Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner ... Gen:Variant.Symmi.10415 - Online Banking

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.05.2013, 17:23   #1
bluecrystal
 
Trojaner ... Gen:Variant.Symmi.10415 - Online Banking - Standard

Trojaner ... Gen:Variant.Symmi.10415 - Online Banking



Hallo,

jetzt ist es mir passiert.

Seit gut 3 Jahren habe ich mir weder einen Virus noch einen Trojaner oder ähnliches eingefangen, während ich bei meiner Nachbarschaft immer den "Bundestrojaner" entfernen musste.

JavaScript habe ich zur Sicherheit bei Firefox immer ausgeschaltet. Adblock hat mich vor Werbung geschützt. Bei der Installation achte ich immer auf Häcken bei Spyware, usw.

Dann wollte ich die Website von Mark Zuckerberg besuchen, die er 1999 erstellt hatte, war in den Nachrichten. Da er viel mit JavaScript gearbeitet hat, habe ich es bei meinem Browser mal wieder aktiviert. Das ist so 1 Woche her. Und jetzt habe ich mir wohl ein Trojaner eingefangen.

Auffälligkeiten:

1. Beim Drücken der Tasten ^^ und ´´ erscheinen die Zeichen doppelt.
2. Firefox und Thunderbird frieren manchmal ein, beim Senden von E-Mails werden auf einmal die Grafiken nicht geladen.
3. Was ganz schlimm ist ... mein Online-Banking ist nicht erreichbar. Wenn ich mich einlogge, erscheint ein Status wie "Für ihre bequemlichkeit laden wir Daten runter." - schlechtes Deutsch. Und läd .. da wurde ich stutzig und habe im Taskmanager den Prozess avyr.exe gefunden, der unter Roaming in einem Ordner liegt.

Den habe ich sofort beendet, und die Datei in .txt umbenannt. Dann bei Virenscannern hochgeladen. Ergebnis: hxxp://virusscan.jotti.org/de/scanresult/b3296657ca9c6fdc7e8aee3f9ccf9541403634b3

Gen:Variant.Symmi.10415

Ich finde auch merkwürdig, dass beim Online Banking immer etwas von "securepro150.com" geladen wird, laut Firefox. Das kommt auch jetzt noch.

Hier nun die Logs:

defogger_disable.log

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:47 on 02/05/2013 (Maurice)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL.Txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.05.2013 17:48:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Maurice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 13,21 Gb Available Physical Memory | 82,66% Memory free
31,96 Gb Paging File | 28,98 Gb Available in Paging File | 90,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 10,98 Gb Free Space | 9,83% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 732,86 Gb Free Space | 78,67% Space Free | Partition Type: NTFS
Drive G: | 117,19 Gb Total Space | 14,00 Gb Free Space | 11,95% Space Free | Partition Type: NTFS
Drive H: | 348,56 Gb Total Space | 34,96 Gb Free Space | 10,03% Space Free | Partition Type: NTFS
 
