir=in | app=c:\users\nico\downloads\championsonlinef2p.exe | 
"TCP Query User{2AF42FA1-0680-41F1-8DB9-D8F7ED695C2D}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"TCP Query User{2C6ED29D-243F-4541-9F48-D1E0CF2F3984}C:\program files\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\dead space 2\deadspace2.exe | 
"TCP Query User{2CDDA7ED-69BD-4777-90E4-BA313EC5E2EB}\\bobbls\w3\war3.exe" = protocol=6 | dir=in | app=\\bobbls\w3\war3.exe | 
"TCP Query User{39CA4BD7-1616-471C-9D23-939F4333C51B}C:\program files\sony\content manager assistant\cma.exe" = protocol=6 | dir=in | app=c:\program files\sony\content manager assistant\cma.exe | 
"TCP Query User{3C1627F5-F281-4E59-A26F-D6F9F953DAD4}C:\program files\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\reactor\reactor.exe | 
"TCP Query User{436A9C2E-9950-4D50-A264-ED9AC3858CE1}C:\users\nico\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nico\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{43DC4AEC-D598-447B-B69A-13FD19639162}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{448A6247-B436-4DF5-800D-7526B896B4E8}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{49C08CDD-1682-4ABB-99CD-279E183C18BF}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{4D375D7E-55BA-4E8B-B251-ADA896CB5CB3}C:\program files\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"TCP Query User{5C4513B2-CBC5-4EE0-8AF4-AD31480801C1}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{5D25F389-19CF-406C-A12F-F5EBCE9CF8B6}C:\ijji\english\u_sf\soldierfront.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe | 
"TCP Query User{670051A1-DD36-4314-BBCB-BD1FAAEA2F8C}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | 
"TCP Query User{6C4D7EC6-3A1D-4190-B39F-7683B76689B2}C:\program files\clonk rage\clonk.exe" = protocol=6 | dir=in | app=c:\program files\clonk rage\clonk.exe | 
"TCP Query User{6D5D2DB4-207F-4F4F-A742-851BE04E0CB3}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | 
"TCP Query User{76BA2B21-DD3B-4391-A591-AE6193E30CDC}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{7FC2EB53-C16F-4871-972B-E5E3C343CF64}C:\program files\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files\guild wars 2\gw2.exe | 
"TCP Query User{8036DB90-286E-48B4-BB3B-611970E0A5DF}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{84423495-190B-4B9F-B27A-2528629C171C}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{8B477F1E-138F-4C7F-AB42-D8432AC6303C}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{955850D5-D3B3-45F1-A02D-511EE34DB3D8}C:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{9FED481B-A98C-4370-8068-8A23BB8C1AC4}C:\program files\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{A64CCCD1-3A16-408F-9716-6014DC209DEC}C:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"TCP Query User{A79F2CED-217E-445D-ACF2-6774DF659C57}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{B797B0E0-1E88-415A-B647-656477327059}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe | 
"TCP Query User{CE5A4A2F-1609-4B1D-8498-846DC6E68D37}C:\program files\sony\content manager assistant\cma.exe" = protocol=6 | dir=in | app=c:\program files\sony\content manager assistant\cma.exe | 
"TCP Query User{D09E116F-0D8C-4446-93C9-B15EE3436A13}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | 
"TCP Query User{D70F931B-B0A5-4BD1-AB60-3E0CF9D6B9A7}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{E08158DB-8D7F-4CF0-870F-3596482C25A5}C:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe | 
"TCP Query User{F158142C-DC15-441E-AFEF-FC35A49D9E76}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe | 
"TCP Query User{FAD88EB8-0825-4DDA-B59E-1A39F1D66449}C:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{FC5950D1-C74D-4203-B5F2-399C16FA9388}C:\users\nico\dead island\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\users\nico\dead island\dead island\deadislandgame.exe | 
"TCP Query User{FD50FA6B-4394-4903-82A9-662A648085C0}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe | 
"UDP Query User{051FF58D-121A-4090-B45D-C3C160339B72}C:\users\nico\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nico\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{06EA8ECB-AD3E-452B-AA37-54883B4B040B}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{079EAC26-A823-46E9-A676-E5D028AFB753}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe | 
"UDP Query User{12DA56D7-FDE9-4531-A1B8-41739C230636}C:\ijji\english\u_sf\soldierfront.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe | 
"UDP Query User{16B1C9E5-8140-497D-875C-DF105D78500A}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | 
"UDP Query User{1710222A-8E90-42FE-8DDA-B5A3CB0D5AAB}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"UDP Query User{19C48264-0C5E-44A7-9AA9-B23B82BA3A4A}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | 
"UDP Query User{1B8E7471-F3C7-4DA5-B3E1-EDBDD9040A2D}C:\users\nico\dead island\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\users\nico\dead island\dead island\deadislandgame.exe | 
"UDP Query User{26478135-7428-4527-A2B4-A06715B4F7B6}C:\program files\clonk rage\clonk.exe" = protocol=17 | dir=in | app=c:\program files\clonk rage\clonk.exe | 
"UDP Query User{26EABD16-9C03-4A2D-8B78-AC9D38CF51C9}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe | 
"UDP Query User{2F0D7CC2-5C93-4386-869E-29FCD2FBA932}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{32EC55BA-B6A7-4574-9C8E-71F53A739493}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{4272155A-5AEF-466F-8889-E75A7ABABE9C}C:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{43FE89CB-0F01-4EF0-A9CD-CC63ABFB3735}C:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{5F06238F-C456-4F0D-87F6-DE56A7D39C55}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{612B59E2-1C25-4099-9B21-80921D6581CC}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{679D2BEC-F1E6-41E8-9993-8101A28BDFA7}C:\users\nico\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nico\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{6F11C9F9-EED7-4E7F-B2F2-203AF6104571}\\bobbls\w3\war3.exe" = protocol=17 | dir=in | app=\\bobbls\w3\war3.exe | 
"UDP Query User{7959468C-12B4-4531-A2EE-B41704BF9C74}C:\program files\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\reactor\reactor.exe | 
"UDP Query User{7B070706-2985-4755-9CC2-D4964E693319}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{80F82E56-20F6-49C6-B08C-F7A82AEBD465}C:\users\nico\downloads\championsonlinef2p.exe" = protocol=17 | dir=in | app=c:\users\nico\downloads\championsonlinef2p.exe | 
"UDP Query User{82523CA8-89F2-4D9F-8A76-B7E93DEB5CF1}C:\program files\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"UDP Query User{9184E671-7D5F-45C6-8308-C54D5159BE4C}C:\program files\sony\content manager assistant\cma.exe" = protocol=17 | dir=in | app=c:\program files\sony\content manager assistant\cma.exe | 
"UDP Query User{939F69B6-ABFD-4BD3-90BF-2A3306621FBE}C:\program files\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{9C7B3C65-5571-48F1-BF76-547144613C12}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"UDP Query User{A79BE5C3-9D64-4DF6-84A3-5DE9929EE7D2}C:\program files\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files\guild wars 2\gw2.exe | 
"UDP Query User{B3C2587A-5F67-4E10-9503-5A033F81B7BF}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{B84BB647-FF29-450E-ABA1-30E8192CB87F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{BD8F6402-B89F-44EC-8552-4EE7571AFA60}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe | 
"UDP Query User{BF0BF332-57EB-4237-9E4E-F973C14A0D70}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{C5F9F851-69FC-424C-BAC3-F039E1E9CE84}C:\game\softnyxgame\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\game\softnyxgame\rakionis\bin\rakion.bin | 
"UDP Query User{D26DD27F-16E6-4684-A3F6-B42E4C5A9E84}C:\program files\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files\guild wars 2\gw2.exe | 
"UDP Query User{D4B1859E-187C-4A7E-B59C-56503B0A8DC9}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{EA8DDC3C-C9D2-4246-8FDA-16D00D956B03}C:\program files\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\dead space 2\deadspace2.exe | 
"UDP Query User{EC02B2CA-E5F4-42C4-B850-3F53D059C0B7}C:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"UDP Query User{ED1C469C-DC3B-4727-9E9B-21A655394902}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"UDP Query User{F0A72831-33F9-4F27-AC91-576BB7DE1BDF}C:\program files\sony\content manager assistant\cma.exe" = protocol=17 | dir=in | app=c:\program files\sony\content manager assistant\cma.exe | 
"UDP Query User{F0B6A988-7BF4-43AF-A41C-05C21B34FF29}C:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe | 
"UDP Query User{F20BB780-7843-47FF-AF3A-77CAD9E81890}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{F659A075-2BBF-48DF-95D2-CCB3F792EBF1}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14FE48DA-E172-4CC5-B397-92ECA4B0E088}" = STOnline
"{17493DED-82A7-4E1D-83DA-B69262D43420}" = Ninja Blade
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27B1B784-67A7-452B-A8FF-467E8ADAA8E9}" = Torchlight German Patch
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D49F270-CAF9-4442-A937-3A065FD9A711}" = DayZ Commander
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{46BE6D86-7BEF-4DAB-B3E6-7B932D3872F3}_is1" = Dragonica Version TEST
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5C2B3F57-A149-4BFC-92DB-5AF59A707750}" = MorphVOX Pro
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7FD5ADA3-E061-4D2B-9CF5-3274098BA383}_is1" = Naizui Minecraft Version 1.6
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A2F166A0-F031-4E27-A057-C69733219435}_is1" = RaiderZ
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC VGA Camer@ Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E500DF84-3A0A-4989-93C2-D33B935008C1}" = Inhaltsmanager-Assistent für PlayStation(R)
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EACFCDA4-3286-4DEB-92D8-53006239F347}" = ArmA II Launcher
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED56EF4F-35FF-48D4-B616-A66E791EF1B6}" = Die Siedler 2 - Die nächste Generation
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB0127F3-985B-44CE-AE29-378CAF60B361}" = Need for Speed™ Most Wanted
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4PL-Insight" = 4PL-Insight!
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Anarchy Online_is1" = Anarchy Online
"Anti-Spy.Info" = Anti-Spy.Info 1.8d
"AU11_is1" = Advanced Uninstaller PRO - Version 11
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"CCleaner" = CCleaner
"ClearProg" = ClearProg 1.6.0 Final
"Clonk Rage" = Clonk Rage
"Combat Arms EU" = Combat Arms EU
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"Dragon Nest Europe" = Dragon Nest Europe
"EdenEternal" = EdenEternal
"EdenEternal-DE" = EdenEternal-DE
"ESN Sonar-0.70.4" = ESN Sonar
"Fiesta Online DE" = Fiesta Online DE 1.04.095
"Free Download Manager_is1" = Free Download Manager 3.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.27.821
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"Google Chrome" = Google Chrome
"Grand Fantasia" = Grand Fantasia
"Guild Wars 2" = Guild Wars 2
"Gunz" = ijji - Gunz
"HunterBlade" = HunterBlade 0.050410
"ImTOO Video Converter Ultimate" = ImTOO Video Converter Ultimate
"JAP" = JAP
"Legend of Edda" = Legend of Edda 1.0
"LOCO" = LOCO EVOLUTION
"Luminary - Rise of Goonzu" = Luminary - Rise of Goonzu
"Lunia" = Lunia
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Neffy" = Neffy 1,3,29,0
"NetLimiter 2 Pro" = NetLimiter 2 Pro (remove only)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OGPlanet Game Launcher EU" = OGPlanet Game Launcher EU
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"Origin" = Origin
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"Rakion International_is1" = Rakion International
"RiseOfImmortals" = Rise of Immortals
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 17080" = Tribes: Ascend
"Steam App 200210" = Realm of the Mad God
"Steam App 202170" = Sleeping Dogs™
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 205100" = Dishonored
"Steam App 207430" = Hack, Slash, Loot
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 218230" = PlanetSide 2
"Steam App 33460" = From Dust
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 36630" = Rusty Hearts
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 49520" = Borderlands 2
"Steam App 50620" = Darksiders
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 620" = Portal 2
"Steam App 65800" = Dungeon Defenders
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"Steam App 8980" = Borderlands
"Steam App 91600" = Sanctum
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Void_is1" = The Void
"TmNationsForever_is1" = TmNationsForever
"UltraISO_is1" = UltraISO Premium V9.36
"Uplay" = Uplay
"Vindictus EU" = Vindictus EU
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xvid Video Codec 1.3.1" = Xvid Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
"SRose Online" = SRose Online
"UnityWebPlayer" = Unity Web Player
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 16.03.2013 12:34:42 | Computer Name = Nico-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?03.?2013 um 17:33:42 unerwartet heruntergefahren.
 
