Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.05.2013, 17:35   #1
shika007
 
Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt! - Standard

Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt!



Hallo,

ich bedanke mich im Voraus für eure großzügige Hilfe hier im Forum, gibt es nicht oft im Web.

Heute meinte Avira es hätte einen TR geblockt. Ich hab aus Lust und laune das Programm als Ausnahme hinzugefügt. Steinigt mich, bitte! Bin mir jetzt aber nicht sicher wo das Ding ist. Das Programm, eine kleine .exe hab ich ja gelöscht. Nunja...



GMER
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-04 18:13:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-083CA1 rev.19.01H19 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\VORNAME\AppData\Local\Temp\uwdirfow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                             fffff800033f9000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                             fffff800033f902f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\hasplms.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000075501465 2 bytes [50, 75]
.text     C:\Windows\system32\hasplms.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 00000000755014bb 2 bytes [50, 75]
.text     ...                                                                                                                            * 2
.text     C:\Program Files (x86)\pc essentials\updater.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000075501465 2 bytes [50, 75]
.text     C:\Program Files (x86)\pc essentials\updater.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000755014bb 2 bytes [50, 75]
.text     ...                                                                                                                            * 2
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000075501465 2 bytes [50, 75]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000755014bb 2 bytes [50, 75]
.text     ...                                                                                                                            * 2
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000075501465 2 bytes [50, 75]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000755014bb 2 bytes [50, 75]
.text     ...                                                                                                                            * 2
.text     C:\Windows\SysWOW64\PnkBstrA.exe[4308] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                        0000000073731a22 2 bytes [73, 73]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[4308] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                        0000000073731ad0 2 bytes [73, 73]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[4308] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                        0000000073731b08 2 bytes [73, 73]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[4308] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                        0000000073731bba 2 bytes [73, 73]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[4308] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                        0000000073731bda 2 bytes [73, 73]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000075501465 2 bytes [50, 75]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000755014bb 2 bytes [50, 75]
.text     ...                                                                                                                            * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5832] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69   0000000075501465 2 bytes [50, 75]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5832] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  00000000755014bb 2 bytes [50, 75]
.text     ...                                                                                                                            * 2

---- EOF - GMER 2.1 ----
         
EXTRAS
Code:
ATTFilter
OTL Extras logfile created on: 04.05.2013 16:45:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Standartbenutzer\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,73% Memory free
7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390,53 Gb Total Space | 267,41 Gb Free Space | 68,47% Space Free | Partition Type: NTFS
Drive D: | 75,13 Gb Total Space | 75,04 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
 
