GVU-Trojaner auf Windows Vista

loren-darith · 27.03.2013, 12:46

Guten Tag liebes Trojaner-Board-Team,

Ich habe mir gestern einen GVU-Trojaner eingefangen, der meinen Computer gegen Geldzahlung entsperren möchte. Mittels meiner Recovery-CD habe ich eine Systemwiederherstellung gemacht, sodass ich zumindest wieder Zugriff auf meinen Rechner habe.
Allerdings ist der nun ja noch nicht sauber, oder? Und das würde ich gerne ändern und da ich totaler Laie auf dem Gebiet bin, wollte ich euch um eure Hilfe bitte.

Ich habe bereits defogger benutzt und einen Qick-Scan mit OTL durchgeführt, hier sind die Ergebnisse (zuerst die OTL.txt-Datei, dann die Extra.txt):

Code:

ATTFilter

OTL logfile created on: 27.03.2013 12:29:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kosta\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,27% Memory free
6,19 Gb Paging File | 4,64 Gb Available in Paging File | 74,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 169,00 Gb Total Space | 31,47 Gb Free Space | 18,62% Space Free | Partition Type: NTFS
Drive E: | 120,59 Gb Total Space | 75,23 Gb Free Space | 62,39% Space Free | Partition Type: NTFS
 