Error - 16.03.2013 12:38:18 | Computer Name = Nico-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 16.03.2013 12:38:18 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 16.03.2013 12:38:18 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 16.03.2013 12:38:34 | Computer Name = Nico-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 16.03.2013 12:38:34 | Computer Name = Nico-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 16.03.2013 12:38:34 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 16.03.2013 12:38:34 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 16.03.2013 12:38:34 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 16.03.2013 12:38:34 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         
--- --- ---
Angehängte Dateien
Dateityp: txt combofix.txt (14,5 KB, 189x aufgerufen)

Alt 17.03.2013, 12:12   #8
M-K-D-B
/// TB-Ausbilder
 
CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager - Standard

CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager



Servus,



hört sich schon mal super an!



Ich brauche noch die OTL.txt.... du hast mir nur die Extras.txt gepostet.


Wir müssen uns noch um ein paar Dinge kümmern.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 17.03.2013, 23:03   #9
NicNameless
 
CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager - Standard

CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager



Servus,

oh sry die ist mir leider entflogen.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.03.2013 17:47:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nico\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,72 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 62,97% Memory free
8,72 Gb Paging File | 7,47 Gb Available in Paging File | 85,70% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,41 Gb Total Space | 127,05 Gb Free Space | 13,64% Space Free | Partition Type: NTFS
 
Computer Name: NICO-PC | User Name: Nico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nico\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Sony\Content Manager Assistant\CMAWatcher.exe (Sony Computer Entertainment Inc.)
PRC - C:\Programme\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
PRC - C:\Users\Nico\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Programme\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
PRC - C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\NetLimiter 2 Pro\NLClient.exe (Locktime Software)
PRC - C:\Programme\NetLimiter 2 Pro\nlsvc.exe (Locktime Software)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll ()
MOD - C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll ()
MOD - C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll ()
MOD - C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - C:\Programme\HTC\HTC Sync 3.0\OutputLog.dll ()
MOD - C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (xsherlock) -- C:\Windows\System32\xsherlock.xem (Wellbia.com Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HiPatchService) -- C:\Programme\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nlsvc) -- C:\Programme\NetLimiter 2 Pro\nlsvc.exe (Locktime Software)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xhunter1) -- C:\Windows\xhunter1.sys File not found
DRV - (vtany) -- C:\Windows\vtany.sys File not found
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (mbr) -- C:\Users\Nico\AppData\Local\Temp\mbr.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (CFcatchme) -- C:\Users\Nico\AppData\Local\Temp\CFcatchme.sys File not found
DRV - (catchme) -- C:\Users\Nico\AppData\Local\Temp\catchme.sys File not found
DRV - (1394hub) --  File not found
DRV - (apf003) -- C:\Windows\System32\apf003.sys ()
DRV - (EuMusDesignVirtualAudioCableWdm) -- C:\Windows\System32\drivers\vrtaucbl.sys (Eugene V. Muzychenko)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (apf001) -- C:\Game\SoftnyxGame\RakionIS\Bin\apf001.sys ()
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (Htsysm) -- C:\Windows\System32\HtsysmNT.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nltdi) -- C:\Windows\System32\drivers\nltdi.sys (Locktime Software)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (ReallusionVirtualAudio) -- C:\Windows\System32\drivers\RLVrtAuCbl.sys ()
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{64B5DDF8-1CF2-4514-9A13-F0E40FD98626}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 19 EF 6E 42 A1 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{64B5DDF8-1CF2-4514-9A13-F0E40FD98626}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npnxgame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nico\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 00:49:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 00:49:05 | 000,000,000 | ---D | M]
 