Computer Name: QOQ | User Name: Maurice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.02 17:47:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maurice\Desktop\OTL.exe
PRC - [2013.04.12 00:00:27 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.03.15 00:42:53 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.24 21:09:36 | 000,016,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\agcp.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.30 04:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.08.08 16:49:04 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 17:29:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 17:29:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.02.14 20:47:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.05.19 16:39:18 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.19 16:39:14 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2010.04.10 10:03:46 | 000,077,824 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2008.11.06 06:25:21 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2008.11.06 06:24:41 | 000,846,344 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2008.11.06 06:24:21 | 000,526,856 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.12 00:00:27 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.15 00:42:52 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.02.14 21:10:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 14:02:38 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73095717d4f6e55c95cc4b1e0eb2d13c\IAStorUtil.ni.dll
MOD - [2013.01.10 14:02:38 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\81df35c58c5880bba568914a95c3f84a\IAStorCommon.ni.dll
MOD - [2013.01.09 21:02:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 21:02:38 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 21:02:31 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.09 21:02:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 21:02:26 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 21:02:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 21:02:23 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.30 04:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012.11.30 04:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 00:00:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.15 00:42:56 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.05.14 17:15:42 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.08 17:29:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 17:29:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.14 20:47:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.05.19 16:39:18 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 17:29:41 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 17:29:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.08 06:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011.12.08 06:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.02 11:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 11:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.05.10 18:46:52 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.01.21 00:10:54 | 001,102,112 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010.01.07 10:20:00 | 000,676,864 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.10.16 01:33:20 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F F4 C2 F9 0C 44 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.0
FF - prefs.js..extensions.enabledAddons: info%40maltegoetz.de:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.25 17:32:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.27 23:53:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 00:00:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 00:00:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 13:43:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.25 17:32:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 00:00:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 00:00:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 13:43:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.12.24 19:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maurice\AppData\Roaming\mozilla\Extensions
[2013.04.22 21:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maurice\AppData\Roaming\mozilla\Firefox\Profiles\onisaz2i.default\extensions
[2013.04.05 11:22:02 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Maurice\AppData\Roaming\mozilla\Firefox\Profiles\onisaz2i.default\extensions\ich@maltegoetz.de
[2013.04.22 21:38:27 | 000,011,691 | ---- | M] () (No name found) -- C:\Users\Maurice\AppData\Roaming\mozilla\firefox\profiles\onisaz2i.default\extensions\info@maltegoetz.de.xpi
[2013.04.17 19:05:26 | 000,005,429 | ---- | M] () (No name found) -- C:\Users\Maurice\AppData\Roaming\mozilla\firefox\profiles\onisaz2i.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.02.15 00:17:26 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Maurice\AppData\Roaming\mozilla\firefox\profiles\onisaz2i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.20 16:27:25 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\Maurice\AppData\Roaming\mozilla\firefox\profiles\onisaz2i.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2011.12.24 21:17:52 | 000,004,140 | ---- | M] () -- C:\Users\Maurice\AppData\Roaming\mozilla\firefox\profiles\onisaz2i.default\searchplugins\youtube.xml
[2013.04.12 00:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 00:00:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.12 00:00:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.04.12 00:00:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.21 19:05:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012.06.20 13:10:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 18:54:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.20 13:10:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 13:10:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 13:10:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 13:10:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [Kyesg] C:\Users\Maurice\AppData\Roaming\Uvher\avyr.exe File not found
O4 - Startup: C:\Users\Maurice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04D192DF-7EA0-4505-AFF6-C5CD31278819}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76578C98-2596-4999-BDB8-8C2C2700089A}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90DD6963-6CBA-43E5-90EA-E893DB2A82DF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.02 21:08:31 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2b8017ca-2e4d-11e1-8c34-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2b8017ca-2e4d-11e1-8c34-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Bin\assetup.exe
O33 - MountPoints2\{c928e419-5653-11e1-8584-f46d046543b8}\Shell - "" = AutoRun
O33 - MountPoints2\{c928e419-5653-11e1-8584-f46d046543b8}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.02 17:47:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maurice\Desktop\OTL.exe
[2013.05.01 23:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.05.01 23:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2013.05.01 23:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013.05.01 23:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.05.01 23:01:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.05.01 22:58:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.01 19:24:52 | 000,000,000 | ---D | C] -- C:\Users\Maurice\AppData\Roaming\Uvher
[2013.05.01 19:24:52 | 000,000,000 | ---D | C] -- C:\Users\Maurice\AppData\Roaming\Cuampu
[2013.05.01 19:24:52 | 000,000,000 | ---D | C] -- C:\Users\Maurice\AppData\Roaming\Biokci
[2013.05.01 00:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.13 18:23:33 | 000,000,000 | ---D | C] -- C:\Users\Maurice\Desktop\eBayQOQ
[2013.04.13 02:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oZone3D
[2013.04.13 02:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\oZone3D
[2013.04.13 02:37:03 | 000,000,000 | ---D | C] -- C:\Users\Maurice\AppData\Roaming\poclbm
[2013.04.13 02:30:36 | 000,000,000 | ---D | C] -- C:\Users\Maurice\Neuer Ordner
[2013.04.12 17:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.04.12 17:24:01 | 000,000,000 | ---D | C] -- C:\Users\Maurice\AppData\Roaming\Bitcoin
[2013.04.12 17:23:55 | 000,000,000 | ---D | C] -- C:\Users\Maurice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
[2013.04.12 17:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bitcoin
[2013.04.12 00:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.03 13:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.02 17:47:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maurice\Desktop\OTL.exe
[2013.05.02 17:47:19 | 000,000,000 | ---- | M] () -- C:\Users\Maurice\defogger_reenable
[2013.05.02 17:46:39 | 000,050,477 | ---- | M] () -- C:\Users\Maurice\Desktop\Defogger.exe
[2013.05.02 17:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.02 16:59:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.02 12:37:03 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 12:37:03 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 12:34:08 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.02 12:34:08 | 000,657,698 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.02 12:34:08 | 000,618,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.02 12:34:08 | 000,131,070 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.02 12:34:08 | 000,107,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.02 12:29:55 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.02 12:29:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.02 12:29:49 | 4281,024,510 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.24 13:42:49 | 000,000,653 | ---- | M] () -- C:\Users\Maurice\Desktop\Ordner.lnk
[2013.04.23 02:34:28 | 000,050,358 | ---- | M] () -- C:\Users\Maurice\.recently-used.xbel
[2013.04.12 11:31:45 | 000,418,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.02 17:47:19 | 000,000,000 | ---- | C] () -- C:\Users\Maurice\defogger_reenable
[2013.05.02 17:46:38 | 000,050,477 | ---- | C] () -- C:\Users\Maurice\Desktop\Defogger.exe
[2013.04.24 13:42:50 | 000,000,653 | ---- | C] () -- C:\Users\Maurice\Desktop\Ordner.lnk
[2013.04.23 02:34:28 | 000,050,358 | ---- | C] () -- C:\Users\Maurice\.recently-used.xbel
[2012.06.18 16:51:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012.05.13 18:45:46 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.13 18:45:44 | 000,000,900 | ---- | C] () -- C:\Windows\Printfil.ini
[2012.02.15 23:44:13 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.12.28 16:42:37 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2011.12.28 16:42:37 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.12.25 17:31:34 | 000,218,998 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.12.25 17:31:34 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2011.12.24 21:42:54 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.24 21:42:53 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.24 19:24:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.24 19:24:22 | 000,030,387 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.01 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Biokci
[2013.04.13 04:16:21 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Bitcoin
[2012.01.22 13:40:09 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Canneverbe Limited
[2013.05.02 17:14:18 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Cuampu
[2012.07.03 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\elsterformular
[2013.04.13 19:47:35 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\FileZilla
[2012.04.01 00:55:57 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Firefly Studios
[2013.04.13 19:33:39 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\gtk-2.0
[2012.11.21 19:07:20 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\loadtbs
[2012.02.11 03:50:07 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Notepad++
[2012.07.26 20:41:47 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Nvu
[2012.12.04 00:59:09 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Origin
[2011.12.28 17:43:50 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\PDF reDirect
[2013.04.13 02:37:03 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\poclbm
[2012.02.27 22:22:05 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Samsung
[2012.07.27 21:03:17 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\SendSpace
[2011.12.28 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Thunderbird
[2013.01.31 12:40:56 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Trillian
[2012.06.18 16:51:53 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Tunngle
[2013.05.02 17:21:39 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Uvher
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras.Txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.05.2013 17:48:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Maurice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 13,21 Gb Available Physical Memory | 82,66% Memory free
31,96 Gb Paging File | 28,98 Gb Available in Paging File | 90,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 10,98 Gb Free Space | 9,83% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 732,86 Gb Free Space | 78,67% Space Free | Partition Type: NTFS
Drive G: | 117,19 Gb Total Space | 14,00 Gb Free Space | 11,95% Space Free | Partition Type: NTFS
Drive H: | 348,56 Gb Total Space | 34,96 Gb Free Space | 10,03% Space Free | Partition Type: NTFS
 