Computer Name: KOSTAS_NOTEBOOK | User Name: Kosta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.27 08:56:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kosta\Downloads\OTL.exe
PRC - [2013.03.07 15:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kosta\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.18 10:17:40 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Kosta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012.07.24 08:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011.08.29 13:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011.08.23 12:58:01 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011.07.02 16:17:40 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 17:04:55 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.13 18:25:35 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2011.04.13 18:25:35 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
PRC - [2011.03.23 07:25:38 | 000,304,432 | ---- | M] (BIT LEADER) -- C:\Program Files\lg_swupdate\GiljabiStart.exe
PRC - [2011.03.15 14:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.09 13:17:26 | 002,867,200 | ---- | M] (LG Electronics) -- C:\Program Files\LG Software\LG OSD\HotKey.exe
PRC - [2008.05.19 17:25:56 | 000,144,688 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
PRC - [2008.05.19 17:24:54 | 000,263,472 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\LG Magnifier\Maglev.exe
PRC - [2008.04.17 03:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.18 04:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.09.07 16:55:00 | 001,175,552 | ---- | M] () -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.07 15:29:21 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.03.01 12:04:16 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dae1b2e49e240e879a6523025cc306fb\Microsoft.VisualBasic.ni.dll
MOD - [2013.03.01 11:58:30 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013.01.11 18:21:22 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013.01.11 18:19:52 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\654d96c2d1f84d0cd60667ecc10ec918\CustomMarshalers.ni.dll
MOD - [2013.01.11 03:27:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013.01.11 03:27:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013.01.11 03:27:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\12915bd8afbaac3b0308f7ab6a3e57e1\System.Xml.ni.dll
MOD - [2013.01.11 03:26:53 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.11 03:25:55 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.11 03:25:43 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.08.23 12:58:01 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011.08.07 13:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\detour32.dll
MOD - [2011.02.06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.03.29 21:42:14 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
MOD - [2009.03.29 21:42:14 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.03.29 21:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.29 21:42:12 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009.03.29 21:42:12 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
MOD - [2007.09.07 16:55:00 | 001,175,552 | ---- | M] () -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe
MOD - [2007.07.03 13:55:00 | 000,110,592 | ---- | M] () -- C:\Program Files\WiFiConnector\WIFICON.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.13 19:13:46 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.07 15:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.07 13:54:40 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.29 13:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.07.02 16:17:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 17:04:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.13 18:25:35 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011.03.15 21:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.15 14:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2008.03.18 04:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.03.15 19:12:57 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.08.05 15:58:24 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012.08.05 15:58:23 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012.01.04 15:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2011.08.29 13:35:40 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.07.02 16:17:41 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.02 16:17:41 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.06.09 14:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.06.09 14:23:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.05.02 05:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.04.27 22:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.03.21 04:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.07.03 14:05:00 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.roadburn.com/roadburn-2012/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.1.2077975\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.16 19:48:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.03.22 10:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kosta\AppData\Roaming\mozilla\Extensions
[2013.03.06 08:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kosta\AppData\Roaming\mozilla\Firefox\Profiles\rqnhnhed.default\extensions
[2013.03.06 08:23:30 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Kosta\AppData\Roaming\mozilla\Firefox\Profiles\rqnhnhed.default\extensions\ich@maltegoetz.de
[2011.03.22 21:08:27 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Kosta\AppData\Roaming\mozilla\firefox\profiles\rqnhnhed.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.02.27 14:43:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Kosta\AppData\Roaming\mozilla\firefox\profiles\rqnhnhed.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.16 19:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IME14 CHS Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log File not found
O4 - HKLM..\Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log File not found
O4 - HKLM..\Run: [IME14 JPN Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log File not found
O4 - HKLM..\Run: [IME14 KOR Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log File not found
O4 - HKLM..\Run: [KeybdUtility] C:\Program Files\LG Software\LG OSD\HotKey.exe (LG Electronics)
O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER)
O4 - HKLM..\Run: [LG Magnifier] C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe (LG Electronics Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Prime95] C:\Users\Kosta\Desktop\GIMPS\prime95.exe File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Kosta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Kosta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kosta\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kosta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A03BCA-A372-4205-A92D-08EA671F683B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81C6110E-552A-4E80-91E3-60226A6A513E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kosta\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Kosta\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{27a3b932-8d5d-11e2-9648-00238b37c7f2}\Shell - "" = AutoRun
O33 - MountPoints2\{27a3b932-8d5d-11e2-9648-00238b37c7f2}\Shell\AutoRun\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.27 12:19:52 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{77CBCAB2-92C6-410C-80EE-BF4BEC546A34}
[2013.03.26 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{410A5BE0-6D79-4B73-98B1-B6B2E524CD76}
[2013.03.25 21:59:13 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{49399A97-CFEC-4EA0-AAEF-E372B6FADB97}
[2013.03.25 09:14:00 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{A4440882-792A-484F-96C8-9E3A8AC4676F}
[2013.03.24 09:13:43 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{330D9811-5BBA-4DDD-ACB5-BE0138D83158}
[2013.03.23 10:41:57 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{26302807-4DD5-40CB-8F63-A8610D870AAE}
[2013.03.22 09:00:32 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{1AEAAD32-EEF7-4CE1-9E3B-72590704F9E2}
[2013.03.21 19:36:06 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{15FB9470-6D20-4116-873C-EE0A4D8234B0}
[2013.03.21 18:39:39 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strategy First
[2013.03.21 18:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Strategy First
[2013.03.21 18:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strategy First
[2013.03.21 07:35:49 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{F991806B-35D7-4E5E-B682-35E19948482E}
[2013.03.20 15:38:40 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{94D84861-22DB-429D-9305-62E98694A753}