Computer Name: NAMEPC | User Name: NAME| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{262D89A6-7E16-4251-B573-4CF08AFFF581}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2D5BB3BB-DEF4-41ED-B386-1952BC8DC279}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{501B12D2-1262-4C46-81D0-B12FE98AFBC4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5C169532-304F-4FE3-B87E-B7C0798497AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5DEDF8CD-3A28-4706-916B-09E33A7E1C37}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5F9578A8-06A5-4FEC-AA8E-C14B8AED24A3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6224FFCA-0FC2-4D01-812F-3F82FDA174D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6AE48DCC-A744-4D34-B17A-CD50FA54D7C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6AE7EB6C-F87F-4578-A24F-8B088DF3D270}" = lport=445 | protocol=6 | dir=in | app=system | 
"{793F2270-BA2F-4BE7-A12C-D2E4C3793310}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7CCF34D6-2960-4522-B46A-D0BD7DE83EE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B2384AE8-AAC1-48D2-9136-F7A4FAC9805E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D2E384A7-FAF9-45EB-9847-9ED31A9FCB0E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D6A8A041-B36F-4059-A1BC-B786C46060A0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{D994784E-4150-42AF-AFA1-2461B912E205}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E41BB31D-C644-4AFB-999A-32D0F0D06748}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E5D416ED-4236-4BAD-97BD-7B612F2B6341}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E97EEA31-ADF4-405C-A72C-0FC4D679E5E6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{EA590B2B-2800-4FC8-8EE3-07BA6AFA3F3A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F19F084C-5A12-428D-B391-F2A447407E98}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FB32F782-1469-4319-8AAB-CF898F98C477}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FE72A149-E9F0-46D1-91B9-12D47C390143}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FFA1440F-A164-453A-80E3-9324955501B7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0763D860-2C69-4DFA-A682-025E1DBF1017}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0B899122-7582-46F4-8F0E-14776C1C9ED7}" = dir=out | app=%programfiles% (x86)\magix\video deluxe 2013\videodeluxe.exe | 
"{0C73C17E-81C1-4279-8968-39A2B2E3A3B3}" = protocol=17 | dir=in | app=c:\program files (x86)\lightworks\ntcardvt.exe | 
"{18C6479C-5B15-41AE-8FEB-6E9E3BF62F10}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe | 
"{192AE737-034D-41D5-A050-924E8750A649}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe | 
"{1B676059-5466-4D05-B40A-3FB7BC2F2360}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{1CC08922-5804-4D91-A9AF-1EB5E93A2B4F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{1EAEE836-0144-4DEB-8737-6DA253DC2D84}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{26C1D906-218C-4720-8E20-DE105828CF1D}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{2AE30E0F-841D-4E82-BE45-103598393EC4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3C7E2B1F-759E-4553-A277-6C5127AF745D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\stjepan23\zombie panic! source dedicated server\srcds.exe | 
"{41AE4684-B323-4E2D-A744-42EF977CA8C5}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{45766DF2-C1FF-4410-9EA4-09D84F539CA3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4D15B7F6-B9C1-436F-A972-906107E7CAE7}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{4D9DBF4E-2CE1-44D4-A56E-49088A7DABE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{50B83BB0-1759-4815-BE2A-AE940354AF68}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{511E0279-57DF-4F31-ADC8-57B23246EDCD}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"{619A037E-2008-4748-A8A3-77F569FE4D86}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{61E54E8D-E56B-4939-855B-400401D614E1}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"{72DDAA67-7E8C-4176-8A61-4AF82B080554}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{77D72EF6-F249-44CE-8144-5701C0E81955}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\stjepan23\zombie panic! source dedicated server\srcds.exe | 
"{7EECD7F1-5F08-4A94-B820-E588FA484D92}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{84174668-6DE6-4E37-88C2-C85A56E6D3AE}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{8DC09BF1-B45F-4835-8176-23D072FE9D75}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{90046E2F-23BE-4D76-96DD-ABAF813EE9C0}" = protocol=17 | dir=in | app=c:\users\standartbenutzer\desktop\securitysystem.exe | 
"{90501AF5-1FF6-433F-B207-C94088EACCBF}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{91B2D772-E904-4994-8DB0-F5E8D0FC3858}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{9206580F-3CC3-44A9-9CB8-BCD3955ADD5A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{952F8828-B43F-4B60-9FB9-6DD78D39848D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{96457FE4-E903-4D27-9D59-137C9D208750}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9BE3B03A-BE0C-41CC-BECB-B87F15276D16}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{9C9700D3-8B10-4319-9954-999437115673}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9F1997C6-200A-4433-9EDF-D389F5E2F3C6}" = protocol=6 | dir=in | app=c:\users\standartbenutzer\desktop\securitysystem.exe | 