Computer Name: QOQ | User Name: Maurice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028A2843-D03F-4E58-BBAF-407C772ECAB7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{35DB2568-E4AA-404F-83E2-5551A76143FF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3A7FEF1C-E5D3-4499-BD48-19CC0DD6F852}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4A0E579E-0462-473F-9BE9-CBE437E3265F}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{4F16DA50-FB22-489A-9A3F-FA71CF25753E}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{5141B8A0-1EA2-4111-9D4D-AD4DF1457495}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{63F37A29-8C07-49FF-8E3F-CEF00139E4A6}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{6D02EBEF-A2A6-4338-9465-E0F2EF3D63EF}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{6F56A32D-BCD9-43F4-AEAA-26A7E8B83A3C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{80E7C223-FF0D-4EB1-93DE-E71D613140D8}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{877B2000-DB0C-4379-8772-ABE6DF54F0F1}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{88044E79-7459-4BFF-B5BC-7D960F23BDA2}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{8ACAF68B-7D69-40E7-BA77-16D984BDF85F}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{93B20578-CED6-444B-8BF5-9D114B6D87E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{9585D6F0-8EA5-4FB3-B435-4142F6AD52DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{962F7314-9001-4592-B4DA-781CDC038C05}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{A22CF3AE-66D6-4E29-971B-68DC626D057B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C82A4E8B-EA51-474E-8BEE-D8E0C14D959C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CB2ABCD7-36AB-4ED9-9A29-B8AF1FB007AC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D470899D-6D0D-45B0-9962-DEA44B9D7BDD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{E81EE90C-B064-4F42-9B05-396DEF71D5EF}" = rport=2869 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0496623E-A6A2-4243-B8FA-337C2B5E45FE}" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"{0732EB05-4D23-4282-872C-E1703ECEC27A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{0788BB0C-021F-461A-89FA-BEF7A7D994D9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{096184C1-3877-4B3B-9941-4622EB6CB206}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | 
"{09ED1D7A-1100-4003-9302-7C3F3246359F}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo - kopie\ygocore\ygopro_vs.exe | 
"{0DCA5FED-29A6-4A0A-BA68-BEB358BBFE96}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0E95B475-CA92-45C4-94EC-2474BB8040FC}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{0EC754F0-ED2B-4C72-AFB9-34774215BBCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{10307749-1FAE-4C43-B830-E60BE49FDB11}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro 29\ygopro_vs.exe | 
"{10D78FC0-12A6-41F2-B848-7F8D58699851}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 
"{116F17D9-28B4-4DB3-BE62-9A92386A0F60}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{13F8D248-6713-4DC3-AE45-F403DC490ED1}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro\devpro.dll | 
"{191D0D20-044A-44F1-9418-5183F7565A3B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{1AB4EE92-9516-4CA1-9330-674B60BAEFBC}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe.exe | 
"{1B7A2DB1-FF31-442E-9107-D9AF912121AC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{1E238B00-8102-45F6-A5E6-532FADFBE90C}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro102a\ygopro_vs.exe | 
"{208A11BA-1B9E-43E4-88B8-A19687A150AC}" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{20C2C587-4FAE-496E-B55C-F77D9E384C39}" = protocol=6 | dir=in | app=c:\spiele\battlefield 3\bf3.exe | 
"{20C9941F-C373-47F3-9AF5-96DF4892F4B2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{214A52E4-62E4-4DDB-A5E7-DB4BD18CEF6A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{216FD7EB-1976-447A-AF46-F76C05C60842}" = protocol=17 | dir=in | app=f:\spiele\guild wars 2\gw2.exe | 
"{21B3F84F-2D65-456F-A5AD-F913DF1AC9DB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{24CAF27B-3A9A-4DD4-99E7-460E8BA891AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{272A442A-55A7-4166-B6E9-F7820B9EA48A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\kies\kies.exe | 
"{2B7D6CFA-68EE-4784-834B-D5C630F04AD9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{2CEFD51B-B14A-4ADC-8DC2-FDACEF2546CA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{2DF377E6-7122-4898-A12F-8BE7B3E3E02D}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro - kopie\ygopro.exe | 
"{2E535313-3959-4153-93F6-7D7E3AA6E116}" = protocol=6 | dir=in | app=f:\spiele\guild wars 2\gw2.exe | 
"{2EFC4FCF-2060-4C04-9B9B-57558215BBFE}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{31186E7E-1784-4621-941A-A728FFF8684B}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 
"{33F77227-5E61-4EE2-90E4-D8911F7ADB1C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{340BA5CA-8D01-461A-87FC-ADE83D33E503}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{35028F38-F2E1-49AC-8F53-57F016CB6ED4}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 
"{3719E429-2389-4B52-A0D5-4B0C6A1D87DF}" = protocol=17 | dir=in | app=g:\spiele\starcraft ii\starcraft ii.exe | 
"{37593186-4CE5-4E47-AEAF-00EE2F54EA72}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{38773358-38DC-48CC-8136-3E8ED0E2DD32}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{3B139121-2E97-4ECE-9721-D22BF64DA39E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3C51A34F-1F5A-493E-B6D7-483962C4919A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3D1CE58D-6DF9-476A-BFE2-497A8A512258}" = protocol=17 | dir=in | app=h:\spiele\stronghold crusader\stronghold crusader.exe | 
"{3DB90A69-D054-4E2D-8904-A79867BB9D7B}" = protocol=6 | dir=in | app=g:\spiele\starcraft ii\starcraft ii.exe | 
"{40693C86-B143-40E7-92EC-11F90A42E028}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{40E6D333-6C30-4627-AA67-AEDF3AF282F9}" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{4103ADDB-48A7-4F25-B989-3A6D5888AD72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{412FC0FD-8EDC-43B0-96DF-1E22C51F1FBD}" = protocol=17 | dir=in | app=c:\users\maurice\downloads\ygod\ygopro.exe | 
"{41F3A082-4153-4E3A-841B-03572E9F4D17}" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"{42770BDB-9B92-4C32-BE66-C76B23BAC866}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\neuer ordner\miranda64.exe | 
"{427F5AB0-81B6-4A6F-BC39-B308438EC717}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\neuer ordner\miranda64.exe | 
"{447C3EE3-27EF-42D0-9F4B-634CA5DB28CF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{46AF6B1E-01EB-425A-BB28-4C456F6E05EF}" = protocol=6 | dir=in | app=h:\spiele\stronghold crusader\stronghold crusader.exe | 
"{48261D98-A33A-4F3E-8A01-A674160867A8}" = protocol=17 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"{49CD88F5-6A97-4AF6-A345-AF4F5602FE5E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{49D6F561-9956-4ED2-A81C-8F6DC87B2C6F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{4A7AC534-C95E-4C09-B1E4-F1881AC359E1}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro the dawn of a new era\ygopro\ygopro vs.1.exe | 
"{4B979F4F-A55F-4FF8-8F0A-C343DCDB68BB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\kies\kies.exe | 
"{4C64B056-64B7-436B-BA8E-BFC9BE256AC7}" = protocol=6 | dir=in | app=c:\users\maurice\appdata\local\temp\gw2.exe | 
"{4E462467-DA03-46FE-97F1-BAA08B6EC2E6}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro102a\ygopro_vs.exe | 
"{4EB574FE-F9DF-4D89-8C3A-363BD556182A}" = protocol=6 | dir=in | app=c:\spiele\battlefield 3\bf3.exe | 
"{4EC3654A-382E-4169-A40B-44D38105BD15}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro-1.02a.0\ygopro_vs.exe | 
"{50B327F0-0B1E-4BBD-87DB-D17481A112AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{526EEF4A-DDA1-4066-B088-DB2F1F91346F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{550EB3D1-DD22-467A-B0D3-9D69ADEB1F98}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{563D8BE1-BA9E-4EB7-ABC1-EAFAC1170CA8}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe.exe | 