[2013.03.19 22:28:35 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{C4816DCB-597A-4053-B70B-870E61D8C9BA}
[2013.03.19 09:49:50 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{06B06E92-9B1C-4F3E-8ADB-AA46AA88E872}
[2013.03.18 19:56:09 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{4FC88016-3446-4F17-B563-545F66B72388}
[2013.03.17 09:34:41 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{2CFFD491-2C11-4E17-B5A4-E7B51903C4A5}
[2013.03.16 19:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.03.16 19:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.03.16 09:45:00 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{EEC0A21A-EFFE-4058-B5EA-341B4B4F85F2}
[2013.03.15 19:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.03.15 19:12:57 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.03.15 19:12:51 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Roaming\DAEMON Tools Lite
[2013.03.15 19:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013.03.15 19:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.03.15 18:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2013.03.15 12:25:45 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{0700CE43-A205-407B-A9BE-BC16E8E65A24}
[2013.03.14 17:26:03 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{C3E80EF9-A73C-418E-A304-C0CEEEA8EFEB}
[2013.03.13 16:17:07 | 000,000,000 | ---D | C] -- C:\Users\Kosta\Desktop\13.03.13
[2013.03.13 12:20:17 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{22A76D47-4517-4E51-8723-5641735B043B}
[2013.03.12 16:54:23 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{A0932F12-14DF-46A9-928B-BA308BC5EA7D}
[2013.03.11 09:58:06 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{43E061D9-632F-4DF8-BB3A-76C7ECCB0BBD}
[2013.03.10 11:41:36 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{606A254A-146D-4D83-8B6E-48E01A800B2B}
[2013.03.09 23:41:21 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{E3D7E7C1-483D-4BD5-BF9E-F8109E032512}
[2013.03.09 11:41:19 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{FF19ADA3-6424-477C-909C-4A2E29750F5F}
[2013.03.08 18:21:05 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{0D4B2CB6-2A02-4958-AD6A-DDC431E198C2}
[2013.03.07 15:01:59 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{4B31CB94-AC5F-429C-89CD-B112FC00A64C}
[2013.03.06 08:25:00 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{7AE18E15-6DD2-4E25-940A-E732E6518052}
[2013.03.05 10:44:10 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{6E451CDF-0011-4B2E-BA64-B51C18F27364}
[2013.03.04 12:25:08 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{35AF54AF-3D3A-414B-8672-CB3BF0A04CF2}
[2013.03.03 12:15:39 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{A43DE23C-A025-4957-AD63-DEF31A64C280}
[2013.03.02 10:29:15 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{012E20B8-4226-4B30-AC78-4B7006529B32}
[2013.03.01 12:07:44 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{79EBCF51-EB99-49FE-9779-544DA3D268B4}
[2013.03.01 00:02:14 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{DD6E928B-C471-4262-BB3F-1C97CD5162B0}
[2013.02.28 18:57:09 | 000,000,000 | ---D | C] -- C:\Users\Kosta\Desktop\NY Eindrücke
[2013.02.28 12:02:00 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{4D937CB3-1696-44F3-BE0B-81B39D3CF7D0}
[2013.02.27 16:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.27 16:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.27 16:03:39 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.02.27 14:39:28 | 000,000,000 | ---D | C] -- C:\Users\Kosta\AppData\Local\{0EFBEE9A-ACA6-4A8D-A91B-EA4835B644F0}
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.27 12:15:08 | 000,132,515 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.03.27 12:14:26 | 000,132,515 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.03.27 12:14:19 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.27 12:14:19 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.27 12:14:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.27 12:13:56 | 3218,288,640 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.27 11:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.27 09:27:29 | 381,783,540 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.27 09:10:58 | 000,000,156 | ---- | M] () -- C:\Users\Kosta\defogger_reenable
[2013.03.27 09:01:28 | 000,382,898 | ---- | M] () -- C:\Users\Kosta\Desktop\troj2.jpg
[2013.03.27 09:01:17 | 000,362,508 | ---- | M] () -- C:\Users\Kosta\Desktop\troj1.jpg
[2013.03.27 01:21:46 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2013.03.27 01:21:46 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2013.03.27 01:21:12 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.26 20:43:19 | 000,366,190 | ---- | M] () -- C:\Users\Kosta\Desktop\Red-Pandas-Hugging-Large-1337203047.jpg
[2013.03.23 21:16:29 | 000,101,888 | ---- | M] () -- C:\Users\Kosta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.23 21:15:34 | 000,728,530 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.23 21:15:34 | 000,678,958 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.23 21:15:34 | 000,168,342 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.23 21:15:34 | 000,136,518 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.15 19:12:57 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.03.03 13:20:32 | 000,023,954 | ---- | M] () -- C:\Users\Kosta\untitled0_MAS.bak
[2013.03.01 11:54:09 | 000,339,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.27 09:10:52 | 000,000,156 | ---- | C] () -- C:\Users\Kosta\defogger_reenable
[2013.03.27 09:01:28 | 000,382,898 | ---- | C] () -- C:\Users\Kosta\Desktop\troj2.jpg
[2013.03.27 09:01:17 | 000,362,508 | ---- | C] () -- C:\Users\Kosta\Desktop\troj1.jpg
[2013.03.27 01:21:12 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.27 01:12:30 | 3218,288,640 | -HS- | C] () -- C:\hiberfil.sys
[2013.03.26 20:43:18 | 000,366,190 | ---- | C] () -- C:\Users\Kosta\Desktop\Red-Pandas-Hugging-Large-1337203047.jpg
[2013.03.02 18:31:34 | 000,023,954 | ---- | C] () -- C:\Users\Kosta\untitled0_MAS.bak
[2012.09.15 15:49:16 | 000,132,392 | ---- | C] () -- C:\Users\Kosta\ESt2011_Jakob_Vincent_und_Jakob_Brigitte.elfo
[2012.08.05 15:58:24 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.08.05 15:58:23 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.04.04 19:55:12 | 000,000,509 | ---- | C] () -- C:\Users\Kosta\cinderella2-user.properties
[2012.02.18 09:37:38 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.01.11 16:26:00 | 000,094,208 | ---- | C] () -- C:\Users\Kosta\AppData\Roaming\skype.dat
[2011.10.21 17:22:52 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2011.10.21 17:22:52 | 000,031,744 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2011.10.21 17:22:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2011.09.28 11:16:35 | 000,081,518 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.04.13 18:25:59 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011.04.13 18:25:59 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.04.11 06:26:42 | 000,011,300 | ---- | C] () -- C:\Users\Kosta\gsview32.ini
[2011.04.06 19:44:51 | 000,000,173 | ---- | C] () -- C:\Users\Kosta\AppData\Local\msmathematics.qat.Kosta
[2011.03.23 16:21:05 | 000,101,888 | ---- | C] () -- C:\Users\Kosta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.22 14:10:27 | 000,132,515 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.03.22 14:10:21 | 000,132,515 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.03.22 09:42:49 | 000,000,680 | ---- | C] () -- C:\Users\Kosta\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.02.08 10:21:31 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\.minecraft
[2013.03.01 02:07:41 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\BitTorrent
[2012.07.11 20:29:01 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\Braid
[2011.07.30 22:20:18 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\Broken Rules
[2012.01.21 19:52:31 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\Crayon Physics Deluxe
[2013.03.15 19:15:22 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\DAEMON Tools Lite
[2012.11.01 18:08:39 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\Downloaded Installations
[2013.03.27 12:16:45 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\Dropbox
[2012.10.31 14:43:54 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\e-academy Inc
[2011.10.22 14:48:17 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\elsterformular
[2012.02.18 09:37:58 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\FreeAudioPack
[2011.05.28 12:39:41 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\ImgBurn
[2013.03.27 10:11:17 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\IrfanView
[2011.07.30 22:28:57 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\Lazy 8 Studios