"{A58F3AB8-6D83-415A-915A-097BA7C3DC92}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AA27E4FB-243F-4AD1-86EF-B9B7933F7500}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{AF274FE9-E5F2-4504-827E-A6E7BD6481CA}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{C63FB252-4E90-42E6-87C6-E19503D8D556}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe | 
"{CB32C97B-B9DF-4034-9D14-A362693C7943}" = protocol=6 | dir=in | app=c:\program files (x86)\lightworks\ntcardvt.exe | 
"{D735560E-1A2C-45EE-A330-D664D263112A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{D88693C1-F075-4654-BCB3-589EED6A5976}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{E49DB7AA-4710-4BE2-A62A-ABE9570FF6D5}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{E58D9ED2-E182-484B-B9E3-B912DABEB8A3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{E6E56034-71CC-4F11-9B19-D9B3BE0AC7CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E7A50381-2CB6-45CE-A43D-161D6D2CD5FC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{EBE204BE-C0F7-4B0E-996A-10DA143A6A50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{EC8D6CC6-DF1B-4AA1-9E7B-B48934FCD682}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe | 
"{F022B722-3A1E-4BCB-8AF1-0A5F056F8B32}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FAFA09D2-A660-49BC-A652-A9F6A9217D9F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"TCP Query User{0172C7C3-EBEF-4AA8-8A96-7C888CCCA582}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{0F259DB0-D62E-4369-B5C8-099D7F774560}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{14E7651E-8834-4FEC-8BC0-4C2B5687B028}C:\program files (x86)\steam\steamapps\stjepan23\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\stjepan23\team fortress 2\hl2.exe | 
"TCP Query User{1EC5FB58-6C4D-4033-91EA-26880339A6B7}C:\users\standartbenutzer\appdata\local\freeciv-2.3.4-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\users\standartbenutzer\appdata\local\freeciv-2.3.4-gtk2\freeciv-server.exe | 
"TCP Query User{21F3F530-A7E1-4689-B72E-E6F6648F0274}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{242625DF-E7ED-44E2-8CCC-DDDD196C60A9}C:\users\standartbenutzer\appdata\local\temp\rar$exa0.791\tnet.exe" = protocol=6 | dir=in | app=c:\users\standartbenutzer\appdata\local\temp\rar$exa0.791\tnet.exe | 
"TCP Query User{24DA71FC-3FC9-465B-9971-607A38159882}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"TCP Query User{31A90EBC-7E15-4E08-A65C-30F5D1ED248C}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe | 
"TCP Query User{3A79D3FA-FBAC-4D08-B062-04F3A65DC692}C:\users\standartbenutzer\appdata\roaming\icqm\icq.exe" = protocol=6 | dir=in | app=c:\users\standartbenutzer\appdata\roaming\icqm\icq.exe | 
"TCP Query User{3E3C3EEA-5B65-4116-AB04-B50AADC38584}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe | 
"TCP Query User{46926214-64A1-4C25-B938-0F6C557F9CC8}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe | 
"TCP Query User{49E9FBBC-84C1-43E4-B333-5E3F164CDBDC}C:\program files (x86)\hydrairc\hydrairc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hydrairc\hydrairc.exe | 
"TCP Query User{4F49FFED-48A3-4E3A-B3E5-99E55644C663}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{51E27C8C-7CB7-4D3D-84F7-099DAFB447F6}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{53D16336-2BB0-4F3E-BABB-1AEA44091034}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe | 
"TCP Query User{7FC0D920-DEA8-41AF-B99B-2A09B5EC506C}C:\udk\udk-2013-02\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2013-02\binaries\win32\udk.exe | 
"TCP Query User{8556BEFC-8C18-48F9-9122-A7D86FFA4A44}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{950AE450-57F2-4E50-BF7B-0FE2A534DABF}C:\users\standartbenutzer\appdata\local\temp\rar$exa0.172\cryptload1.1.8\routerclient.exe" = protocol=6 | dir=in | app=c:\users\standartbenutzer\appdata\local\temp\rar$exa0.172\cryptload1.1.8\routerclient.exe | 
"TCP Query User{AB59F75A-E949-4845-AA77-0D6B8C835B5C}C:\users\standartbenutzer\appdata\local\freeciv-2.3.4-gtk2\freeciv-gtk2.exe" = protocol=6 | dir=in | app=c:\users\standartbenutzer\appdata\local\freeciv-2.3.4-gtk2\freeciv-gtk2.exe | 
"TCP Query User{BB05853B-2008-4DD2-9A99-89962462CA54}C:\program files (x86)\steam\steamapps\stjepan23\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\stjepan23\zombie panic! source\hl2.exe | 
"TCP Query User{D232752D-BE32-4484-9B64-55EF74E3A1A2}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe | 
"TCP Query User{D59B3334-706D-4653-B41B-9F35FD7B693E}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe | 
"TCP Query User{DE4A3641-6A03-479B-971C-5EE8E4941432}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{0503B0A4-1DB7-461E-BC77-EA25E7BDBEEA}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{0BE23AE3-1729-460E-AEBB-B92FAE233102}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe | 
"UDP Query User{1269C7A7-4D8E-4989-A76F-B23A72F54031}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{13A3DE09-3143-47A6-A610-986AC4E1996E}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{14F4D043-D51F-49D4-9B6E-217FC4034D70}C:\users\standartbenutzer\appdata\local\freeciv-2.3.4-gtk2\freeciv-gtk2.exe" = protocol=17 | dir=in | app=c:\users\standartbenutzer\appdata\local\freeciv-2.3.4-gtk2\freeciv-gtk2.exe | 