"{587F7043-755D-4AC4-BB77-3CEE8119D9FA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{589C0074-9D6D-49EF-A760-10DF8AD5B016}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{5E7C9CE9-3EFE-4E5E-935A-7D117E890207}" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"{5F7EE34B-9D27-4321-9671-4D8A24458FA7}" = protocol=6 | dir=in | app=f:\spiele\diablo iii\diablo iii.exe | 
"{604E4137-20A4-4ABF-AF61-C9BE8F13B01B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{63AFE182-B232-448B-8B5D-7239C2C628F2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{681397BA-00CA-40C6-B432-D8A3FC7E0132}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{6959C6FC-4F22-4FB9-9846-E33244113CB3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{6BF1F9FE-6250-4657-B480-62A0E492E4C4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{70095100-7578-4DD4-A355-79CAC59730EC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{730257BD-50D4-4D95-A265-0B4A5B1BF9A4}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe-english.exe | 
"{73179A52-D6B6-4A9D-80D2-ACED074FD584}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{73A8F2F2-8C55-4DE8-B56E-5457E44E93EB}" = protocol=17 | dir=in | app=g:\spiele\world of warcraft\launcher.exe | 
"{73FDA2D5-F139-4DCA-9AAF-507961AADF31}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo - kopie\ygocore\ygopro_vs.exe | 
"{769C4716-1F74-424F-AA04-565662371DBA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{770505AB-0C8A-452A-8C95-408ACEF874A5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7793C6D8-78FA-4FEC-80D5-0EEB9A235E4C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{779D2B20-5DCB-46A8-939D-F0A1AEB80EE4}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro 29\ygopro_vs.exe | 
"{781BE35C-9AB7-4EE9-951F-FA0A44432DE2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{79350DDF-1288-49A5-AE6B-6C0A56D664B1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{7990D987-541A-4BAF-9FE8-FAB51512FC9B}" = protocol=17 | dir=in | app=c:\users\maurice\appdata\local\temp\gw2.exe | 
"{7C3E4B48-EA0B-4899-84F1-2783BB29BF0D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{7D2A9C36-A221-4582-BC34-A9EFAF871B38}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{7E43469B-ED66-4F78-B6D8-0C71F6ED0FEA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{83CD104F-515A-46E8-B9B4-A23DC25720C5}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{8429512B-9B5B-4E56-9433-E69A1B0DE0AD}" = protocol=6 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | 
"{8805B709-E283-4F70-8F3C-483DA2C5957D}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro 28\ygopro_vs.exe | 
"{8A3BA314-4118-45EB-A858-98C055A976BA}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{8EB481F6-0291-4AB5-A3C1-711577E27AC3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{904A59DF-40EE-4AC3-BB06-636465DED806}" = protocol=6 | dir=in | app=c:\users\maurice\downloads\ygod\ygopro.exe | 
"{90A3EDBC-8366-4647-81E5-0CE6BE569BDB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9620EFA4-1AD8-42E2-9148-F2ABAD2E37CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{968607BB-6A99-4047-8842-DB8F648AD920}" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"{98BDE2DF-C586-4E9C-87A2-507EFEDACFAC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{996BBFC9-35EA-4962-9B3C-BBB23C383A8A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{9BEE1587-A694-4BB8-9BF9-4C3ED2401369}" = protocol=17 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | 
"{9D0E7BEE-EC55-4BE2-B664-3E6DF11348A4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{9DD53746-E8FC-4E0B-81CA-6EABE4933CDD}" = protocol=17 | dir=in | app=g:\spiele\world of warcraft\launcher.patch.exe | 
"{9E340CB9-6C29-4B93-9E80-47FDDB476A50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A09C75DD-9017-4939-9E36-BD38434AF141}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{A547224D-F4B5-46EE-9160-66DC3478E8E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{A58E42F4-D901-4DA7-ACF2-1D21681C8D81}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | 
"{A7BF740F-5E2A-462F-AC54-A92D5BF88AD8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A8E8E6D1-3656-4FB9-AF0F-36B20616BD38}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{AAD6B6CB-66DB-4BED-9E63-39CEA132B0AE}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{AB763610-12A3-4786-BF04-DB4D604A9DC2}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro\ygopro_vs.exe | 
"{ADC3CA66-EBD9-41CA-8730-0EB013A9D074}" = protocol=17 | dir=in | app=h:\spiele\starcraft ii\starcraft ii.exe | 
"{AF207193-660E-4F71-B759-C7E94595C060}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 
"{B01EA59F-32AA-42BF-8B21-F57595A90DF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{B07728D5-B029-45DF-82AB-9061A41123BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{B1156CC1-5314-43F1-8E5B-A49B42BC01BA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{B23B8B70-72F3-4735-8622-181428B99B23}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo\ygocore\ygopro_vs.exe | 
"{B25C5729-5F39-4DB2-B11C-2BFA59DE9921}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{B3915A44-6C7A-45C0-92C7-8CED3E54444D}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro\devpro.dll | 
"{B902C2F3-6597-483E-9833-109E9F4C0777}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{B924A967-3082-4BC2-B083-2C35AA58CF23}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro the dawn of a new era\ygopro\ygopro vs.1.exe | 
"{BD0C2A02-4F9C-4421-B8CA-2DE73DD131D6}" = protocol=17 | dir=in | app=c:\spiele\battlefield 3\bf3.exe | 
"{C0EC2DD3-7BC0-478D-86C0-875C9C391BFB}" = protocol=6 | dir=in | app=h:\spiele\starcraft ii\starcraft ii.exe | 
"{C18F6293-70AA-4DEB-9BED-9140DD02919F}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro-1.02a.0\ygopro_vs.exe | 
"{C2EB1DB5-5F5D-4B01-B131-25DC4EF63377}" = protocol=17 | dir=in | app=h:\spiele\starcraft ii\support\blizzarddownloader.exe | 
"{C72C433F-79D9-4945-82AB-4D3C48C0E49C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{C7B0A85F-870D-4188-8F59-7CD6FF8DB7CA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C800DE54-716C-4845-BCF0-C05E7AAADFE2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C82B4067-D743-472D-A2F8-5FF891A5D3EF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C96159B0-100C-4431-8D57-DCE1CF891395}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{CD2DA7C8-1EDC-473E-81C2-14CB634654F9}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro - kopie\ygopro.exe | 
"{CD926E5D-76DC-4C0F-84A1-FD5E5E59F235}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{CE171A63-C5A8-40E9-B87F-9F678FC92F01}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{CFA99C2A-9E2E-40B3-A7DB-238BAF87021D}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro 28\ygopro_vs.exe | 
"{D109AACC-2052-4681-84C3-5378FC33BAE2}" = protocol=6 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"{D3759155-5481-49FC-94D6-CBCB91038594}" = protocol=6 | dir=in | app=h:\spiele\starcraft ii\support\blizzarddownloader.exe | 
"{D3759D59-BCAE-4220-BD9F-9C37311938E5}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{D622DD9B-79A8-4A8C-ABBF-1E7D3E15345B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D986A5D3-C177-4507-8667-F1E59BE46315}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe-english.exe | 
"{DC5A8B45-CE76-4BF1-8B3E-A2DB5EFD9BA8}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro\ygopro_vs.exe | 
"{DD84E030-8C19-48E5-8FFC-A7904C99A979}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{DF492672-A439-4702-B868-863E9A76323C}" = protocol=17 | dir=in | app=f:\spiele\diablo iii\diablo iii.exe | 
"{E0C096EC-F140-4E54-B62B-75FA14D59EFC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{E456F09B-E026-4781-862B-FA18333E3E73}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro\ygopro_vs.exe | 