[2011.08.23 16:16:09 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\LolClient
[2012.03.17 19:15:34 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\LOVE
[2011.04.04 17:12:56 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\OpenOffice.org
[2013.01.10 18:17:35 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\Scan2PDF
[2013.01.20 20:44:22 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\Spotify
[2012.11.10 17:50:55 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\texstudio
[2011.11.05 12:33:17 | 000,000,000 | ---D | M] -- C:\Users\Kosta\AppData\Roaming\Tropico 3
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 27.03.2013 09:11:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kosta\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,60% Memory free
6,19 Gb Paging File | 4,88 Gb Available in Paging File | 78,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 169,00 Gb Total Space | 7,23 Gb Free Space | 4,28% Space Free | Partition Type: NTFS
Drive E: | 120,59 Gb Total Space | 75,23 Gb Free Space | 62,39% Space Free | Partition Type: NTFS
Drive G: | 7,40 Gb Total Space | 5,79 Gb Free Space | 78,22% Space Free | Partition Type: FAT32
Drive H: | 391,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 562,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 656,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 645,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: KOSTAS_NOTEBOOK | User Name: Kosta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CEE9844-A5D5-4B6B-BD98-30F34502A93C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1426AFCB-02D4-47C8-904C-2F0A2B4AFB6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{1650854A-A685-4986-8F86-63F9D803AF5B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{191E7D03-448B-4407-959F-638BB7D14E6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{256326A2-B3B5-4414-9D4B-DDE989E30848}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2D62CDD5-58B6-42F7-920E-A9BBEBB81D10}" = lport=445 | protocol=6 | dir=in | app=system | 
"{35C3357A-2924-446E-876C-49E111D57633}" = lport=139 | protocol=6 | dir=in | app=system | 
"{414D01E9-E409-46A2-87B2-FA8BBF7D698B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4351B018-BF81-4F39-87F3-AD14EBB187AB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{5978CFB7-AA49-428C-9D5C-6B72BB3C4BDD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6B3AEC01-6297-45E1-BF53-3404A4D2B181}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8BE842B0-573C-4386-9A65-49F31453BF8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{94A22510-DEF8-4EFF-808C-D739B6DD07ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9987287C-7CC7-49B9-88B0-6A0A2E3A5839}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A8E898AA-336A-47B7-B1F6-D78F619287AC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B5CC5EE2-EA6A-472E-BEF6-A194A84A282A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B67D758F-087C-41B7-BADB-811AE15C27DC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C73CA192-BF79-4C59-A6CA-2E2D7FF2CE44}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CC378749-7CB6-4122-AD49-05215DF375F6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CDE734E1-1009-4002-A03B-5021B49974AC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D2A3070F-0D5B-4A35-AEF6-A29E0C7743CF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D2CEE563-22CE-4B77-AC30-4C2037B568EA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D780C855-BDBF-4F68-AC8F-61849F2C3201}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0024ED05-12AC-4CF8-85A1-BFFB16EE3535}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe | 
"{02001B5A-F5DD-4D5A-BE95-0028477D8F73}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hotline_miami\hotlinemiami.exe | 
"{025AAD55-6616-4D33-8C7A-8706EB0ADC81}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders\quickstart.pdf | 
"{044195D5-6036-49B7-AA92-7C961E3F5A32}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe | 
"{08F6FC2A-9407-421C-8DB3-C9E846590E19}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\puzzle quest\puzzle quest.exe | 
"{0CFF227D-41F3-40E8-93FC-3043D4DEB355}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{0D96411B-9A11-4A26-9345-1C2269BF117F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{0EA43104-F6FC-44F2-896E-FE9460900164}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders 2\quickstart.pdf | 
"{10CFAB5E-A62C-4916-BC56-4C5E8334BB1F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\eufloria - demo\eufloria.exe | 
"{111A74F4-895C-44A6-BFC5-2D3D12433BBE}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe | 
"{1236B38B-BA33-4940-A55F-A42A34EBEC1A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders\aowed.exe | 
"{13BBDC45-87F8-4BB7-A0D7-DDA291C50496}" = protocol=17 | dir=in | app=c:\program files\wolfram research\wolfram cdf player\8.0\math.exe | 
"{15F95232-CA3F-451D-8C6D-5EEB3140B747}" = protocol=17 | dir=in | app=f:\alicecd.exe | 
"{18BE40B3-B81F-42CE-8C5B-2A8AD66B52D3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders\aowed.exe | 
"{215F1AFB-5E53-4AF1-BC06-6E770FD64C38}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\antichamber\binaries\win32\udk.exe | 
"{235C76B4-D0CA-4D2C-8542-B6874D39C89A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip runner\runner.exe | 
"{271BBDCC-7B21-473E-98AB-B009779B4A02}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\puzzle agent 2\grickle102.exe | 
"{28D4C7CF-346B-4BC9-BA5F-9D7BE278C25B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\insideastarfilledsky\starfilledsky.exe | 
"{2A59D114-33AD-4848-89AA-DBAEC07CFB1A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\insideastarfilledsky\starfilledsky.exe | 
"{2A784853-5384-4F2C-B3A5-51219DE692D7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\king's bounty - the legend\kb.exe | 
"{2AF28E64-7D90-4F26-87CB-0089B26E34B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders shadow magic\readme.html | 
"{2C65EAED-C5D8-4265-99CB-02A23E3536F1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C9AE3F0-C604-49DB-8C75-DFE94055ED62}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lugaru hd\lugaru.exe | 
"{2E9F2BBD-6E89-4574-AD74-77722604516E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2F22B556-310F-4905-9E75-09BF2113B643}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders 2\aow2setup.exe | 
"{329D0733-CBF8-4993-BA69-6A442FD64C66}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{34646096-06E0-44B5-8623-55FFF8DEB2B0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\deponia\deponia.exe | 
"{36D1CBD1-BD2A-40D5-8CE0-BCC32F0094A4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders 2\launcher.exe | 
"{38768FF8-1255-4A6C-B844-F2A445EA4F36}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\shadowgrounds\shadowgroundslauncher.exe | 
"{416E2B65-C2A1-4DB7-A870-A64E4A1D001E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\shadowgrounds\shadowgrounds.exe | 
"{44D4D3CC-2343-4EF3-A772-8A2981D4A6C3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders\readme.txt | 
"{453BA39F-2871-4831-9479-C6EABF81BD80}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{459E1E86-AD0C-4547-AE9C-9269A9E810FD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders 2\launcher.exe | 
"{461618B7-680A-4C4D-85AF-3CBE7A4C1357}" = dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe | 
"{464C2AD7-05F0-4F71-B3B8-4B0CA95349C6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{472E7B69-A8E4-4DE6-89B5-339CE2C65E01}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{4869C451-9AC9-4DAF-B4AE-F29689E6C73E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4A570602-DCB5-4CFE-9B0C-C5D0F4F95CD4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dear esther\dearesther.exe | 
"{4C65A8E4-49F0-4BE9-85B6-D27662A29584}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{4D0B929B-03D1-4C11-82DC-536A1223B47D}" = protocol=6 | dir=in | app=c:\users\kosta\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4E1D8D7A-00AA-4E66-8668-C201533FD740}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\antichamber\binaries\win32\udk.exe | 
"{4F800090-05E9-42AB-9810-7B2E4A0EA8AB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\machinarium\machinarium.exe | 
"{5152D506-C369-409A-BD08-5AC0C6B40AC6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{53BA5B24-DEF5-4BE4-9850-86EADA5682FA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe | 
"{54B88C4A-ACB9-41EC-9C4D-5FF8D98AFFB4}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{560E1775-30A2-4E81-80E6-C0F7BAE9ECDE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{56C46395-6288-4DB9-9C13-DAC814F7BD1F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders\launcher.exe | 
"{5774DFB8-806F-426F-9FB2-B4E0F5832A5B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip runner\runner.exe | 
"{57C72892-74EF-4330-A751-C8A0511455CA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hotline_miami\hotlinemiami.exe | 