"UDP Query User{1D611D0F-5C29-47AA-A244-DA7AB7C75CD7}C:\users\standartbenutzer\appdata\roaming\icqm\icq.exe" = protocol=17 | dir=in | app=c:\users\standartbenutzer\appdata\roaming\icqm\icq.exe | 
"UDP Query User{3372DED8-3CF8-4202-B197-BA6E310E10A7}C:\udk\udk-2013-02\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2013-02\binaries\win32\udk.exe | 
"UDP Query User{41D341A5-9591-4B58-875B-0AA5A9170860}C:\users\standartbenutzer\appdata\local\temp\rar$exa0.791\tnet.exe" = protocol=17 | dir=in | app=c:\users\standartbenutzer\appdata\local\temp\rar$exa0.791\tnet.exe | 
"UDP Query User{4E69B5CA-65EF-4DB3-A785-06E23EFA318B}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{5007F47C-7255-489D-B729-E63FB106EA13}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe | 
"UDP Query User{5352EF88-37F6-45C5-9304-211F2FD86D7A}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe | 
"UDP Query User{704F7D83-D405-4110-9640-FB60B5271E1A}C:\program files (x86)\steam\steamapps\stjepan23\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\stjepan23\zombie panic! source\hl2.exe | 
"UDP Query User{80080D8C-A3CB-48C5-B877-D7AE59188407}C:\users\standartbenutzer\appdata\local\freeciv-2.3.4-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\users\standartbenutzer\appdata\local\freeciv-2.3.4-gtk2\freeciv-server.exe | 
"UDP Query User{8C81A950-4FA5-4C65-8F12-4503354105C2}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe | 
"UDP Query User{98DA7360-0E89-4F4F-9B60-0BCBC482AD87}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{99AB2C56-4B73-43F9-8D43-8ABC617AE7D6}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"UDP Query User{99C68BF3-6524-4EBA-BA1D-3875079A071B}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe | 
"UDP Query User{B4C1AEC3-EEEE-4BD0-AF8D-20FBEDB217DE}C:\program files (x86)\hydrairc\hydrairc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hydrairc\hydrairc.exe | 
"UDP Query User{BC8B54B9-F119-4506-9107-D40CB3BB605A}C:\program files (x86)\steam\steamapps\stjepan23\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\stjepan23\team fortress 2\hl2.exe | 
"UDP Query User{C9357DA0-E2F6-40B5-8C06-24AF8A3C2DF0}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{EC999B8C-162A-4DD6-8E5C-FE2441A04269}C:\users\standartbenutzer\appdata\local\temp\rar$exa0.172\cryptload1.1.8\routerclient.exe" = protocol=17 | dir=in | app=c:\users\standartbenutzer\appdata\local\temp\rar$exa0.172\cryptload1.1.8\routerclient.exe | 
"UDP Query User{F71CBD48-84EC-4BEE-A38F-D947434FB0D7}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe | 
"UDP Query User{FA7A6477-B01F-4782-8F23-84ADC04ED5E6}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{44610EE0-C908-D8F1-425D-914A5B745DEA}" = AMD Drag and Drop Transcoding
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}" = MAGIX Video deluxe 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A3A1D6DC-7CB4-4894-8E54-3A48493EF488}" = MAGIX Speed burnR (MSI)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Blender" = Blender
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pen Tablet Driver" = Wacom
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{10F0131F-1CA2-4433-8473-7C890C769581}_is1" = Monitor Off Utility 1.0
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{604B2A5C-B1CE-45B2-ADCC-6B7C721AC3AC}" = LibreOffice 4.0.1.2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B9BD670E-E9BF-494A-9843-F20C13EE8C4C}" = ArtRage 2
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.5.4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CortonAndHomePage" = CortonAndHomePage
"Desura" = Desura
"Desura_62350040236064" = Desura: Project Zomboid
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.6.0.2
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"HydraIRC" = HydraIRC
"Inkscape" = Inkscape 0.48.4
"MAGIX_{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}" = MAGIX Video deluxe 2013
"MAGIX_{A3A1D6DC-7CB4-4894-8E54-3A48493EF488}" = MAGIX Speed burnR (MSI)
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 17500" = Zombie Panic Source
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 440" = Team Fortress 2
"TeamViewer 8" = TeamViewer 8
"TIPP10_is1" = TIPP10 Version 2.1.0
"Unity" = Unity
"VLC media player" = VLC media player 2.0.5
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"755da840d7dbab19" = AntSim v1.1
"Hawken" = Hawken
"soe-PlanetSide 2 PSG" = PlanetSide 2 PSG
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.05.2013 04:36:16 | Computer Name = Stjepan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2013 04:08:39 | Computer Name = Stjepan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.05.2013 05:17:04 | Computer Name = Stjepan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.05.2013 03:31:38 | Computer Name = Stjepan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.05.2013 06:58:36 | Computer Name = Stjepan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.05.2013 07:29:17 | Computer Name = Stjepan-PC | Source = Application Hang | ID = 1002
Description = Programm Extreme Injector v2 by master131.exe, Version 2.1.0.0 kann
 nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den
 Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen
 zum Problem zu suchen.    Prozess-ID: 934    Startzeit: 01ce48ba518f7901    Endzeit: 9    Anwendungspfad:
 C:\Users\Standartbenutzer\Desktop\Extreme Injector v2 by master131.exe    Berichts-ID:
 d9193d2b-b4ad-11e2-93dd-1c6f65bf0d39  
 