"{E864DAD9-E543-4142-80CE-3E6383D56655}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{E8D650D6-F5D5-44B1-BB23-B3B811C5280C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{EA118C80-2777-4DC8-B927-506442FFCC4B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{EB07845D-4664-4A6E-AFAD-CD871C1A4914}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EBA3822A-C983-4BF6-A91A-CD2019150347}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{EBDD94DC-BA3D-405D-B771-739EF03C6D40}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{EC9F6EDF-458C-4630-8F53-523574B7C4C4}" = protocol=6 | dir=in | app=g:\spiele\world of warcraft\launcher.exe | 
"{EDBEA87B-43FC-4869-A044-C658059797E2}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 
"{EF0924C4-3A4A-42B3-B720-0A27D97C6B51}" = dir=in | app=c:\users\maurice\appdata\local\temp\7zs508e\setup\hpznui40.exe | 
"{EF0C43CF-CF1E-4A31-B0DD-A437C5861353}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F042A4A0-1116-43FC-A321-2F22481A6A25}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{F244C703-695B-4EA5-85EE-68B5A7B62554}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{F3B99AFB-AF15-400F-AAF5-8B1822106732}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{F425F987-536A-441E-BAB8-43F3E8D365F7}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo\ygocore\ygopro_vs.exe | 
"{F42CBA81-D872-48CE-B3CD-2E7448143EA7}" = protocol=17 | dir=in | app=c:\spiele\battlefield 3\bf3.exe | 
"{F59FD77B-5664-40CB-9009-819E9BE67386}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{F7DBC021-6182-4E9C-AB12-450678845E97}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 
"{F93CA055-3004-46A1-BEFC-5446857FB458}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FAF11287-ECBE-4A9E-B8FE-D8BA07B1FC33}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro\ygopro_vs.exe | 
"{FB85C613-1631-4782-B9F9-A3D5BFEE04C4}" = protocol=6 | dir=in | app=g:\spiele\world of warcraft\launcher.patch.exe | 
"{FEAEA0A1-FC7B-44AC-9AA7-FE5ED1E88071}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"TCP Query User{01303FEE-120D-4CC3-9A29-83D6441B5D3A}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | 
"TCP Query User{0494245E-740A-4229-A13B-B6ECA41BAEF8}C:\users\maurice\downloads\ygod\ygopro.exe" = protocol=6 | dir=in | app=c:\users\maurice\downloads\ygod\ygopro.exe | 
"TCP Query User{07BD0577-214E-48EA-A381-844C8F6A67D8}H:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\launcher.exe | 
"TCP Query User{0CA0F8C2-2160-472C-B76B-44995DAA471C}C:\users\maurice\appdata\roaming\uvher\avyr.exe" = protocol=6 | dir=in | app=c:\users\maurice\appdata\roaming\uvher\avyr.exe | 
"TCP Query User{19C1C7C5-8F7A-4623-A39D-306C4CB9181E}C:\users\maurice\desktop\ygopro the dawn of a new era\ygopro\ygopro vs.1.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro the dawn of a new era\ygopro\ygopro vs.1.exe | 
"TCP Query User{1A4F7A49-F467-47C9-8281-AE246D7CBAE8}C:\users\maurice\desktop\ygopro102a\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro102a\ygopro_vs.exe | 
"TCP Query User{237E621D-D230-44E8-A0A8-4F3B04A6B6A8}H:\spiele\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=h:\spiele\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{24A05F49-1881-4913-B27A-80FDDF070C8B}C:\users\maurice\desktop\ygopro\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro\ygopro_vs.exe | 
"TCP Query User{25AA7AF3-0FC3-4D7F-8A6D-3BF1A95813CF}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{2653D398-678F-403A-BE4E-C19B98D88DDE}C:\users\maurice\desktop\ygo pro\gframe-english.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe-english.exe | 
"TCP Query User{2A89C9E6-BD83-43D1-87FA-891A31883B40}H:\spiele\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{2D364B2D-C4A8-49ED-B0CE-EA19D3D914A0}H:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{328C276D-AC33-49EA-ABAC-8C0E5FF19681}H:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{35157FB6-94A2-41CF-AAAA-B0E3533929C1}C:\users\maurice\desktop\ygopro\devpro.dll" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro\devpro.dll | 
"TCP Query User{3641631F-E164-4BD4-A37A-F55343191766}H:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{420A47F4-F0B3-4D67-9E5A-52171612A14A}C:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{4C02CC56-CB7F-419E-A978-696B48E2D37A}C:\users\maurice\downloads\ygopro.exe" = protocol=6 | dir=in | app=c:\users\maurice\downloads\ygopro.exe | 
"TCP Query User{51025F77-3F21-4201-9599-BCA4EA4FF4A1}H:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=h:\spiele\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{5AD59199-1D6D-4DB2-8741-94634DF600DA}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{5B025402-ED5B-49E2-91CE-08B3CDB6BB75}C:\users\maurice\desktop\ygopro-1.02a.0\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro-1.02a.0\ygopro_vs.exe | 
"TCP Query User{5F600107-2ABD-4C18-8FDC-4058170B78A8}C:\users\maurice\desktop\ygo pro\gframe.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe.exe | 
"TCP Query User{69C28C17-4A62-49F0-BA79-FF5ADD543CCD}F:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=f:\spiele\guild wars 2\gw2.exe | 
"TCP Query User{709D8828-E628-4790-9A00-E640AE5550E4}H:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{78547B9F-AE47-4178-B81C-E61C8BB3BCE6}C:\users\maurice\desktop\ygo pro\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro\ygopro_vs.exe | 
"TCP Query User{8A6042BC-9F82-4D47-BA64-FFF3F845727F}C:\users\maurice\desktop\ygo\ygocore\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo\ygocore\ygopro_vs.exe | 
"TCP Query User{95E39C32-A80D-467C-8E49-8CC45C9AB972}H:\spiele\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\launcher.patch.exe | 
"TCP Query User{9F63E6E7-0E91-473A-B1A0-8C395EDF942B}C:\users\maurice\desktop\neuer ordner\miranda64.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\neuer ordner\miranda64.exe | 
"TCP Query User{A1E63D2F-82EA-4BE5-AE12-5808AFDA88B3}C:\users\maurice\desktop\ygopro - kopie\ygopro.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro - kopie\ygopro.exe | 
"TCP Query User{A228F171-32A8-4C69-94A6-67DAA7617227}C:\users\maurice\desktop\ygo pro 28\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro 28\ygopro_vs.exe | 
"TCP Query User{A76A630A-C83D-471A-9E94-B4EDBBDD3E02}H:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{AECD1D7B-F808-4BB9-9896-E9C513D82667}H:\spiele\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"TCP Query User{B0EF814F-F209-401B-8A24-B441618507C1}G:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=g:\spiele\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{B9A17119-C10A-451A-B5C4-027325D66861}C:\users\maurice\desktop\ygo - kopie\ygocore\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo - kopie\ygocore\ygopro_vs.exe | 
"TCP Query User{BC082732-CFA1-499A-A6EE-1CD1AB6E28BE}C:\users\maurice\desktop\ygo pro 29\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro 29\ygopro_vs.exe | 
"TCP Query User{C26C961B-A842-4EAA-BDFB-7BB061CB258D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{DD4BAAA3-DB09-4EC1-A67B-6895B8D51E46}H:\spiele\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=h:\spiele\starcraft ii\starcraft ii.exe | 
"TCP Query User{E92C54DD-E624-41E3-B833-EF95A37C0C25}C:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=6 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | 
"TCP Query User{EF1ADCF3-99D1-424C-938D-F49BA4CE9F9F}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{F2C74E40-8795-4661-889D-BD7CB90A7768}C:\users\maurice\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\maurice\appdata\local\temp\gw2.exe | 
"TCP Query User{F77407C2-BC4B-4200-A841-4F37FD6E7904}H:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{FB925D25-C250-4A64-B477-D341BC324720}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{0116B359-FE9C-4207-8D27-4B8E1B8D5059}C:\users\maurice\desktop\ygopro102a\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro102a\ygopro_vs.exe | 
"UDP Query User{08275BE7-019F-49DC-8D9E-1F751854D2C2}C:\users\maurice\desktop\ygopro-1.02a.0\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro-1.02a.0\ygopro_vs.exe | 
"UDP Query User{17FA4057-6BF4-4B58-BD89-53381C313FF8}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{1E8CB8EC-D1AC-4DDF-9210-25391A7C7336}F:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=f:\spiele\guild wars 2\gw2.exe | 