"{57F7EA90-483E-4B3D-A8A6-E0E2703D7A02}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe | 
"{5A4508E4-C7E7-47F3-B36C-36F682440B50}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders trilogy soundtrack\launcher.exe | 
"{5B0F1A2F-A4C1-4554-BE60-9BFC160FE5DE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders shadow magic\aowsmsetup.exe | 
"{5C9F616F-1A73-4A12-94EF-44E4CE4E187A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{5D06A913-5162-4B50-A303-00D68A9FA530}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\puzzle agent 2\grickle102.exe | 
"{5DD9F408-E866-4695-A77E-AEE5590C4891}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders trilogy soundtrack\launcher.exe | 
"{61649DE5-18A1-4A26-9002-910403F81A24}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{61BD4972-2E7F-4457-993B-C7DBC91C2A6C}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe | 
"{636DBCB4-D7B1-4B08-90E4-AA3CC29E0196}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{63CF663C-D412-46E0-9268-30BDEB76589D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{651ECCE4-9F03-4675-A4C7-D729BA6F5385}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{658300F1-C7AE-4A9C-A12A-8CDE17501D43}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\eufloria - demo\eufloria.exe | 
"{66025542-1374-4D68-A0C6-47E03EA72095}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders shadow magic\aowsmsetup.exe | 
"{667118C1-FBD5-4B42-B2BF-A7C17B8DD525}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders shadow magic\readme.html | 
"{68C3B8E0-DDA3-4D86-BE78-7EB359E5759C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\puzzle quest\puzzle quest.exe | 
"{6BE338CA-2431-46EA-9404-62310491D7D6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders shadow magic\quickstart.pdf | 
"{6EFB733D-8670-4D0A-A827-BC136B1E9A47}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{720F653E-6701-4CF3-860F-703314EA8117}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{721828AA-309F-4E2F-BCA0-05181948A2FE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\shadowgrounds\shadowgroundslauncher.exe | 
"{72BE4CC5-6B87-4100-A0FA-EE896E1B6368}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe | 
"{750CB70A-7F95-4F16-90D1-B68A4137F67C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\shadowgrounds\shadowgrounds.exe | 
"{764D5341-335D-4C7A-AD88-703098B34828}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders 2\quickstart.pdf | 
"{768B8D73-E307-4768-9A3E-42899CD1E644}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{76B83E0E-706A-45E6-9080-1868A24C45C8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\puzzle agent\grickle101.exe | 
"{781CC6C1-D66D-407F-A764-1ABC8E638BA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\king's bounty - the legend\save_fixer.exe | 
"{795EBAC9-09CD-4AD3-B28E-859ABD038FCB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\shadowgrounds\shadowgrounds.exe | 
"{7C0E1827-E7D4-40FA-9F0F-B1394F2C3C0B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7FA45B62-392C-43DD-9256-D1D33F4F4FD4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders\aowsetup.exe | 
"{81EF17F7-872E-47AE-B0BB-3F7A1B0E0B3B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders\aowsetup.exe | 
"{82B2DF0A-5648-43FD-A5E0-96FA89EBDEC7}" = protocol=6 | dir=in | app=c:\program files\wolfram research\wolfram cdf player\8.0\math.exe | 
"{84120A00-10E8-48DB-8F48-2DD602DDA514}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{86DEE8C2-F209-4CB3-9B4B-D843033E4907}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders shadow magic\launcher.exe | 
"{88477DA1-89BA-487A-92F6-79F54B58F162}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe | 
"{896D572F-4C52-4482-AB94-48AA9BF98A93}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\puzzlequest2\puzzlequest2.exe | 
"{8A28B53A-5F3F-43AD-BEB4-070059665DF0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8A7B3052-F95C-49D9-969D-CC1A65CA4D98}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{8FF9675E-B22B-4989-BD86-EB2F74151FF0}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{9038AF68-C0DB-4123-A723-2F672673A870}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\samorost 2\samorost2.exe | 
"{90B5DFD9-FB01-48C9-B29A-C0AF5B1A5657}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{91F44971-E3A7-4554-9225-7C76CE784F73}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders shadow magic\launcher.exe | 
"{91FA3443-BEEE-417E-827D-8F099AAF99DD}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe | 
"{92835CE3-8284-4629-BAF6-E25D33E70F4E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{92BEB693-3C26-42EF-8A75-87158B3B39B0}" = protocol=17 | dir=in | app=c:\users\kosta\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9381BD14-13BE-42C1-9334-8C23D1D2AA20}" = protocol=17 | dir=in | app=c:\program files\wolfram research\wolfram cdf player\8.0\wolframcdfplayer.exe | 
"{95A48BCD-8491-451F-9355-AE9A677CD100}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders 2\readme.html | 
"{988712EA-3519-4143-9147-D37D35AFDB8F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe | 
"{99B8CFDD-D039-4616-B078-B8ABBA9F6DA0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip runner\runner.exe | 
"{9A43CDC8-938F-4B97-B53B-D3CF6457093E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\deponia\deponia.exe | 
"{9BCC1FDB-1E3C-4D90-B202-CA48737D58B5}" = protocol=6 | dir=in | app=f:\alicecd.exe | 
"{9CF03917-A14E-4FEE-85BC-2E741053828B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\king's bounty - the legend\save_fixer.exe | 
"{A2C2CB68-296F-4016-A92F-9C7B9011C378}" = protocol=6 | dir=in | app=c:\program files\wolfram research\wolfram cdf player\8.0\wolframcdfplayer.exe | 
"{A722350B-B5D1-41FA-BCAF-461E56B868D5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\shadowgrounds\shadowgroundslauncher.exe | 
"{AAF0B0B2-C752-4721-9887-C53DAB3745B6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\king's bounty - the legend\kb.exe | 
"{AC7504E2-7216-4F3E-BE99-BB94838582AF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{AE70197C-15A3-493C-BD3F-F8A51E154952}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\shadowgrounds\shadowgrounds.exe | 
"{B0C4B871-9F19-4932-91C2-C96C806BDDF6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe | 
"{B17C5241-8F28-4BE3-B3EA-5846247C29DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B22D4D1A-ED48-44A1-A9B7-A72AE8B70D04}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders\readme.txt | 
"{B3159DDD-967D-455C-8DB9-B644F57253F0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\puzzle agent\grickle101.exe | 
"{B588409A-F3AD-4390-8E64-0BED50331870}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders shadow magic\quickstart.pdf | 
"{B9CF2C9C-82D2-424D-82D6-C202DF6DD2E7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{B9ED31A5-31E0-4204-800D-F3F8D03E8CA1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lugaru hd\lugaru.exe | 
"{BA40778B-D0D7-48C5-B223-27A5C5012E2A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BD17866F-60D5-4D89-A037-5730F4A49312}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\resonance\resonance.exe | 
"{C07BA569-0401-47BF-9618-087FBBE1D7C7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{C09E5F5C-7242-4740-9B46-1230E4C21E09}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{C0EC1BE8-1D0D-48FD-8D1C-6CBC17E8AC64}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{C33BF290-3408-474F-9020-B4908A90B414}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\insideastarfilledsky\starfilledsky.exe | 
"{C5FD0021-D521-43DD-9A5C-9A1AC3A99FDF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\puzzle agent 2\grickle102.exe | 
"{C8373E88-54DB-4354-B7C4-B102759970D0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders\quickstart.pdf | 
"{CB593EBA-7E32-40A9-9FF1-39A8B7BA54A1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders 2\aow2ed.exe | 
"{CBD90481-3AB5-4407-A4CB-874ACCE41AEF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe | 
"{CD099151-16D2-485B-80EE-95BC0ABB11A2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders\launcher.exe | 
"{CF8A0109-02E8-4696-8728-86BDC574042D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\puzzle agent\grickle101.exe | 
"{D076CAB3-3604-4C94-9A69-F7AD2B246412}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v - demo\civilizationv.exe | 
"{D1CB60BB-B553-4CE3-8652-5F871A1C6387}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders shadow magic\aowsmed.exe | 
"{D229A0BC-8C14-47E3-B46F-5C12A06D1535}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders 2\aow2setup.exe | 
"{D2624FAF-4C23-43EF-B3AB-BEABF4D15628}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip runner\runner.exe | 
"{D2DA9901-78C2-44B4-B964-D452F023B8D3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\puzzle agent\grickle101.exe | 