Error - 04.05.2013 07:36:43 | Computer Name = Stjepan-PC | Source = Application Hang | ID = 1002
Description = Programm Extreme Injector v2 by master131.exe, Version 2.1.0.0 kann
 nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den
 Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen
 zum Problem zu suchen.    Prozess-ID: 234    Startzeit: 01ce48bab92170bb    Endzeit: 5    Anwendungspfad:
 C:\Users\Standartbenutzer\Desktop\Extreme Injector v2 by master131.exe    Berichts-ID:
 e305f298-b4ae-11e2-93dd-1c6f65bf0d39  
 
Error - 04.05.2013 08:15:17 | Computer Name = Stjepan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.05.2013 08:21:04 | Computer Name = Stjepan-PC | Source = ESENT | ID = 489
Description = taskhost (4632) Versuch, Datei "C:\Users\Stjepan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
 für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess
 kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet 
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 04.05.2013 08:28:55 | Computer Name = Stjepan-PC | Source = ESENT | ID = 489
Description = taskhost (4944) Versuch, Datei "C:\Users\Stjepan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
 für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess
 kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet 
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
[ Spybot - Search and Destroy Events ]
Error - 04.05.2013 10:00:29 | Computer Name = Stjepan-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 27.04.2013 01:15:05 | Computer Name = Stjepan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "pc essentials" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%1053
 