[2010.12.21 20:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Extensions
[2013.03.15 17:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Firefox\Profiles\829fxrx6.default\extensions
[2012.01.21 07:00:38 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Nico\AppData\Roaming\mozilla\Firefox\Profiles\829fxrx6.default\extensions\battlefieldheroespatcher@ea.com
[2012.12.11 23:09:39 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\firefox\profiles\829fxrx6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 14:27:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\firefox\profiles\829fxrx6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.08 00:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 00:49:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 00:49:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010.07.28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2009.10.06 10:40:40 | 000,098,304 | ---- | M] (OGPlanet Inc.) -- C:\Program Files\mozilla firefox\plugins\npOGPPlugin.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.07.23 03:24:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 13:20:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.23 03:24:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.23 03:24:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.23 03:24:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.23 03:24:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - homepage: 
CHR - Extension: No name found = C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbakejaebbinekcklpfohdccfmihbdnc\1\
CHR - Extension: No name found = C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbakejaebbinekcklpfohdccfmihbdnc\1\
 
O1 HOSTS File: ([2013.03.16 17:35:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Nico\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JAP.lnk = C:\Programme\JAP\jap.exe (JAP-Team)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nico\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D02DF646-31A2-4BAF-9CB9-BD8BF7E8A4E1} hxxp://hunterblade.beeboomonline.com/static/activex/joychinawebctrl.dll (JCWebCtrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B37502-93F7-484F-9646-19FBA748CC8D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.16 17:43:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.exe
[2013.03.16 17:35:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.03.16 17:33:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.16 17:33:41 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\temp
[2013.03.16 17:22:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.16 17:19:45 | 005,040,250 | R--- | C] (Swearware) -- C:\Users\Nico\Desktop\ComboFix.exe
[2013.03.15 17:51:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.15 17:51:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.15 17:51:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.15 17:47:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.15 17:47:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.15 17:41:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.15 17:41:27 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.15 14:49:15 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nico\Desktop\JRT.exe
[2013.03.13 21:53:29 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Nico\Desktop\dds.exe
[2013.03.12 15:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2013.03.11 18:41:50 | 000,000,000 | ---D | C] -- C:\e0c6369e915c7c94bc
[2013.03.11 18:37:11 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.11 18:37:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.11 18:37:11 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.11 18:37:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.11 18:37:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.11 18:37:11 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.11 18:37:11 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.11 18:37:11 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.11 18:37:11 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.11 18:37:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.11 18:37:11 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013.03.11 18:37:11 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.11 18:37:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.11 18:37:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013.03.11 18:37:11 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.11 18:37:11 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.11 18:37:11 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.11 18:37:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.11 18:37:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.11 18:37:11 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013.03.11 18:37:11 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.11 18:37:11 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.11 18:37:11 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013.03.11 18:37:11 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.11 18:37:11 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.11 18:37:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.11 18:37:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.11 18:37:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.11 18:37:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.11 18:37:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.11 18:37:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.11 18:37:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.11 18:37:11 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.11 18:37:11 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.11 18:37:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.11 18:37:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.11 18:37:11 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.11 18:20:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.03.11 17:52:30 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2013.03.11 17:52:30 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2013.03.11 17:52:30 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2013.03.11 17:52:30 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2013.03.11 17:52:30 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2013.03.11 17:52:30 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2013.03.11 17:52:30 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013.03.11 17:52:30 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2013.03.11 17:52:30 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2013.03.11 17:52:30 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2013.03.11 17:52:30 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2013.03.11 17:52:30 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2013.03.11 17:52:30 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2013.03.11 17:52:30 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2013.03.11 17:52:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2013.03.11 17:52:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2013.03.11 17:52:30 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2013.03.11 17:52:30 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2013.03.11 17:52:30 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LSCSHostPolicy.dll
[2013.03.11 17:52:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2013.03.11 17:52:30 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2013.03.11 17:52:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2013.03.11 17:52:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2013.03.11 17:52:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2013.03.11 17:52:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2013.03.11 17:52:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2013.03.11 17:52:29 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2013.03.11 17:52:29 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2013.03.11 17:52:29 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2013.03.11 17:52:29 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2013.03.11 17:52:28 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2013.03.11 17:52:28 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2013.03.11 17:52:28 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2013.03.11 17:52:28 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.03.11 17:52:28 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.03.11 17:52:28 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2013.03.11 17:52:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2013.03.11 17:52:28 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2013.03.11 17:52:28 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2013.03.11 17:52:28 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.03.11 17:52:28 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2013.03.11 17:52:27 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2013.03.11 17:52:27 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.03.11 17:52:27 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2013.03.11 17:52:27 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2013.03.11 17:52:27 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2013.03.11 17:52:27 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2013.03.11 17:52:27 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2013.03.11 17:52:27 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013.03.11 17:52:27 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2013.03.11 17:52:27 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2013.03.11 17:52:27 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2013.03.11 17:52:26 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2013.03.11 17:52:26 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.03.11 17:52:26 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2013.03.11 17:52:26 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2013.03.11 17:52:26 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2013.03.11 17:52:26 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2013.03.11 17:52:26 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2013.03.11 17:52:26 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2013.03.11 17:52:26 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2013.03.11 17:52:26 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013.03.11 17:52:26 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2013.03.11 17:52:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2013.03.11 17:52:25 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2013.03.11 17:52:25 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2013.03.11 17:52:25 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2013.03.11 17:52:25 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2013.03.11 17:52:25 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2013.03.11 17:52:25 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2013.03.11 17:52:25 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013.03.11 17:52:25 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2013.03.11 17:52:25 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tssrvlic.dll
[2013.03.11 17:52:25 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2013.03.11 17:52:25 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2013.03.11 17:52:25 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2013.03.11 17:52:25 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2013.03.11 17:52:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2013.03.11 17:52:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2013.03.11 17:52:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.03.11 17:52:24 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.03.11 17:52:24 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2013.03.11 17:52:24 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2013.03.11 17:52:24 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2013.03.11 17:52:24 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2013.03.11 17:52:24 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2013.03.11 17:52:24 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2013.03.11 17:52:24 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2013.03.11 17:52:24 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2013.03.11 17:52:24 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2013.03.11 17:52:24 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2013.03.11 17:52:24 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2013.03.11 17:52:24 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2013.03.11 17:52:24 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2013.03.11 17:52:24 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2013.03.11 17:52:24 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2013.03.11 17:52:24 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2013.03.11 17:52:24 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2013.03.11 17:52:24 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2013.03.11 17:52:24 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2013.03.11 17:52:24 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2013.03.11 17:52:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys
[2013.03.11 17:52:23 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.03.11 17:52:23 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2013.03.11 17:52:23 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2013.03.11 17:52:23 | 000,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013.03.11 17:52:23 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2013.03.11 17:52:23 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2013.03.11 17:52:23 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpshell.exe
[2013.03.11 17:52:23 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2013.03.11 17:52:23 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2013.03.11 17:52:23 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpinit.exe
[2013.03.11 17:52:23 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013.03.11 17:52:23 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2013.03.11 17:52:23 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2013.03.11 17:52:23 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2013.03.11 17:52:23 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2013.03.11 17:52:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2013.03.11 17:52:22 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2013.03.11 17:52:22 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2013.03.11 17:52:22 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2013.03.11 17:52:22 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2013.03.11 17:52:22 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2013.03.11 17:52:22 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2013.03.11 17:52:22 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2013.03.11 17:52:22 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2013.03.11 17:52:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2013.03.11 17:52:22 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2013.03.11 17:52:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2013.03.11 17:52:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2013.03.11 17:52:22 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2013.03.11 17:52:22 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013.03.11 17:52:21 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2013.03.11 17:52:21 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2013.03.11 17:52:21 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2013.03.11 17:52:21 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2013.03.11 17:52:20 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2013.03.11 17:52:20 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2013.03.11 17:52:20 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2013.03.11 17:52:20 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2013.03.11 17:52:20 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2013.03.11 17:52:20 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2013.03.11 17:52:20 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2013.03.11 17:52:20 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2013.03.11 17:52:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2013.03.11 17:52:20 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2013.03.11 17:52:20 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2013.03.11 17:52:20 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2013.03.11 17:52:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2013.03.11 17:52:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2013.03.11 17:52:19 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.03.11 17:52:19 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.03.11 17:52:19 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2013.03.11 17:52:19 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2013.03.11 17:52:19 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2013.03.11 17:52:19 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2013.03.11 17:52:19 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2013.03.11 17:52:19 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2013.03.11 17:52:19 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2013.03.11 17:52:18 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2013.03.11 17:52:18 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2013.03.11 17:52:18 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2013.03.11 17:52:18 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2013.03.11 17:52:18 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2013.03.11 17:52:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2013.03.11 17:52:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2013.03.11 17:52:17 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2013.03.11 17:52:17 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2013.03.11 17:52:17 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2013.03.11 17:52:17 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2013.03.11 17:52:17 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2013.03.11 17:52:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2013.03.11 17:52:17 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2013.03.11 17:52:17 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2013.03.11 17:52:17 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2013.03.11 17:52:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2013.03.11 17:52:16 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2013.03.11 17:52:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2013.03.11 17:52:15 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.03.11 17:52:15 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2013.03.11 17:52:14 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2013.03.11 17:52:14 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.03.11 17:52:14 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2013.03.11 17:52:14 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2013.03.11 17:52:14 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2013.03.11 17:52:14 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2013.03.11 17:52:14 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2013.03.11 17:52:14 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2013.03.11 17:52:14 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2013.03.11 17:52:14 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2013.03.11 17:52:14 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2013.03.11 17:52:14 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.03.11 17:52:14 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2013.03.11 17:52:14 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fvecpl.dll
[2013.03.11 17:52:14 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2013.03.11 17:52:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2013.03.11 17:52:14 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2013.03.11 17:52:14 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2013.03.11 17:52:14 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2013.03.11 17:52:14 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2013.03.11 17:52:14 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2013.03.11 17:52:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2013.03.11 17:52:13 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.03.11 17:52:13 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2013.03.11 17:52:13 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2013.03.11 17:52:13 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2013.03.11 17:52:13 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2013.03.11 17:52:13 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2013.03.11 17:52:13 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2013.03.11 17:52:13 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2013.03.11 17:52:13 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2013.03.11 17:52:13 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2013.03.11 17:52:13 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2013.03.11 17:52:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2013.03.11 17:52:12 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2013.03.11 17:52:12 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2013.03.11 17:52:12 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2013.03.11 17:52:11 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2013.03.11 17:52:11 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2013.03.11 17:52:11 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2013.03.11 17:52:11 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2013.03.11 17:52:11 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2013.03.11 17:52:11 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2013.03.11 17:52:11 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2013.03.11 17:52:11 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2013.03.11 17:52:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2013.03.11 17:52:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2013.03.11 17:52:10 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2013.03.11 17:52:10 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.03.11 17:52:10 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2013.03.11 17:52:10 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.03.11 17:52:10 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2013.03.11 17:52:10 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.03.11 17:52:07 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2013.03.11 17:52:07 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2013.03.11 17:52:07 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013.03.11 17:52:06 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013.03.11 17:52:06 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2013.03.11 17:52:06 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.03.11 17:52:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013.03.11 17:52:05 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2013.03.11 17:52:05 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2013.03.11 17:52:05 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2013.03.11 17:52:05 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2013.03.11 17:52:04 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2013.03.11 17:52:04 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2013.03.11 17:52:04 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2013.03.11 17:52:04 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2013.03.11 17:52:04 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2013.03.11 17:52:03 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2013.03.11 17:52:03 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2013.03.11 17:52:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2013.03.11 17:52:02 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2013.03.11 17:52:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2013.03.11 17:52:01 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2013.03.11 17:52:01 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2013.03.11 17:52:01 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2013.03.11 17:52:01 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013.03.11 17:52:01 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2013.03.11 17:52:01 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2013.03.11 17:52:01 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2013.03.11 17:52:01 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2013.03.11 17:52:01 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2013.03.11 17:52:01 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013.03.11 17:52:01 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2013.03.11 17:52:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2013.03.11 17:52:00 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2013.03.11 17:52:00 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2013.03.11 17:52:00 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2013.03.11 17:52:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe
[2013.03.11 17:52:00 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe
[2013.03.11 17:52:00 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2013.03.11 17:51:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013.03.11 17:51:59 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2013.03.11 17:51:58 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2013.03.11 17:51:58 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2013.03.11 17:51:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2013.03.11 17:51:57 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2013.03.11 17:51:57 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2013.03.11 17:51:57 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2013.03.11 17:51:57 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2013.03.11 17:51:57 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2013.03.11 17:51:57 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2013.03.11 17:51:56 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2013.03.11 17:51:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2013.03.11 17:51:56 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2013.03.11 17:51:56 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2013.03.11 17:51:55 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2013.03.11 17:51:55 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2013.03.11 17:51:55 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2013.03.11 17:51:54 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2013.03.11 17:51:54 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2013.03.11 17:51:53 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2013.03.11 17:51:52 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2013.03.11 17:51:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2013.03.11 17:51:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2013.03.11 17:51:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2013.03.11 17:51:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2013.03.11 17:51:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2013.03.11 17:51:50 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2013.03.11 17:51:50 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2013.03.11 17:51:50 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2013.03.11 17:51:50 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2013.03.11 17:51:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2013.03.11 17:51:49 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2013.03.11 17:51:49 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013.03.11 17:51:49 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2013.03.11 17:51:49 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2013.03.11 17:51:48 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2013.03.11 17:51:48 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2013.03.11 17:51:48 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2013.03.11 17:51:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2013.03.11 17:51:48 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2013.03.11 17:51:48 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2013.03.11 17:51:48 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2013.03.11 17:51:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2013.03.11 17:51:47 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2013.03.11 17:51:47 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013.03.11 17:51:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2013.03.11 17:51:45 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2013.03.11 17:51:43 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2013.03.11 17:51:43 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2013.03.11 17:51:43 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2013.03.11 17:51:43 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2013.03.11 17:51:43 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2013.03.11 17:51:43 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2013.03.11 17:51:43 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2013.03.11 17:51:43 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll
[2013.03.11 17:51:43 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2013.03.11 17:51:43 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.03.11 17:51:43 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2013.03.11 17:51:43 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2013.03.11 17:51:43 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.03.11 17:51:43 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2013.03.11 17:51:43 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.03.11 17:51:43 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2013.03.11 17:51:42 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2013.03.11 17:51:42 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2013.03.11 17:51:42 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2013.03.11 17:51:42 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2013.03.11 17:51:42 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BdeHdCfg.exe
[2013.03.11 17:51:42 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2013.03.11 17:51:42 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2013.03.11 17:51:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2013.03.11 17:51:42 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2013.03.11 17:51:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2013.03.11 17:51:42 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2013.03.11 17:51:33 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2013.03.11 17:51:32 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2013.03.11 17:51:32 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2013.03.11 17:51:28 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2013.03.11 17:51:27 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2013.03.11 17:51:27 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2013.03.11 17:51:24 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2013.03.11 17:51:20 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2013.03.11 17:51:19 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.03.11 17:51:19 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2013.03.11 17:51:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2013.03.11 17:51:18 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2013.03.11 17:51:16 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2013.03.11 17:51:16 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2013.03.11 17:51:16 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2013.03.11 17:51:16 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.03.11 17:51:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013.03.11 17:51:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2013.03.11 17:51:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.03.11 17:51:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013.03.11 17:51:12 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2013.03.11 17:51:12 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2013.03.11 17:51:12 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013.03.11 17:51:12 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2013.03.11 17:51:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2013.03.11 17:51:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2013.03.11 17:51:12 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2013.03.11 17:51:12 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013.03.11 17:51:12 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2013.03.11 17:51:11 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013.03.11 17:51:11 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2013.03.11 17:51:11 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2013.03.11 17:51:11 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2013.03.11 17:51:11 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2013.03.11 17:51:11 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013.03.11 17:51:11 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2013.03.11 17:51:11 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2013.03.11 17:51:11 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2013.03.11 17:51:11 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.03.11 17:51:11 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2013.03.11 17:51:11 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2013.03.11 17:51:11 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013.03.11 17:51:11 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2013.03.11 17:51:11 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys
[2013.03.11 17:51:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2013.03.11 17:51:11 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013.03.11 17:51:10 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2013.03.11 17:51:10 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2013.03.11 17:51:10 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmdCoinstall.dll
[2013.03.11 17:51:10 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2013.03.11 17:51:10 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2013.03.11 17:51:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmstorfltres.dll
[2013.03.11 17:51:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2013.03.11 17:51:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2013.03.11 17:51:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2013.03.11 17:51:09 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2013.03.11 17:51:09 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2013.03.11 17:51:09 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2013.03.11 17:51:09 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2013.03.11 17:51:08 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2013.03.11 17:51:08 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2013.03.11 17:51:08 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2013.03.11 17:51:08 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2013.03.11 17:51:08 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2013.03.11 17:51:08 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2013.03.11 17:51:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2013.03.11 17:50:36 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2013.03.11 17:50:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2013.03.11 17:50:36 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2013.03.11 17:50:36 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2013.03.11 17:50:36 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2013.03.11 17:50:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2013.03.11 17:50:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013.03.11 17:50:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2013.03.11 17:50:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2013.03.11 17:50:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2013.03.11 17:50:35 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2013.03.11 17:50:35 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2013.03.11 17:50:35 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2013.03.11 17:50:35 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013.03.11 17:50:35 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2013.03.11 17:50:35 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2013.03.11 17:50:35 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2013.03.11 17:50:35 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2013.03.11 17:50:35 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013.03.11 17:50:35 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2013.03.11 17:50:35 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2013.03.11 17:50:35 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpsign.exe
[2013.03.11 17:50:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2013.03.11 17:50:35 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2013.03.11 17:50:34 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2013.03.11 17:50:34 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2013.03.11 17:50:34 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2013.03.11 17:50:34 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2013.03.11 17:50:34 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2013.03.11 17:50:34 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2013.03.11 17:50:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2013.03.11 17:50:34 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2013.03.11 17:50:34 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2013.03.11 17:50:33 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2013.03.11 17:50:33 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2013.03.11 17:50:33 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2013.03.11 17:50:33 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2013.03.11 17:50:33 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013.03.11 17:50:33 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2013.03.11 17:50:33 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2013.03.11 17:50:33 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2013.03.11 17:50:33 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2013.03.11 17:50:33 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2013.03.11 17:50:33 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2013.03.11 17:50:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2013.03.11 17:50:33 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2013.03.11 17:50:33 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2013.03.11 17:50:33 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2013.03.11 17:50:33 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2013.03.11 17:50:33 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2013.03.11 17:50:33 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmbusCoinstaller.dll