"{D5B448C3-FF73-42E9-871D-F62720406C71}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dear esther\dearesther.exe | 
"{D92EC50C-5CE1-4AF3-81F6-C342B3ECF094}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\puzzlequest2\puzzlequest2.exe | 
"{DA9861A7-4F54-4C31-8DC9-B763182E11B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{DBA33316-698B-4AD2-BAD3-B866D5EF5AAC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\shadowgrounds\shadowgroundslauncher.exe | 
"{DD2CC6F0-B8B2-40CF-8A27-4AC89388DAB1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v - demo\civilizationv.exe | 
"{DDDC2749-B33C-457E-84BB-D30171FA58DB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{E19A0091-5C7C-4A07-A434-4B90F9F6F27A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe | 
"{E39001E1-9770-4A0C-AF14-42723B477533}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders shadow magic\aowsmed.exe | 
"{E555DD89-8E29-47B7-82F0-70DCC46FFCB5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{E88E63C2-DAE8-4E42-9F6F-0079E69CA91D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe | 
"{E8E36F50-5CF9-4A6E-B906-D06A2CA4E3CF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E8E973FF-4D62-4EC1-A17B-C2A414C58D4B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\samorost 2\samorost2.exe | 
"{EB69CEA1-4D04-43CA-B9EC-D8E0544C276E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{EE39BFD0-2F36-4EBC-955F-9FCCD0896E65}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe | 
"{EEF6793E-33B1-4A41-8BF9-66F483498B34}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{EF9B9CBA-C29C-40C3-9E13-D111A8AB87A9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\insideastarfilledsky\starfilledsky.exe | 
"{F3AECE13-3F32-470E-BF64-21E12F529414}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders 2\aow2ed.exe | 
"{F4829AC4-3AFC-4FB2-B8FB-BFBE14A884FF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\machinarium\machinarium.exe | 
"{F5224483-4D5D-4314-A5CB-01B9433D2C97}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\puzzle quest\puzzle quest.exe | 
"{F7EA38D3-B91F-4C93-B65A-CC9A60B9FA0A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe | 
"{F96F777A-FA50-43C8-A214-7BB20EA789A3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\puzzle agent 2\grickle102.exe | 
"{FBBFF505-E7C0-4553-9379-1A020A09C1D9}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{FCA0B284-12F6-4F9A-AD9C-7E87BFA97607}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of wonders 2\readme.html | 
"{FE65A1DB-7AC0-4F58-BE66-709646C4BA7A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\resonance\resonance.exe | 
"{FED26C4C-5FC6-4974-A5D7-64FA95CD1C73}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\puzzle quest\puzzle quest.exe | 
"TCP Query User{0CD0F0D9-6D12-4D2D-9BD6-782BBFAC4CA3}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{4270357B-EEB9-486E-9509-BC8C2F281C56}C:\users\kosta\downloads\downloader_starcraft_combo_dede.exe" = protocol=6 | dir=in | app=c:\users\kosta\downloads\downloader_starcraft_combo_dede.exe | 
"TCP Query User{5ED2A54C-42C2-45A6-93BD-AF4FFAABBDB5}C:\users\kosta\desktop\ygopro dawn of a new era 2.6.0.1621\ygopro\ygopro.exe" = protocol=6 | dir=in | app=c:\users\kosta\desktop\ygopro dawn of a new era 2.6.0.1621\ygopro\ygopro.exe | 
"TCP Query User{9E9C743A-52B9-4401-A382-664AB308F02A}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"TCP Query User{BBB25A13-83B6-447F-89EC-7287903C59B8}C:\users\kosta\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kosta\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{DC4E2F1E-7A83-4C1F-99F8-DA271FE6B658}C:\users\kosta\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kosta\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{F065BF55-D6FB-46D6-9CE4-2342069EAE24}C:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"TCP Query User{F4456A86-5EE1-4122-BEBB-5FA94D63CE14}C:\program files\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 15\jre\bin\maple.exe | 
"UDP Query User{273849F7-5DE0-4971-9320-A613E1AB0EBA}C:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"UDP Query User{60B31828-F3D1-4375-9CF2-4AAB71A8CAA6}C:\users\kosta\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kosta\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{70FFDC56-17A4-4F1F-9C60-21EF904D2ECB}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"UDP Query User{7532D826-FC7B-479C-A138-9E29EF2A96BB}C:\program files\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 15\jre\bin\maple.exe | 
"UDP Query User{9D69052C-DE4A-439F-8595-D2D749519A30}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{A297AFA3-D753-492C-9A4A-3F4FE6321F76}C:\users\kosta\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kosta\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{CCE799B7-9983-4DBC-9613-75FFC376A85B}C:\users\kosta\downloads\downloader_starcraft_combo_dede.exe" = protocol=17 | dir=in | app=c:\users\kosta\downloads\downloader_starcraft_combo_dede.exe | 
"UDP Query User{D50D7A2F-1591-4995-95B3-E6703CFC9BBD}C:\users\kosta\desktop\ygopro dawn of a new era 2.6.0.1621\ygopro\ygopro.exe" = protocol=17 | dir=in | app=c:\users\kosta\desktop\ygopro dawn of a new era 2.6.0.1621\ygopro\ygopro.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E30BDEB-9307-11D4-9AE0-006067325E47}" = Baldur's Gate(TM) II - Schatten von Amn(TM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6392CF7D-71EC-45EA-AF98-B004EAB22981}" = popular dictionary update for CHS IME
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}" = Bing Bar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E50658C-C048-418B-A02A-284DC985FED4}" = popular dictionary update for CHS IME
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.WORD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0401-0000-0000000FF1CE}_Office14.PROOFKIT_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0402-0000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2010
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0403-0000-0000000FF1CE}_Office14.PROOFKIT_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2010
"{90140000-001F-0404-0000-0000000FF1CE}_Office14.PROOFKIT_{B87E50FB-B8F9-4B81-8D63-F5A3C5A330B3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010
"{90140000-001F-0406-0000-0000000FF1CE}_Office14.PROOFKIT_{59BCA417-5095-450B-931A-AE6194728386}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROOFKIT_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROOFKIT_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.WORD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2010
"{90140000-001F-040B-0000-0000000FF1CE}_Office14.PROOFKIT_{0EF937D0-95B1-42E3-9643-9D49E4323DF9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROOFKIT_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.WORD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-040D-0000-0000000FF1CE}_Office14.PROOFKIT_{16C5AEEC-D632-4FAA-BFDC-BBF36F473E09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROOFKIT_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2010
"{90140000-001F-0411-0000-0000000FF1CE}_Office14.PROOFKIT_{9FB78D03-3A34-4A57-B65D-0D7F32C1B603}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2010
"{90140000-001F-0412-0000-0000000FF1CE}_Office14.PROOFKIT_{92B4E762-6E97-4B27-AD3F-DE304D57CCC1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROOFKIT_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010
"{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-0000-0000000FF1CE}_Office14.PROOFKIT_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROOFKIT_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0418-0000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2010
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0419-0000-0000000FF1CE}_Office14.PROOFKIT_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041D-0000-0000000FF1CE}_Office14.PROOFKIT_{D00E944F-5ECB-42FF-B58E-8FDCF2219DE8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2010
"{90140000-001F-041E-0000-0000000FF1CE}_Office14.PROOFKIT_{A6E7F499-EF2F-41BE-B74D-AEE04EC065B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2010
"{90140000-001F-0420-0000-0000000FF1CE}" = Microsoft Office Proof (Urdu) 2010
"{90140000-001F-0420-0000-0000000FF1CE}_Office14.PROOFKIT_{C6145631-4180-455C-930C-B003F513FC8D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010
"{90140000-001F-0422-0000-0000000FF1CE}_Office14.PROOFKIT_{C8998656-7C0A-417B-A5AC-5ABF2E34DDD7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2010
"{90140000-001F-0425-0000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2010
"{90140000-001F-0426-0000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2010
"{90140000-001F-0427-0000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2010
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-042D-0000-0000000FF1CE}_Office14.PROOFKIT_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0439-0000-0000000FF1CE}" = Microsoft Office Proof (Hindi) 2010