"UDP Query User{21951524-F0B6-4936-9F72-3FCD4AFC19B6}H:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{3638995E-6B3D-4075-B2DA-F1DAAFDE3521}C:\users\maurice\downloads\ygod\ygopro.exe" = protocol=17 | dir=in | app=c:\users\maurice\downloads\ygod\ygopro.exe | 
"UDP Query User{3B807915-658B-4D1E-9809-BBFD93D92644}C:\users\maurice\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\maurice\appdata\local\temp\gw2.exe | 
"UDP Query User{468CFA6F-91AD-43EB-BDE3-0FCA3C3D7FD4}C:\users\maurice\desktop\ygo pro\gframe-english.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe-english.exe | 
"UDP Query User{596E9AD4-CFAC-4342-8BE8-6F997051B123}H:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=h:\spiele\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{5C63572C-6FA4-4692-9D4D-43B933B308DF}C:\users\maurice\desktop\ygo - kopie\ygocore\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo - kopie\ygocore\ygopro_vs.exe | 
"UDP Query User{5E163468-A30A-46B8-B1C6-40C203614604}H:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{5E7D04F4-975B-4958-A385-1EED70DB4B48}G:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=g:\spiele\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{7B56B498-D5DE-4A47-992F-4EDC6CD034C2}C:\users\maurice\desktop\ygopro - kopie\ygopro.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro - kopie\ygopro.exe | 
"UDP Query User{800F778B-EAD1-4F87-AB3B-D26CF092A3AD}C:\users\maurice\desktop\ygopro the dawn of a new era\ygopro\ygopro vs.1.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro the dawn of a new era\ygopro\ygopro vs.1.exe | 
"UDP Query User{81468422-3D75-4641-94B1-AF8D3F57D3BC}C:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{846F2660-E650-4E96-AF17-2C9F24C30A8C}H:\spiele\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=h:\spiele\starcraft ii\starcraft ii.exe | 
"UDP Query User{8858C054-1992-442B-B0C2-CC0279F3BE49}C:\users\maurice\desktop\ygopro\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro\ygopro_vs.exe | 
"UDP Query User{8F255DBF-E28F-4C9E-A0B3-A8332CB423D0}H:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\launcher.exe | 
"UDP Query User{90A416C4-D10D-4118-8DC3-F0AB3EE1FF39}C:\users\maurice\desktop\ygo pro\gframe.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe.exe | 
"UDP Query User{9395E26D-C4E8-4BE8-9281-09F43F12FCAA}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{9474C844-ED32-40D1-AC9C-DE970C67FDDB}H:\spiele\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=h:\spiele\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{9776F845-AC88-49A1-AF33-4B9701C399C5}H:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{9CC5EA7E-89D1-4F3A-923B-5512453FD4FE}C:\users\maurice\downloads\ygopro.exe" = protocol=17 | dir=in | app=c:\users\maurice\downloads\ygopro.exe | 
"UDP Query User{9E766F12-1DA3-4331-9D96-AB4C73BFF0B7}H:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{A2033B17-01D2-4577-9473-5172952319DD}C:\users\maurice\desktop\ygo pro 29\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro 29\ygopro_vs.exe | 
"UDP Query User{AAAE86D2-239E-41B2-81CE-48825BF7755A}C:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=17 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | 
"UDP Query User{ACAEF139-7324-42FB-A371-66F5C672FC23}C:\users\maurice\desktop\ygo\ygocore\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo\ygocore\ygopro_vs.exe | 
"UDP Query User{AED4D78C-245D-41AD-B181-5F782F4055AD}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{AF6B43C4-B0E9-479B-9E16-AF1534BA1C9C}C:\users\maurice\desktop\ygo pro\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro\ygopro_vs.exe | 
"UDP Query User{B3F71518-74F0-49AF-ABF0-D63E712CCFA0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{B9DE004C-769C-453C-9D58-AAA4C1CE4A9F}C:\users\maurice\desktop\ygopro\devpro.dll" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro\devpro.dll | 
"UDP Query User{CD1CC98E-833D-4C31-BEEC-EC20D2C3EA89}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{CED70BBB-F6E2-4223-B635-29E3E074FECC}H:\spiele\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\launcher.patch.exe | 
"UDP Query User{D9090EAC-8E1B-43E1-862E-AEB3373D495F}H:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{E64EC131-FC8E-45CA-852D-2F567FF00227}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | 
"UDP Query User{E67F6E34-EE08-487B-99A1-395A9BEEB80D}H:\spiele\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{E6E67E1F-510D-4859-8A7E-FB0D6788FA37}C:\users\maurice\appdata\roaming\uvher\avyr.exe" = protocol=17 | dir=in | app=c:\users\maurice\appdata\roaming\uvher\avyr.exe | 
"UDP Query User{EF563ACD-331D-4690-B488-1ECAC9073939}H:\spiele\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"UDP Query User{F50F10F2-15EB-49C0-B97E-8AAF89EF3DC7}H:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{F60A3BAA-A511-4947-BA5F-48DBE582565E}C:\users\maurice\desktop\neuer ordner\miranda64.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\neuer ordner\miranda64.exe | 
"UDP Query User{F95DE7A8-BA52-4387-876B-795FA9E23542}C:\users\maurice\desktop\ygo pro 28\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro 28\ygopro_vs.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{15D97451-1520-4551-BE2D-BCDE2DF22EA7}" = Logitech GamePanel Software 3.01
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"Unlocker" = Unlocker 1.9.1-x64
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{0F366B10-BED2-4DC0-B8CF-B3DF3AF27B37}" = M3 SAKURA V1.49a Global (GAME PATCH V4.9a)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{577EA8FF-7FA8-4D88-B7E2-29A437605F80}" = Belkin Basic Wireless USB Adapter
"{5BE5DB79-685E-46FD-A231-CD7467B69DD7}" = TP-LINK Wireless Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC7C704F-BFAB-4E0F-9440-E18D70B52109}" = Dawn Of A New Era
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ElsterFormular 13.2.0.8623u" = ElsterFormular
"ESN Sonar-0.70.4" = ESN Sonar
"GPU Caps Viewer_is1" = GPU Caps Viewer v1.8.0
"Guild Wars 2" = Guild Wars 2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Nvu_is1" = Nvu 1.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PDF reDirect" = PDF reDirect (remove only)
"PKR" = PKR
"PokerStars.eu" = PokerStars.eu
"PunkBusterSvc" = PunkBuster Services
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Trillian" = Trillian
"Tunngle beta_is1" = Tunngle beta
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"65998142.www.click-learn.info" = CLICK and LEARN
"Bitcoin" = Bitcoin
"FileZilla Client" = FileZilla Client 3.5.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.05.2013 16:44:53 | Computer Name = QOQ | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Maurice\Downloads\SoftonicDownloader_for_messenger-reviver.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 01.05.2013 16:44:55 | Computer Name = QOQ | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Maurice\Downloads\SoftonicDownloader_for_messenger-reviver.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 01.05.2013 16:44:57 | Computer Name = QOQ | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Maurice\Downloads\SoftonicDownloader_for_messenger-reviver.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 01.05.2013 16:48:55 | Computer Name = QOQ | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Maurice\Downloads\SoftonicDownloader_for_messenger-reviver.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 01.05.2013 16:51:10 | Computer Name = QOQ | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 01.05.2013 17:46:28 | Computer Name = QOQ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: devpro.dll, Version: 0.0.0.0, Zeitstempel:
 0x517c3494  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x89df036c  ID des fehlerhaften Prozesses:
 0x1938  Startzeit der fehlerhaften Anwendung: 0x01ce46b54f596e3e  Pfad der fehlerhaften
 Anwendung: C:\Users\Maurice\Desktop\duelshop\YGOPRO Dawn of a New Era 2.4.0.1513\ygopro4\devpro.dll
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 93691b68-b2a8-11e2-a731-a22b949c57a7
 