[2013.03.11 17:50:33 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2013.03.11 17:50:33 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2013.03.11 17:50:33 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2013.03.11 17:50:33 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2013.03.11 17:50:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2013.03.11 17:50:33 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2013.03.11 17:50:33 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicres.dll
[2013.03.11 17:50:33 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmictimeprovider.dll
[2013.03.11 17:50:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbusres.dll
[2013.03.11 17:50:33 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2013.03.11 17:50:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2013.03.11 17:50:33 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2013.03.11 17:50:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys
[2013.03.11 17:50:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbuspipe.dll
[2013.03.11 17:50:33 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2013.03.11 17:50:32 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2013.03.11 17:50:32 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2013.03.11 17:50:32 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2013.03.11 17:50:32 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2013.03.11 17:50:32 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2013.03.11 17:50:32 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2013.03.11 17:50:32 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2013.03.11 17:50:32 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2013.03.11 17:50:32 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2013.03.11 17:50:32 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tspubwmi.dll
[2013.03.11 17:50:32 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2013.03.11 17:50:32 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2013.03.11 17:50:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2013.03.11 17:50:32 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2013.03.11 17:50:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2013.03.11 17:50:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2013.03.11 17:50:31 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2013.03.11 17:50:31 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2013.03.11 17:50:31 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2013.03.11 17:50:31 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2013.03.11 17:50:31 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2013.03.11 17:50:31 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2013.03.11 17:50:31 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2013.03.11 17:50:31 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2013.03.11 17:50:31 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2013.03.11 17:50:31 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2013.03.11 17:50:31 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2013.03.11 17:50:31 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2013.03.11 17:50:31 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2013.03.11 17:50:30 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2013.03.11 17:50:30 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2013.03.11 17:50:30 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2013.03.11 17:50:30 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2013.03.11 17:50:30 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2013.03.11 17:50:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2013.03.11 17:50:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2013.03.11 17:50:29 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2013.03.11 17:50:29 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2013.03.11 17:50:29 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2013.03.11 17:50:29 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2013.03.11 17:50:29 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll
[2013.03.11 17:50:29 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2013.03.11 17:50:29 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2013.03.11 17:50:29 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2013.03.11 17:50:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013.03.11 17:50:29 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2013.03.11 17:50:28 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013.03.11 17:50:28 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2013.03.11 17:50:28 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2013.03.11 17:50:28 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2013.03.11 17:50:28 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2013.03.11 17:50:28 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2013.03.11 17:50:28 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2013.03.11 17:50:28 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013.03.11 17:50:28 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2013.03.11 17:50:28 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2013.03.11 17:50:28 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2013.03.11 17:50:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2013.03.11 17:50:28 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013.03.11 17:50:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2013.03.11 17:50:28 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2013.03.11 17:50:28 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2013.03.11 17:50:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2013.03.11 17:50:28 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2013.03.11 17:50:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2013.03.11 17:50:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2013.03.11 17:50:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2013.03.11 17:50:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2013.03.11 17:50:28 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2013.03.11 17:50:28 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2013.03.11 17:50:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2013.03.11 17:50:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2013.03.11 17:50:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2013.03.11 17:50:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2013.03.11 17:50:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2013.03.11 17:50:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2013.03.11 17:50:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2013.03.11 17:50:27 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2013.03.11 17:50:27 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2013.03.11 17:50:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.03.11 17:50:26 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.03.11 17:50:26 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2013.03.11 17:50:26 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2013.03.11 17:50:26 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2013.03.11 17:50:26 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2013.03.11 17:50:26 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2013.03.11 17:50:26 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2013.03.11 17:50:26 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.03.11 17:50:26 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2013.03.11 17:50:26 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2013.03.11 17:50:26 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2013.03.11 17:50:26 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2013.03.11 17:50:26 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2013.03.11 17:50:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2013.03.11 17:50:26 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2013.03.11 17:50:26 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2013.03.11 17:50:26 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2013.03.11 17:50:25 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2013.03.11 17:50:25 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.03.11 17:50:25 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2013.03.11 17:50:25 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.03.11 17:50:25 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2013.03.11 17:50:25 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2013.03.11 17:50:25 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2013.03.11 17:50:25 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.03.11 17:50:25 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2013.03.11 17:50:25 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2013.03.11 17:50:25 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2013.03.11 17:50:25 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2013.03.11 17:50:25 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2013.03.11 17:50:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2013.03.11 17:50:25 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2013.03.11 17:48:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013.03.08 11:58:37 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013.03.08 11:58:37 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013.03.08 11:58:03 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013.03.08 11:58:03 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013.03.08 00:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.08 00:40:16 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Malwarebytes
[2013.03.08 00:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.07 08:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.07 08:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.03.07 08:07:21 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\Programs
[2013.03.07 07:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.03.07 04:58:20 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\InstallShield
[2013.02.18 00:27:16 | 000,000,000 | ---D | C] -- C:\Users\Nico\Desktop\adobe after effects
[2013.02.17 21:35:35 | 000,000,000 | ---D | C] -- C:\Users\Nico\Desktop\YT Videos
[2013.02.15 16:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2013.02.15 16:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.02.15 16:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\TERA
[2013.01.19 08:44:40 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files\Common Files\atimpenc.dll
[2012.08.12 03:19:54 | 022,716,480 | ---- | C] (ArenaNet) -- C:\Users\Nico\Gw2Setup.exe
[2012.07.27 10:24:33 | 050,449,456 | ---- | C] (Microsoft Corporation) -- C:\Users\Nico\dotNetFx40_Full_x86_x64.exe
[2012.02.01 15:20:05 | 2256,428,536 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nico\edeneternal_de_installer_20120130.exe
[2012.01.03 02:14:28 | 528,345,360 | ---- | C] (Nadeo                                                       ) -- C:\Users\Nico\TmNationsForever_Setup.exe
[2011.01.03 23:02:43 | 020,240,744 | ---- | C] (The GIMP Team                                               ) -- C:\Users\Nico\gimp-2.6.11-i686-setup.exe
[2009.07.07 19:14:20 | 011,007,256 | ---- | C] (CAPCOM CO., LTD.) -- C:\Users\Nico\Launcher.exe
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.16 17:43:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.exe
[2013.03.16 17:42:34 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.16 17:42:34 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.16 17:39:02 | 000,706,600 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.16 17:39:02 | 000,660,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.16 17:39:02 | 000,152,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.16 17:39:02 | 000,124,408 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.16 17:35:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.16 17:35:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.16 17:35:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.16 17:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.16 17:34:40 | 2188,828,672 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.16 17:19:43 | 005,040,250 | R--- | M] (Swearware) -- C:\Users\Nico\Desktop\ComboFix.exe
[2013.03.15 20:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.15 14:49:19 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Nico\Desktop\JRT.exe
[2013.03.15 14:48:54 | 000,597,667 | ---- | M] () -- C:\Users\Nico\Desktop\adwcleaner.exe
[2013.03.13 21:59:42 | 000,377,856 | ---- | M] () -- C:\Users\Nico\Desktop\3lp6yz6x.exe
[2013.03.13 21:59:05 | 000,000,020 | ---- | M] () -- C:\Users\Nico\defogger_reenable
[2013.03.13 21:58:18 | 000,050,477 | ---- | M] () -- C:\Users\Nico\Desktop\Defogger.exe
[2013.03.13 21:53:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Nico\Desktop\dds.exe
[2013.03.13 20:53:10 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 20:53:10 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.12 16:32:22 | 000,007,592 | ---- | M] () -- C:\Users\Nico\AppData\Local\Resmon.ResmonCfg