"{90140000-001F-0439-0000-0000000FF1CE}_Office14.PROOFKIT_{83525C9D-003C-4B32-9B03-0ED4D21A3E6F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-043F-0000-0000000FF1CE}" = Microsoft Office Proof (Kazakh) 2010
"{90140000-001F-0446-0000-0000000FF1CE}" = Microsoft Office Proof (Punjabi) 2010
"{90140000-001F-0446-0000-0000000FF1CE}_Office14.PROOFKIT_{A3543719-9180-4465-9A46-7452A413CD6A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0447-0000-0000000FF1CE}" = Microsoft Office Proof (Gujarati) 2010
"{90140000-001F-0447-0000-0000000FF1CE}_Office14.PROOFKIT_{5E44BC48-F996-4AD3-AA33-345E2F83D753}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0449-0000-0000000FF1CE}" = Microsoft Office Proof (Tamil) 2010
"{90140000-001F-0449-0000-0000000FF1CE}_Office14.PROOFKIT_{9B0C53A1-64B2-4FEC-9043-0850F6ECDE04}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044A-0000-0000000FF1CE}" = Microsoft Office Proof (Telugu) 2010
"{90140000-001F-044A-0000-0000000FF1CE}_Office14.PROOFKIT_{98DEF7A2-EB26-4C27-B4EB-06AB4E3BF95E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044B-0000-0000000FF1CE}" = Microsoft Office Proof (Kannada) 2010
"{90140000-001F-044B-0000-0000000FF1CE}_Office14.PROOFKIT_{45B439F9-F6BD-4DE6-852A-0F5D21742B72}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044E-0000-0000000FF1CE}" = Microsoft Office Proof (Marathi) 2010
"{90140000-001F-044E-0000-0000000FF1CE}_Office14.PROOFKIT_{52C4A160-60CE-4134-89F5-A3C40AACB2AE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0456-0000-0000000FF1CE}_Office14.PROOFKIT_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2010
"{90140000-001F-0804-0000-0000000FF1CE}_Office14.PROOFKIT_{A620ACD4-585E-40D3-80B9-FD31766D1E2A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010
"{90140000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2010
"{90140000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROOFKIT_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.WORD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0404-0000-0000000FF1CE}_Office14.PROOFKIT_{3ECE53A5-4BA5-49EA-828F-FD071F2652F0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0028-0411-0000-0000000FF1CE}_Office14.PROOFKIT_{5E056779-9F4B-4593-86D3-28E5548A8B64}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2010
"{90140000-0028-0412-0000-0000000FF1CE}_Office14.PROOFKIT_{856E89AF-50C7-4FD2-8300-EA2805BB24F8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-0028-0804-0000-0000000FF1CE}_Office14.PROOFKIT_{394CF546-9CD3-4C0A-B380-F4CCFD44C873}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.WORD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-004A-0409-0000-0000000FF1CE}" = Microsoft Office ProofMUI (English) 2010
"{90140000-004A-0409-0000-0000000FF1CE}_Office14.PROOFKIT_{995800C5-D90E-4107-8BF7-7AA4DC8C383D}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-004B-0000-0000-0000000FF1CE}" = Microsoft Office Proofing Kit 2010
"{90140000-004B-0000-0000-0000000FF1CE}_Office14.PROOFKIT_{253A3CD5-168D-4E9B-B346-6D14220BBE7F}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.WORD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.WORD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9672CAD2-F310-42D6-9147-E4A4B6ED8395}" = LG Magnifier
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FAAE06C-DEDD-4299-B88D-1F9AD5E1547F}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{A5DEEFD7-324E-4B33-B571-2E0B4C0D72F2}" = popular dictionary update for CHS IME
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0307631-65F4-406E-8CEF-244FE0359365}" = popular dictionary update for CHS IME
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D922EF97-6657-3075-BC93-A6CF59444E84}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{DABD50F7-0001-0002-0003-ABCDEFABCDEF}" = LG Smart Indicator
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8D2307D-F40A-4214-86D6-613A31E948FE}" = LG OSD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2385-9868-7018-1536" = Cinderella2 2.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"A-WIN-Extras 8.0.1 2077975_is1" = Mathematica Extras 8.0 (2077975)
"BitTorrent" = BitTorrent
"DAEMON Tools Lite" = DAEMON Tools Lite
"Disciples 2 Gold Gallean" = Disciples 2 Gold Gallean
"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular-Upgrade
"Episode 1" = Back to the Future The Game - Episode 1
"EzManual" = EzManual
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Fuego" = Fuego
"GOGPACKPLANESCAPETORMENT_is1" = Planescape Torment
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Graph_is1" = Graph 4.3
"GridinSoft Trojan Killer" = Trojan Killer
"GSview 4.9" = GSview 4.9
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"LGFanModeTile" = LG Fan Mode Tile for Windows Mobility Center
"LGTouchPadTile" = LG TouchPad Tile for Windows Mobility Center
"Maple 15" = Maple 15
"MatlabR2011a" = MATLAB R2011a
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2008 Express Edition - DEU" = Microsoft Visual C++ 2008 Express Edition - DEU
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library für Microsoft Visual Studio 2008 Express Editions
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROOFKIT" = Microsoft Office Proofing Tools Kit Compilation 2010
"Office14.WORD" = Microsoft Word 2010
"OpenAL" = OpenAL
"Scan2PDF_is1" = Scan2PDF 1.6
"StarCraft" = StarCraft
"Steam App 104100" = Inside a Star-filled Sky 
"Steam App 105600" = Terraria
"Steam App 113200" = The Binding Of Isaac
"Steam App 12500" = Puzzle Quest
"Steam App 18700" = And Yet It Moves
"Steam App 203810" = Dear Esther
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 212050" = Resonance
"Steam App 214340" = Deponia
"Steam App 219150" = Hotline Miami
"Steam App 219890" = Antichamber
"Steam App 220" = Half-Life 2
"Steam App 22600" = Worms Reloaded
"Steam App 2500" = Shadowgrounds
"Steam App 26500" = Cogs
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 31270" = Puzzle Agent
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 40700" = Machinarium
"Steam App 40720" = Samorost 2
"Steam App 40800" = Super Meat Boy
"Steam App 41100" = Hammerfight
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 47540" = Puzzle Quest 2
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 70300" = VVVVVV
"Steam App 94590" = Puzzle Agent 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TeXstudio_is1" = TeXstudio 2.5
"UDK-31c8d01e-dbcf-4798-81e9-b0956aa97fa4" = My Game Long Name
"VLC media player" = VLC media player 1.1.7
"Warcraft III" = Warcraft III
"WiFiConnector" = Registrierungsprogramm für den Nintendo Wi-Fi USB Connector
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.03.2013 03:35:44 | Computer Name = Kostas_Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.03.2013 09:54:07 | Computer Name = Kostas_Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.03.2013 16:53:53 | Computer Name = Kostas_Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 03:27:49 | Computer Name = Kostas_Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 09:44:12 | Computer Name = Kostas_Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 09:48:36 | Computer Name = Kostas_Notebook | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.03.2013 19:34:48 | Computer Name = Kostas_Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 19:53:58 | Computer Name = Kostas_Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 20:14:13 | Computer Name = Kostas_Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 22:21:25 | Computer Name = Kostas_Notebook | Source = WinMgmt | ID = 10
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 26.03.2013 20:35:29 | Computer Name = Kostas_Notebook | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 26.03.2013 20:35:29 | Computer Name = Kostas_Notebook | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 26.03.2013 20:35:29 | Computer Name = Kostas_Notebook | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 26.03.2013 20:35:29 | Computer Name = Kostas_Notebook | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 26.03.2013 20:35:29 | Computer Name = Kostas_Notebook | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 26.03.2013 20:35:29 | Computer Name = Kostas_Notebook | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 26.03.2013 20:35:29 | Computer Name = Kostas_Notebook | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 26.03.2013 22:18:15 | Computer Name = Kostas_Notebook | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 26.03.2013 22:20:34 | Computer Name = Kostas_Notebook | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 26.03.2013 22:21:11 | Computer Name = Kostas_Notebook | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ System Events ]
Error - 26.03.2013 19:38:15 | Computer Name = Kostas_Notebook | Source = DCOM | ID = 10005
Description = 
 