Error - 28.04.2013 04:49:10 | Computer Name = Stjepan-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 pc essentials erreicht.
 
Error - 28.04.2013 04:49:10 | Computer Name = Stjepan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "pc essentials" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%1053
 
Error - 29.04.2013 04:05:32 | Computer Name = Stjepan-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 pc essentials erreicht.
 
Error - 29.04.2013 04:05:32 | Computer Name = Stjepan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "pc essentials" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%1053
 
Error - 29.04.2013 06:48:15 | Computer Name = Stjepan-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 29.04.2013 06:48:15 | Computer Name = Stjepan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 03.05.2013 05:15:30 | Computer Name = Stjepan-PC | Source = hasplms | ID = 458755
Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
manner! 
 
Error - 04.05.2013 08:13:39 | Computer Name = Stjepan-PC | Source = hasplms | ID = 458755
Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
manner! 
 
Error - 04.05.2013 08:36:51 | Computer Name = Stjepan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy1" den Befehl "chkdsk" aus.
 
 
< End of report >
         


OTL
Code:
ATTFilter
OTL logfile created on: 04.05.2013 16:45:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Standartbenutzer\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,73% Memory free
7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390,53 Gb Total Space | 267,41 Gb Free Space | 68,47% Space Free | Partition Type: NTFS
Drive D: | 75,13 Gb Total Space | 75,04 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
 