[2013.03.11 18:37:11 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.11 18:37:11 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.11 18:37:11 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.11 18:37:11 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.11 18:37:11 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.11 18:37:11 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.11 18:37:11 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.11 18:37:11 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.11 18:37:11 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.11 18:37:11 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.11 18:37:11 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013.03.11 18:37:11 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.11 18:37:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.11 18:37:11 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013.03.11 18:37:11 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.11 18:37:11 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.11 18:37:11 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.11 18:37:11 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.11 18:37:11 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.11 18:37:11 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013.03.11 18:37:11 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.11 18:37:11 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.11 18:37:11 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013.03.11 18:37:11 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.11 18:37:11 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.11 18:37:11 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.11 18:37:11 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.11 18:37:11 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.11 18:37:11 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.11 18:37:11 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.11 18:37:11 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.11 18:37:11 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.11 18:37:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.11 18:37:11 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.11 18:37:11 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.11 18:37:11 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.11 18:37:11 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.11 18:37:11 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.11 18:25:00 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.11 18:17:45 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2013.03.08 21:33:32 | 000,648,271 | ---- | M] () -- C:\Users\Nico\Desktop\IMAG0317.jpg
[2013.03.04 00:20:34 | 000,323,638 | ---- | M] () -- C:\Users\Nico\IMAG0313.jpg
[2013.03.04 00:20:20 | 000,463,813 | ---- | M] () -- C:\Users\Nico\IMAG0314.jpg
[2013.03.04 00:20:03 | 000,173,056 | -H-- | M] () -- C:\Users\Nico\Desktop\photothumb.db
[2013.03.03 23:01:27 | 000,069,144 | ---- | M] () -- C:\Users\Nico\Desktop\nico123.png
[2013.03.03 23:00:29 | 000,293,001 | ---- | M] () -- C:\Users\Nico\Desktop\knolle1234.png
[2013.02.21 00:41:33 | 000,015,000 | ---- | M] () -- C:\Users\Nico\Desktop\knolle.png
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.15 17:51:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.15 17:51:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.15 17:51:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.15 17:51:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.15 17:51:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.15 14:48:53 | 000,597,667 | ---- | C] () -- C:\Users\Nico\Desktop\adwcleaner.exe
[2013.03.13 21:59:41 | 000,377,856 | ---- | C] () -- C:\Users\Nico\Desktop\3lp6yz6x.exe
[2013.03.13 21:58:52 | 000,000,020 | ---- | C] () -- C:\Users\Nico\defogger_reenable
[2013.03.13 21:58:17 | 000,050,477 | ---- | C] () -- C:\Users\Nico\Desktop\Defogger.exe
[2013.03.11 18:37:11 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.11 17:52:22 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013.03.11 17:52:12 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2013.03.11 17:52:02 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013.03.11 17:50:35 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2013.03.11 17:50:35 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2013.03.08 20:36:17 | 000,648,271 | ---- | C] () -- C:\Users\Nico\Desktop\IMAG0317.jpg
[2013.03.03 23:59:26 | 000,323,638 | ---- | C] () -- C:\Users\Nico\IMAG0313.jpg
[2013.03.03 23:59:23 | 000,463,813 | ---- | C] () -- C:\Users\Nico\IMAG0314.jpg
[2013.03.03 23:01:15 | 000,069,144 | ---- | C] () -- C:\Users\Nico\Desktop\nico123.png
[2013.03.03 22:59:30 | 000,293,001 | ---- | C] () -- C:\Users\Nico\Desktop\knolle1234.png
[2013.02.21 00:21:01 | 000,015,000 | ---- | C] () -- C:\Users\Nico\Desktop\knolle.png
[2013.02.07 14:43:36 | 001,253,501 | ---- | C] () -- C:\Users\Nico\IMAG0307.jpg
[2013.01.24 09:46:49 | 000,185,197 | ---- | C] () -- C:\Users\Nico\IMAG0294.jpg
[2013.01.24 09:46:41 | 000,436,005 | ---- | C] () -- C:\Users\Nico\IMAG0295.jpg
[2013.01.24 09:46:22 | 000,418,495 | ---- | C] () -- C:\Users\Nico\IMAG0297.jpg
[2012.12.29 00:33:55 | 000,242,041 | ---- | C] () -- C:\Users\Nico\IMAG0273.jpg
[2012.11.15 12:18:56 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys
[2012.11.15 12:17:57 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2012.11.06 22:13:13 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.11.06 22:13:13 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.10.17 01:26:52 | 000,075,367 | ---- | C] () -- C:\Users\Nico\xDD.jpg
[2012.10.07 00:19:10 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys
[2012.10.07 00:19:10 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys
[2012.09.24 16:44:20 | 000,243,875 | ---- | C] () -- C:\Users\Nico\gw128.jpg
[2012.09.07 23:27:26 | 000,405,225 | ---- | C] () -- C:\Users\Nico\gw121.jpg
[2012.08.30 18:54:26 | 000,512,794 | ---- | C] () -- C:\Users\Nico\gw115.jpg
[2012.08.30 18:54:09 | 000,514,613 | ---- | C] () -- C:\Users\Nico\gw114.jpg
[2012.08.24 01:55:48 | 646,843,601 | ---- | C] () -- C:\Users\Nico\DayZ Lingor pack.zip
[2012.08.23 11:01:29 | 000,001,356 | ---- | C] () -- C:\Users\Nico\Free YouTube to MP3 Converter.lnk
[2012.07.29 14:40:45 | 002,482,130 | ---- | C] () -- C:\Users\Nico\Wood_R4i-Gold_pro_V1.50German.rar
[2012.07.29 14:40:38 | 000,783,551 | ---- | C] () -- C:\Users\Nico\3DS_v4.3.0-10_and_DSI_V1.44_Upgrade_Firmware.rar
[2012.07.27 10:25:39 | 007,054,336 | ---- | C] () -- C:\Users\Nico\xnafx40_redist.msi
[2012.07.15 17:10:18 | 000,100,352 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2012.07.15 17:10:17 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2012.07.15 17:10:16 | 001,179,595 | ---- | C] () -- C:\Windows\unins000.exe
[2012.07.15 17:10:16 | 000,010,818 | ---- | C] () -- C:\Windows\unins000.dat
[2012.07.15 07:05:08 | 003,932,214 | ---- | C] () -- C:\Users\Nico\eine stunde xD.bmp
[2012.07.13 23:53:12 | 000,007,592 | ---- | C] () -- C:\Users\Nico\AppData\Local\Resmon.ResmonCfg
[2012.06.29 17:47:42 | 000,013,782 | ---- | C] () -- C:\Users\Nico\dino.jpg
[2012.06.20 22:39:52 | 000,101,919 | ---- | C] () -- C:\Users\Nico\temi XD.jpg
[2012.06.19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.06.07 22:32:52 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012.05.28 22:54:59 | 000,016,316 | ---- | C] () -- C:\Users\Nico\swag.jpg
[2012.05.28 22:44:28 | 000,027,228 | ---- | C] () -- C:\Users\Nico\Weißglut.jpg
[2012.05.28 22:34:28 | 000,030,357 | ---- | C] () -- C:\Users\Nico\patrick.jpg
[2012.05.11 17:04:57 | 000,033,734 | ---- | C] () -- C:\Users\Nico\mathe.jpg
[2012.05.10 09:28:31 | 000,104,364 | ---- | C] () -- C:\Users\Nico\AppData\Roaming\icarus-dxdiag.xml
[2012.04.28 13:41:42 | 000,225,609 | ---- | C] () -- C:\Users\Nico\bunny.jpg
[2012.04.22 19:54:08 | 000,738,995 | ---- | C] () -- C:\Users\Nico\katze.jpg
[2012.04.21 16:25:10 | 000,308,972 | ---- | C] () -- C:\Users\Nico\IMAG0174.jpg
[2012.04.17 16:29:39 | 000,312,376 | ---- | C] () -- C:\Users\Nico\Netsky-DJ-Dubstep-Drum-and-Bass-UK.jpg
[2012.04.16 00:06:28 | 000,041,240 | ---- | C] () -- C:\Users\Nico\dubstep.jpg
[2012.04.11 17:41:30 | 000,356,609 | ---- | C] () -- C:\Users\Nico\minecraft.jpg
[2012.03.29 17:25:02 | 000,042,936 | ---- | C] () -- C:\Users\Nico\676_preview.jpg
[2012.03.26 16:40:25 | 065,636,301 | ---- | C] () -- C:\Users\Nico\The Best Drum n Bass 2011.mp3
[2012.03.26 16:18:47 | 032,074,644 | ---- | C] () -- C:\Users\Nico\Best of Liquid Dubstep July 2011.mp3
[2012.03.26 16:08:27 | 041,438,370 | ---- | C] () -- C:\Users\Nico\Dirty Dubstep June 2011.mp3
[2012.03.26 15:54:01 | 000,316,272 | ---- | C] () -- C:\Users\Nico\chick.jpg
[2012.03.25 20:04:00 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.03.25 03:00:39 | 000,024,438 | ---- | C] () -- C:\Users\Nico\smile.jpg
[2012.03.17 14:51:00 | 000,043,937 | ---- | C] () -- C:\Users\Nico\IMG_5371.JPG
[2012.03.16 17:19:49 | 000,076,130 | ---- | C] () -- C:\Users\Nico\420795_254840311262031_155561081189955_599792_729817616_n.jpg
[2012.03.16 17:16:05 | 000,030,068 | ---- | C] () -- C:\Users\Nico\395296_258413667571362_155561081189955_609119_1428221489_n.jpg
[2012.03.16 17:15:29 | 000,019,250 | ---- | C] () -- C:\Users\Nico\420190_259619270784135_155561081189955_612860_1276292296_n.jpg
[2012.03.11 20:24:42 | 1799,350,784 | ---- | C] () -- C:\Windows\System32\MAESTIA_SETUP-1.bin
[2012.03.11 20:23:59 | 1257,667,440 | ---- | C] () -- C:\Windows\System32\MAESTIA_SETUP-2.bin
[2012.03.08 08:39:28 | 000,315,382 | ---- | C] () -- C:\Users\Nico\IMAG0132.jpg
[2012.03.04 01:01:40 | 024,026,817 | ---- | C] () -- C:\Users\Nico\UKF Dubstep 2012 (Best Mix And Best Audio Ever!!!!!).mp3
[2012.02.28 00:25:29 | 000,152,963 | ---- | C] () -- C:\Users\Nico\ffadvent-3.jpg
[2012.02.28 00:23:52 | 000,037,243 | ---- | C] () -- C:\Users\Nico\Cloud_Strife.jpg
[2012.02.26 18:17:42 | 001,426,595 | ---- | C] () -- C:\Users\Nico\snapshot_20120226_011742.jpg
[2012.02.22 01:47:28 | 000,113,500 | ---- | C] () -- C:\Users\Nico\028-nicnameless.png
[2012.02.11 02:33:59 | 002,077,849 | ---- | C] () -- C:\Users\Nico\alex enrage xD.wmv
[2012.01.03 21:33:26 | 000,054,687 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.11.06 15:17:18 | 000,317,289 | ---- | C] () -- C:\Users\Nico\Foto0122.jpg
[2011.11.06 15:13:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.11.06 15:10:16 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.28 13:11:00 | 000,002,304 | ---- | C] () -- C:\Windows\System32\HtsysmNT.sys
[2011.08.07 13:19:23 | 000,038,926 | ---- | C] () -- C:\Users\Nico\bla.jpg
[2011.06.13 05:58:14 | 000,249,391 | ---- | C] () -- C:\Users\Nico\2654399.gif
[2011.06.13 05:56:50 | 000,162,217 | ---- | C] () -- C:\Users\Nico\29524.png
[2011.06.13 05:56:32 | 000,057,691 | ---- | C] () -- C:\Users\Nico\1518134.jpg
[2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011.04.23 21:34:56 | 000,012,920 | ---- | C] () -- C:\Windows\System32\apl001.sys
[2011.04.23 21:34:56 | 000,010,872 | ---- | C] () -- C:\Windows\System32\apf001.sys
[2011.04.19 14:49:39 | 000,016,897 | ---- | C] () -- C:\Users\Nico\133544752_full,r,470x470.jpg
[2011.03.28 21:50:00 | 000,275,698 | ---- | C] () -- C:\Users\Nico\Bartender4-4.4.17.zip
[2011.03.28 21:12:04 | 000,072,527 | ---- | C] () -- C:\Users\Nico\Postal-v3.4.5.zip
[2011.03.26 14:08:57 | 000,061,696 | ---- | C] () -- C:\Users\Nico\DSC01939.JPG
[2011.03.26 14:08:47 | 000,038,726 | ---- | C] () -- C:\Users\Nico\DSC01941.JPG
[2011.03.26 14:08:35 | 000,036,331 | ---- | C] () -- C:\Users\Nico\DSC01943.JPG
[2011.03.25 01:23:20 | 002,032,716 | ---- | C] () -- C:\Users\Nico\AtlasLoot-v6.03.00-beta.zip
[2011.03.25 01:23:07 | 000,011,019 | ---- | C] () -- C:\Users\Nico\DBM-SpellTimers-v4-r70.zip
[2011.03.25 01:22:48 | 000,666,666 | ---- | C] () -- C:\Users\Nico\TitanPanel-5.0.2.40000.zip
[2011.03.23 21:13:51 | 001,807,396 | ---- | C] () -- C:\Users\Nico\HealBot_4.0.6.2.zip
[2011.03.22 20:00:55 | 000,040,764 | ---- | C] () -- C:\Users\Nico\DSC01924.JPG
[2011.03.18 23:10:11 | 000,014,528 | ---- | C] () -- C:\Users\Nico\kündigung.odt
[2011.02.13 18:45:56 | 000,027,761 | ---- | C] () -- C:\Users\Nico\DSC01788.JPG
[2011.02.01 00:05:21 | 002,169,681 | ---- | C] () -- C:\Users\Nico\mimi.png
[2011.01.05 17:46:50 | 000,949,448 | ---- | C] () -- C:\Users\Nico\WitchReturnsV4.zip
[2011.01.03 23:02:46 | 003,227,531 | ---- | C] () -- C:\Users\Nico\GIMP_Wings_Brushes_by_Project_GimpBC.zip
[2010.12.30 16:31:31 | 000,210,964 | ---- | C] () -- C:\Users\Nico\20101230_010650.jpg
[2010.12.28 16:10:51 | 000,000,092 | ---- | C] () -- C:\Users\Nico\AppData\Local\fusioncache.dat
[2010.12.28 16:02:12 | 000,138,056 | ---- | C] () -- C:\Users\Nico\AppData\Roaming\PnkBstrK.sys
[2010.12.25 12:50:05 | 000,932,975 | ---- | C] () -- C:\Users\Nico\FREAKVISIONv3_no_smoke.zip
[2010.12.25 12:49:37 | 001,066,007 | ---- | C] () -- C:\Users\Nico\oshbpcss.rar
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 04:21:20 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---