Error - 26.03.2013 19:50:32 | Computer Name = Kostas_Notebook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 27.03.2013 um 00:48:55 unerwartet heruntergefahren.
 
Error - 26.03.2013 19:51:20 | Computer Name = Kostas_Notebook | Source = DCOM | ID = 10005
Description = 
 
Error - 26.03.2013 19:54:23 | Computer Name = Kostas_Notebook | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 26.03.2013 20:00:25 | Computer Name = Kostas_Notebook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 27.03.2013 um 00:58:10 unerwartet heruntergefahren.
 
Error - 26.03.2013 20:00:48 | Computer Name = Kostas_Notebook | Source = DCOM | ID = 10005
Description = 
 
Error - 26.03.2013 20:15:39 | Computer Name = Kostas_Notebook | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 26.03.2013 20:15:39 | Computer Name = Kostas_Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.03.2013 20:22:01 | Computer Name = Kostas_Notebook | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 26.03.2013 22:22:38 | Computer Name = Kostas_Notebook | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

Als ich den Scan von GMER durchlaufen ließ, hat sich mein Notebook verabschiedet, deshalb wollte ich das erstmal bleiben lassen und Rat abwarten.

Vielen Dank im Voraus!

M-K-D-B · 27.03.2013, 13:21

Servus,

Aus deiner Logdatei:

Zitat:

PRC - [2011.04.13 18:25:35 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2011.04.13 18:25:35 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe

Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner Software benutzt wird, die nicht legal erworben wurde.

Supportstopp

Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.

Damit ist das Thema beendet.

GVU-Trojaner auf Windows Vista

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner auf Windows Vista

GVU-Trojaner auf Windows Vista

GVU-Trojaner auf Windows Vista

Ähnliche Themen: GVU-Trojaner auf Windows Vista