Computer Name: STJEPAN-PC | User Name: Stjepan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.05.04 16:44:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Standartbenutzer\Desktop\OTL.exe
PRC - [2013.05.04 15:04:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.04 15:04:41 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.04 15:04:40 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.04 14:14:05 | 001,531,392 | ---- | M] () -- C:\Windows\Temp\1100.exe
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013.01.25 16:30:25 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.10.08 17:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Programme\Tablet\Pen\WacomHost.exe
PRC - [2012.06.27 17:09:08 | 001,734,416 | ---- | M] () -- C:\Program Files (x86)\pc essentials\updater.exe
PRC - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2006.09.19 10:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2006.09.19 10:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.06.28 10:53:00 | 004,941,768 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.04 15:04:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.05.04 15:04:41 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.05.03 20:34:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.10 21:14:23 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2013.01.25 16:30:25 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.11 14:07:04 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.06.27 17:09:08 | 001,734,416 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\pc essentials\updater.exe -- (pc essentials)
SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.04 15:04:58 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.05.04 15:04:58 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.05.04 15:04:58 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.12.03 17:36:34 | 000,081,824 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.12.03 17:36:34 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.11.15 10:41:06 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.09.21 21:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.09.21 21:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.06.28 10:51:36 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.22 16:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.09.28 17:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011.07.01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.05.24 14:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.03.27 19:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=b8cf53100000000000001c6f65bf0d39
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=120133&babsrc=SP_ss&mntrId=b8cf53100000000000001c6f65bf0d39
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\NAME\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.04.21 22:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.04 11:47:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
[2013.03.08 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NAME\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.01.30 20:27:42 | 000,205,094 | ---- | M] () (No name found) -- C:\Users\NAME\AppData\Roaming\mozilla\firefox\profiles\extensions\clickmoviedownloader@clickmoviedownloader.com.xpi
[2013.05.04 11:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http:\/\/www.google.de\/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\NAME\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Stjepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Stjepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Stjepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Little Alchemy = C:\Users\Stjepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\
CHR - Extension: Der Planer der R\u00E4ume = C:\Users\Stjepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: Google Mail = C:\Users\Stjepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.04.03 19:18:23 | 000,001,889 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1	lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1	na2m-pr.licenses.adobe.com
O1 - Hosts: 127.0.0.1	ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1	ereg.wip4.adobe.com
O1 - Hosts: 127.0.0.1	wip.adobe.com
O1 - Hosts: 127.0.0.1	wip1.adobe.com
O1 - Hosts: 127.0.0.1	wip2.adobe.com
O1 - Hosts: 127.0.0.1	wip3.adobe.com
O1 - Hosts: 127.0.0.1	wip4.adobe.com
O1 - Hosts: 127.0.0.1	wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1	hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1	adobeereg.com
O1 - Hosts: 127.0.0.1	activate.adobe.com
O1 - Hosts: 127.0.0.1	practivate.adobe.com
O1 - Hosts: 127.0.0.1	ereg.adobe.com
O1 - Hosts: 127.0.0.1	activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1	ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1	activate-sea.adobe.com
O1 - Hosts: 127.0.0.1	activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1	3dns.adobe.com
O1 - Hosts: 127.0.0.1	3dns-1.adobe.com
O1 - Hosts: 127.0.0.1	3dns-2.adobe.com
O1 - Hosts: 127.0.0.1	3dns-3.adobe.com
O1 - Hosts: 127.0.0.1	3dns-4.adobe.com
O1 - Hosts: 8 more lines...
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (CortonExt) - {2036470F-F17A-4171-BE34-4D1BCE1700E2} - C:\Program Files (x86)\CortonAndHomePage\CortonPlugin.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RouterControl] C:\PROGRA~2\ROUTER~1\ROUTERCONTROL.EXE File not found
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C82C7B5-DF7B-464D-B098-9AE409DC04A5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{318012c7-6614-11e2-8474-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{318012c7-6614-11e2-8474-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.04 15:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.05.04 15:38:12 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.05.04 15:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.04 15:05:35 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.04 15:05:35 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.04 15:05:35 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.04 15:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.04 15:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.05.04 14:28:35 | 000,000,000 | ---D | C] -- C:\Users\Stjepan\download
[2013.05.04 14:20:58 | 000,000,000 | ---D | C] -- C:\Users\Stjepan\AppData\Roaming\Apple Computer
[2013.05.04 13:53:27 | 000,000,000 | ---D | C] -- C:\folder
[2013.05.04 11:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.05.03 20:33:57 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013.04.26 12:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.22 20:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.21 22:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.04.21 22:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.04.21 22:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013.04.21 22:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.04.21 22:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013.04.21 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2013.04.19 18:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.04.19 18:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.04.19 15:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.04.19 15:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.04.19 15:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.04.17 14:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KLC
[2013.04.17 13:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.15 21:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2013.04.13 17:34:17 | 000,000,000 | ---D | C] -- C:\Users\Stjepan\AppData\Local\SCE
[2013.04.08 16:24:57 | 000,000,000 | ---D | C] -- C:\Users\Stjepan\AppData\Local\Chromium
[2013.04.08 14:12:09 | 000,000,000 | ---D | C] -- C:\Users\Stjepan\AppData\Local\Gameforge4d
[2013.04.08 14:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameforgeLive
[2013.04.07 15:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2013.04.05 11:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.04.05 11:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.04 16:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.04 16:43:42 | 000,000,000 | ---- | M] () -- C:\Users\Stjepan\defogger_reenable
[2013.05.04 16:31:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.04 15:38:16 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.05.04 15:05:46 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.04 15:04:58 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.04 15:04:58 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.04 15:04:58 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.04 14:38:32 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.04 14:38:32 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.04 14:35:34 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.04 14:28:45 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.04 14:21:04 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 14:21:04 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 14:18:41 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.04 14:18:41 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.04 14:18:41 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.04 14:18:41 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.04 14:18:41 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.04 14:13:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.04 14:13:26 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.04 13:53:27 | 000,000,010 | ---- | M] () -- C:\folder.ini
[2013.05.04 11:47:15 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.30 01:41:37 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.30 01:41:37 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.19 18:50:57 | 000,000,020 | ---- | M] () -- C:\Windows\ÜùÃ
[2013.04.13 17:32:38 | 000,002,487 | ---- | M] () -- C:\Users\Stjepan\Desktop\PlanetSide 2 PSG.lnk
[2013.04.10 18:02:17 | 005,055,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.04 16:43:42 | 000,000,000 | ---- | C] () -- C:\Users\Stjepan\defogger_reenable
[2013.05.04 15:38:16 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.05.04 15:38:16 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.05.04 15:05:46 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.04 13:53:27 | 000,000,010 | ---- | C] () -- C:\folder.ini
[2013.05.04 11:47:15 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.04 11:47:15 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.30 01:41:37 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.30 01:41:37 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.19 18:50:57 | 000,000,020 | ---- | C] () -- C:\Windows\ÜùÃ
[2013.04.19 18:50:47 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.04.13 17:32:38 | 000,002,517 | ---- | C] () -- C:\Users\Stjepan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 PSG.lnk
[2013.04.13 17:32:38 | 000,002,487 | ---- | C] () -- C:\Users\Stjepan\Desktop\PlanetSide 2 PSG.lnk
[2013.03.25 13:09:22 | 000,000,204 | ---- | C] () -- C:\Users\Stjepan\SecurityKISSTunnel.config
[2013.03.15 12:01:40 | 000,007,610 | ---- | C] () -- C:\Users\Stjepan\AppData\Local\Resmon.ResmonCfg
[2013.02.28 14:41:36 | 000,000,218 | ---- | C] () -- C:\Users\Stjepan\AppData\Local\recently-used.xbel
[2013.02.23 12:55:40 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX5000EFDG.ini
[2013.02.02 17:00:22 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2013.01.25 16:18:41 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.25 16:18:40 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.01.24 16:33:49 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.24 15:06:49 | 000,000,051 | ---- | C] () -- C:\Users\Stjepan\.gtkrc-2.0
[2013.01.24 13:42:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.01.24 13:06:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.12.19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.12.19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.09.21 21:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.09.21 21:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.09.21 21:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.08 13:46:12 | 000,000,000 | ---D | M] -- C:\Users\Stjepan\AppData\Roaming\Babylon
[2013.02.04 22:01:08 | 000,000,000 | ---D | M] -- C:\Users\Stjepan\AppData\Roaming\Blender Foundation
[2013.03.08 13:46:26 | 000,000,000 | ---D | M] -- C:\Users\Stjepan\AppData\Roaming\Claro
[2013.04.03 18:30:34 | 000,000,000 | ---D | M] -- C:\Users\Stjepan\AppData\Roaming\ESET
[2013.02.28 14:12:28 | 000,000,000 | ---D | M] -- C:\Users\Stjepan\AppData\Roaming\inkscape
[2013.01.24 18:11:33 | 000,000,000 | ---D | M] -- C:\Users\Stjepan\AppData\Roaming\Leadertech
[2013.01.30 12:25:42 | 000,000,000 | ---D | M] -- C:\Users\Stjepan\AppData\Roaming\MonkeyJam
[2013.04.11 19:05:59 | 000,000,000 | ---D | M] -- C:\Users\Stjepan\AppData\Roaming\Notepad++
[2013.01.25 11:12:59 | 000,000,000 | ---D | M] -- C:\Users\Stjepan\AppData\Roaming\Wacom
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 04.05.2013, 23:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt! - Standard

Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt!





Zitat:
Das Programm, eine kleine .exe hab ich ja gelöscht. Nunja...
Hättest du auch die Güte uns mitzuteilen welche Datei das genau das war?
Du machst es zum Gegenstand deines Threads wirst aber beim Namen sowie Sinn und Zweck dieser EXE unkonkret. Was soll man als Helfer davon halten?


Zitat:
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?


Zitat:
Heute meinte Avira es hätte einen TR geblockt.
Schön und wo sind die Logs dazu? Mit solchen unkonkreten Angaben kann dir niemand helfen!

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 04.05.2013, 23:56   #3
shika007
 
Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt! - Standard

Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt!



Es war ein Crack für BF3. BF3 als Spiel habe ich gekauft. Nur der Crack ist halt da um im Spiel besser zu sein. Ich wollte nur mal die Leute ärgern auf den Servern und schauen wie Aimbots so funktionieren. Ergo nichts illegales! Das Spiel hab ich legal! Illegal gehts eh nicht online.

Ich hab mir einfach das beste vom besten gekauft. (OS)

Ich poste doch die LOGS in CODEs?

So und der LOG ist von AVIRA:
Code:
ATTFilter
Exportierte Ereignisse:

04.05.2013 16:19 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Stjepan\download\sharla.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Agent.2423808.1' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

04.05.2013 15:24 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Standartbenutzer\Downloads\download\v.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Agent.2423808.1' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         
__________________

Alt 05.05.2013, 00:20   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt! - Standard

Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt!



Zitat:
Es war ein Crack für BF3. BF3 als Spiel habe ich gekauft. Nur der Crack ist halt da um im Spiel besser zu sein


Zitat:
Das Spiel hab ich legal! Illegal gehts eh nicht online
Das ist Quatsch. Ein Crack umgeht den Kopierschutz.

Sry aber bei illegaler Software gibt es hier nur noch Hilfe zur Datensicherung + Neuinstallation von Windows

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt!
adblock, adobe, adobe reader xi, autorun, avira, battle.net, bho, error, eset smart security, failed, firefox, flash player, google, homepage, iexplore.exe, install.exe, logfile, mozilla, msvcrt, origin, programm, realtek, registry, rundll, safer networking, scan, security, server, software, svchost.exe, system, tablet, udp



Ähnliche Themen: Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt!


  1. Keine Verbindung auf Internetseiten mit Ausnahmen (Virus)
    Plagegeister aller Art und deren Bekämpfung - 02.11.2015 (10)
  2. Habe mich in der URL verschrieben! Gegebenfalls Virusseite?
    Plagegeister aller Art und deren Bekämpfung - 13.09.2014 (3)
  3. Schädlicher Quellcode in PHP-Dateien auf FTP-Server hinzugefügt
    Plagegeister aller Art und deren Bekämpfung - 24.06.2014 (9)
  4. Windows XP: Habe mich mit Antivirus Security Pro infiziert
    Log-Analyse und Auswertung - 06.11.2013 (3)
  5. Das Übliche: Angeblich habe ich mich strafbar gemacht und muss zahlen
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (1)
  6. Seit gestern Abend GVU 2.07 Trojaner bereits mit Mwb gescannt u. Logfiles hinzugefügt
    Log-Analyse und Auswertung - 31.07.2012 (8)
  7. Habe mich mit dem Verschlüsselungs Trojaner infiziert,
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  8. Auch ich habe mich mit dem Verschluesselungstroaner infiziert.
    Log-Analyse und Auswertung - 06.05.2012 (5)
  9. Unbekannte/Kuriose Webseiten in den blockierten Ausnahmen
    Plagegeister aller Art und deren Bekämpfung - 16.01.2012 (1)
  10. Youtube Account möglicherweise gehacked? Arabische Songs zu Playlists hinzugefügt?
    Log-Analyse und Auswertung - 29.09.2011 (7)
  11. Habe einen Browser VIRUS, der mich in unbekannte Homepage umleitet...!
    Plagegeister aller Art und deren Bekämpfung - 12.08.2011 (11)
  12. Firefox/IE leiten mich auf Seiten die ich garnicht aufgerufen habe !
    Antiviren-, Firewall- und andere Schutzprogramme - 19.04.2011 (9)
  13. session manager value hinzugefügt bootexecute autocheck autochk *\
    Überwachung, Datenschutz und Spam - 03.10.2009 (3)
  14. ich habe mich Wahrscheinlich Infiziert!
    Plagegeister aller Art und deren Bekämpfung - 28.04.2009 (42)
  15. habe problem mit trojaner und kenn mich nicht aus!
    Mülltonne - 17.09.2008 (0)
  16. Kaspersky 6 - Ausnahmen machen
    Antiviren-, Firewall- und andere Schutzprogramme - 09.04.2007 (2)
  17. Fremde URLs werden einfach hinzugefügt!?!?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2005 (3)

Zum Thema Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt! - Hallo, ich bedanke mich im Voraus für eure großzügige Hilfe hier im Forum, gibt es nicht oft im Web. Heute meinte Avira es hätte einen TR geblockt. Ich hab aus - Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt!...
Archiv
Du betrachtest: Steinigt mich! Ich habe ihn zu den Ausnahmen hinzugefügt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.