[/TABLE]

Alt 18.03.2013, 14:58   #10
M-K-D-B
/// TB-Ausbilder
 
CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager - Standard

CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager



Servus,



wir entfernen noch die letzten Reste und kontrollieren nochmal alles:






Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nico\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

:files
C:\Program Files\Common Files\DVDVideoSoft\TB


:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Nico^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.4302649698936123.exe.lnk]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Nico^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^update.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MagniPic_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MagniPic_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_magnipic_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_magnipic_RASMANCS]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1802032706-789238412-2008693170-1000\Software\SweetIM]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IminentSetup_1_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IminentSetup_1_RASMANCS]

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Geändert von M-K-D-B (18.03.2013 um 15:15 Uhr)

Alt 21.03.2013, 16:55   #11
M-K-D-B
/// TB-Ausbilder
 
CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager - Standard

CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager
abgesicherten, ahnung, anti-malware, auslastung, cpu, cpu auslastung, cpu auslastung 100%, dateien, erstellt, gelöscht, guten, lösung, modus, namens, nicht mehr, problem, probleme, programme, prozess, schließen, sekunden, service, sinkt, svchost.exe, svchost.exe (netsvcs), task-manager, zusammen



Ähnliche Themen: CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager


  1. 100% Speicherbelastung+100% CPU Auslastung durch svchost.exe (netsvcs) Prozess
    Plagegeister aller Art und deren Bekämpfung - 17.11.2015 (25)
  2. Windows 7: svchost netsvcs verursacht hohe CPU auslastung
    Log-Analyse und Auswertung - 10.09.2015 (21)
  3. svchost.exe (netsvcs) verursacht hohe CPU-Auslastung (windows 7)
    Plagegeister aller Art und deren Bekämpfung - 02.09.2015 (21)
  4. CPU-Auslastung + physikalischer Speicher extrem hoch durch svchost (netsvcs)
    Log-Analyse und Auswertung - 19.03.2015 (3)
  5. compatibilitycheck.exe internet sehr langsam kann prozess im task manager nicht beenden
    Log-Analyse und Auswertung - 17.03.2015 (7)
  6. Hohe Cpu Auslastung + Seltsame Prozesse im Windows Task Manager was tun ?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (3)
  7. Russicher Prozess im Task Manager+Malware zeigt 3 Infizierungen
    Plagegeister aller Art und deren Bekämpfung - 18.02.2013 (5)
  8. Firefox lädt keine Seiten mehr bzw. muss den Prozess mit dem Task-Manager beenden
    Plagegeister aller Art und deren Bekämpfung - 08.01.2012 (9)
  9. iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher
    Plagegeister aller Art und deren Bekämpfung - 23.02.2011 (20)
  10. svchost.bat läuft im task-manager auf 100% auslastung pls help :-(
    Plagegeister aller Art und deren Bekämpfung - 20.11.2010 (12)
  11. Task-Manager - viele Prozesse mit SVCHOST
    Log-Analyse und Auswertung - 05.07.2010 (2)
  12. Task Manager: Prozess SYSTEM
    Plagegeister aller Art und deren Bekämpfung - 24.12.2009 (5)
  13. Problem mit einen Task Manager Prozess. War vorhher nie da, habe nichts neu installie
    Alles rund um Windows - 02.02.2009 (7)
  14. Task manager auf 100% (8 mal svchost.exe Prozesse laufen im Taskmanager)
    Log-Analyse und Auswertung - 01.02.2009 (0)
  15. 3 x AVP im Task Manager, CPU bei 97% Auslastung
    Plagegeister aller Art und deren Bekämpfung - 26.06.2008 (0)
  16. svchost.exe -k netsvcs braucht 100% CPU Auslastung
    Plagegeister aller Art und deren Bekämpfung - 03.04.2008 (19)
  17. 3 x svchost.exe im Task-Manager ?
    Plagegeister aller Art und deren Bekämpfung - 01.01.2007 (1)

Zum Thema CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager - Guten Tag zusammen TB. Folgendes Problem: Ich starte meinen PC (W7 SP1) im normal Modus, lasse ihn hochfahren und nach 15-20 sekunden steigt der oben genannte Prozess auf einen CPU-Wert - CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager...
Archiv
Du betrachtest: CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.