Error - 02.05.2013 06:31:46 | Computer Name = QOQ | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2013 07:20:55 | Computer Name = QOQ | Source = Application Hang | ID = 1002
Description = Programm thunderbird.exe, Version 17.0.5.4835 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 15bc    Startzeit: 01ce472011372a4d    Endzeit: 9    Anwendungspfad: 
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe    Berichts-ID: 386f2072-b31a-11e2-a711-a1bad0921d41

 
Error - 02.05.2013 07:31:00 | Computer Name = QOQ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a74  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x008d1ea0  ID des fehlerhaften
 Prozesses: 0x1be8  Startzeit der fehlerhaften Anwendung: 0x01ce4725f4619c94  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 c302273b-b31b-11e2-a711-a1bad0921d41
 
Error - 02.05.2013 08:53:04 | Computer Name = QOQ | Source = Application Hang | ID = 1002
Description = Programm thunderbird.exe, Version 17.0.5.4835 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: d9c    Startzeit: 01ce472f1bd30299    Endzeit: 4    Anwendungspfad: C:\Program
 Files (x86)\Mozilla Thunderbird\thunderbird.exe    Berichts-ID: 38be750e-b327-11e2-a711-a1bad0921d41

 
[ System Events ]
Error - 21.04.2013 17:52:52 | Computer Name = QOQ | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 22.04.2013 15:39:07 | Computer Name = QOQ | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 25.04.2013 05:36:04 | Computer Name = QOQ | Source = ipnathlp | ID = 31004
Description = 
 
Error - 26.04.2013 12:37:36 | Computer Name = QOQ | Source = ipnathlp | ID = 31004
Description = 
 
Error - 26.04.2013 18:45:13 | Computer Name = QOQ | Source = ipnathlp | ID = 31004
Description = 
 
Error - 26.04.2013 19:54:28 | Computer Name = QOQ | Source = ipnathlp | ID = 31004
Description = 
 
Error - 27.04.2013 18:58:20 | Computer Name = QOQ | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.04.2013 12:29:56 | Computer Name = QOQ | Source = ipnathlp | ID = 31004
Description = 
 
Error - 29.04.2013 18:22:22 | Computer Name = QOQ | Source = ipnathlp | ID = 31004
Description = 
 
Error - 30.04.2013 18:05:19 | Computer Name = QOQ | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >
         
--- --- ---


Bei gmer_2.1.19163.exe kommt leider "gmer_2.1.19153.exe funktionier nicht mehr"
bei Library C:\\Windows\system32\svchost.exe @ c:\windows\system32\sstpsvc.dll"

Ich hoffe mir kann geholfen werden.
Bin Selbstständig und der PC ist sehr wichtig.

Viele Grüße
Maurice

Ich habe hier mal alle Dateien, die mir verdächtig erscheinen, hochgeladen:
File-Upload.net - virus.zip

Zur Sicherheit die Endungen (.exe, .zoe) in .txt geändert.

Alt 02.05.2013, 18:20   #2
aharonov
/// TB-Ausbilder
 
Trojaner ... Gen:Variant.Symmi.10415 - Online Banking - Standard

Trojaner ... Gen:Variant.Symmi.10415 - Online Banking



Hi,

du hast dir in der Tat sehr unschöne Malware eingefangen, welche es auf dein Online-Banking abgesehen hat (Zeus/Zbot).
Aber da dein Microsoft Office Professional Plus 2010 wohl keine Originalversion ist, sind uns hier leider die Hände gebunden..

Wir suchen nicht gezielt nach solchen Hinweisen, aber wenn wir sie sehen, dann können wir nicht mehr beide Augen zudrücken. Deshalb:
Cracks und Keygens

Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Nebst ihrer Illegalität sind Cracks und Patches aus dubioser Quelle auch sehr oft mit Schädlingen versehen, womit man sich also fast schon vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Wir haben dich in unserer Anleitung unter Punkt 8 der Foren-Regeln auch unmissverständlich darauf hingewiesen, wie wir damit umgehen werden.

Diese Software hat ihren Preis und die Softwarefirmen leben von diesen Einnahmen. Als Alternative gibt es überall jede Menge sehr gute Freeware oder abgespeckte, günstig zu erwerbende Versionen.

Unsere Empfehlung hier lautet, einen sauberen Neuanfang zu vollziehen, und unsere Hilfe beschränkt sich daher auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Unterforum Alles rund um Windows.
__________________

__________________

Alt 02.05.2013, 18:51   #3
bluecrystal
 
Trojaner ... Gen:Variant.Symmi.10415 - Online Banking - Standard

Trojaner ... Gen:Variant.Symmi.10415 - Online Banking



Betrifft es nur das Online-Banking oder auch Passwörter/E-Mail Programme?

Das Passwort für das Online-Banking und zur Sicherheit auch die Passwörter von meinen E-Mailkonten habe ich geändert. Aber wenn der Trojaner auch die gespeicherten Passwörter von Firefox klaut, habe ich Bingo.

Habe mit Unlocker die verdächtigen Dateien gelöscht.
In Windows32: dllhost.dll und dllhost3g.dll
In AppData: avyr.exe, bcyoo.zoe, fequa.zoe

Mit Regedit habe ich dazu den Eintrag von avyr.exe entfernt.

Mein Online-Banking funktioniert jetzt wieder, es taucht auch keine Verbindung mehr zu securepro150.com auf. Ich habe das zur Sicherheit noch mit smsniff kontrolliert. Die Domain habe ich mal der ICANN gemeldet, die IP-Adresse dem Hoster aus Russland, vielleicht passiert ja was.

Aber ich habe echt Angst beim Surfen, keine Ahnung wie der Trojaner gestern Abend auf mein PC kam. Laut meiner Chronik habe ich in der Zeit wallapi°com besucht. Habe die Dateien, die in der Zeit erstellt wurden, Dank der Infos eurer Tools entfernt.
__________________

Antwort

Themen zu Trojaner ... Gen:Variant.Symmi.10415 - Online Banking
.com, adblock, antivir, avira, battle.net, bho, bonjour, browser, e-banking, entfernen, error, firefox, flash player, gen:variant.symmi.10415, helper, home, install.exe, launch, logfile, msiinstaller, olympus, online banking, realtek, richtlinie, scan, securepro150.com, security, senden, software, spyware, svchost.exe, taskmanager, trojaner, virus, werbung, windows



Ähnliche Themen: Trojaner ... Gen:Variant.Symmi.10415 - Online Banking


  1. Secure Banking - Online Banking auf der sicheren Seite!
    Archiv - 29.08.2016 (471)
  2. Fund von Gen:Variant.Symmi.57621 (B)
    Plagegeister aller Art und deren Bekämpfung - 15.11.2015 (9)
  3. Windows 8.1: Bitdefender Fund "gen.variant.symmi.[NUMMER]" Kann nicht entfernt werden.
    Log-Analyse und Auswertung - 16.02.2014 (2)
  4. XP: Malwarebytes findet PUP.Optional.InstallIQ.a ; F-Secure: Gen:Variant.Symmi.34833
    Plagegeister aller Art und deren Bekämpfung - 20.11.2013 (9)
  5. Online-Banking-Trojaner!
    Log-Analyse und Auswertung - 22.06.2013 (17)
  6. 2x Online-Banking: Trojaner
    Mülltonne - 02.05.2013 (1)
  7. Online-Banking: Trojaner
    Log-Analyse und Auswertung - 02.05.2013 (1)
  8. Online-Banking-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (14)
  9. Virus Gen:Variant.Symmi.10389 und Gen:Variant.Graftor.Elzob.23242 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (29)
  10. Trojaner im Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (21)
  11. Infektion mit Gen:Variant.Symmi.4661
    Log-Analyse und Auswertung - 06.12.2012 (19)
  12. Müll aus Secure Banking - Online Banking auf der sicheren Seite!
    Mülltonne - 04.10.2012 (0)
  13. Online-Banking Trojaner ?
    Log-Analyse und Auswertung - 02.03.2012 (20)
  14. Online-Banking Trojaner
    Log-Analyse und Auswertung - 23.12.2011 (3)
  15. TAN / Online-Banking Trojaner!
    Log-Analyse und Auswertung - 29.11.2011 (35)
  16. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  17. Online-Banking Trojaner
    Log-Analyse und Auswertung - 05.12.2010 (5)

Zum Thema Trojaner ... Gen:Variant.Symmi.10415 - Online Banking - Hallo, jetzt ist es mir passiert. Seit gut 3 Jahren habe ich mir weder einen Virus noch einen Trojaner oder ähnliches eingefangen, während ich bei meiner Nachbarschaft immer den "Bundestrojaner" - Trojaner ... Gen:Variant.Symmi.10415 - Online Banking...
Archiv
Du betrachtest: Trojaner ... Gen:Variant.Symmi.10415 - Online Banking auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.