Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner - RunDLL

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Thema geschlossen
Alt 15.05.2013, 14:06   #1
MetroidLP
 
GVU Trojaner - RunDLL - Böse

GVU Trojaner - RunDLL



Hallo Leute
ich habe seit langem eine Fehlermeldung wenn ich meinen PC anschalte!
Die Lautet:
RunDLL
Problem beim Starten von
C\Users\Niklas\AppData\Local\Temp\wgsdgsdgdsgsd.exe
Das angegebene Modul wurde nicht gefunden.


Ich weis das es vom GVU Trojaner stammt den ich auch hatte,aber ich habe trotz langer sucherei im Internet (Google,Andere Foren)nichts gefunden was mir weiterhielf deswegen wollte ich euch fragen was ich dagegen machen kann.

Danke im Vorraus

Alt 15.05.2013, 15:01   #2
M-K-D-B
/// TB-Ausbilder
 
GVU Trojaner - RunDLL - Standard

GVU Trojaner - RunDLL






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.






Zuerst brauche ich ein paar Informationen, bevor wir anfangen können.
Wer hat den GVU Trojaner damals von einem Rechner entfernt?






Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
msconfig
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.log. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von DeFogger,
  • die Logdatei von GMER.
__________________

__________________

Alt 15.05.2013, 15:14   #3
MetroidLP
 
GVU Trojaner - RunDLL - Standard

GVU Trojaner - RunDLL



Ich Selber habe damals den GVU Virus entfernt über ein Tutorial von YouTube über den abgesicherten Modus
__________________

Alt 15.05.2013, 15:30   #4
MetroidLP
 
GVU Trojaner - RunDLL - Standard

GVU Trojaner - RunDLL



OTL.Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.05.2013 16:17:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Niklas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 71,31% Memory free
8,00 Gb Paging File | 6,63 Gb Available in Paging File | 82,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 162,25 Gb Free Space | 34,84% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 152,09 Gb Free Space | 32,65% Space Free | Partition Type: NTFS
Drive G: | 3,65 Gb Total Space | 2,62 Gb Free Space | 71,88% Space Free | Partition Type: FAT32
 
Computer Name: METROID | User Name: Niklas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.15 14:25:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Niklas\Desktop\OTL.exe
PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.02.04 20:48:05 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.08.09 14:57:59 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.09 16:34:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.09 16:34:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 16:34:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009.10.07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2007.03.06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006.09.28 19:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2011.07.16 06:24:22 | 002,277,402 | ---- | M] () -- C:\Windows\SysWOW64\stylebin.dll
MOD - [2011.07.16 06:24:22 | 000,345,855 | ---- | M] () -- C:\Windows\SysWOW64\perfdos.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.25 05:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.05.25 00:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.03.29 18:04:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2013.05.15 15:25:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.02.10 17:48:12 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.02.04 20:48:05 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.14 15:44:28 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.09 16:34:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.09 16:34:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 16:34:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.14 15:52:39 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.05 14:19:00 | 003,953,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.03.06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006.09.28 19:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.27 18:27:38 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.11.27 18:19:28 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.08.24 09:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012.05.12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012.05.09 16:34:24 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 16:34:24 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.07 19:38:24 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.01.07 19:38:24 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.12.09 13:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.21 00:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.07.06 18:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011.05.25 06:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.25 04:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.03.29 18:04:06 | 002,157,680 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.24 16:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.04.16 14:59:40 | 001,816,968 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.12.01 16:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.07.30 18:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.07.17 02:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.01 01:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.05.01 00:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009.05.01 00:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.07.26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.02.01 06:53:20 | 000,026,166 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbfilt.sys -- (Usbfilt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={E8105A2C-2C34-11E2-A61D-003067E84606}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={E8105A2C-2C34-11E2-A61D-003067E84606}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 1A 51 61 78 BD CC 01  [binary data]
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119721&tt=gc_&babsrc=SP_ss&mntrId=14DBB6487AE3A07D
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..\SearchScopes\{125BECC0-1EDE-4FDD-9F50-170F03F55737}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IEAUTOBR
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8E948F09-01BF-4224-9FCA-0294D4013F1E}&mid=ca6889189eab47d09db1d179210caff5-6caf28acb41b8aefa0a506a0682b1a95521826b5&lang=en&ds=qw011&pr=sa&d=2012-05-28 09:42:32&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={E8105A2C-2C34-11E2-A61D-003067E84606}
IE - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files (x86)\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Niklas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Niklas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Niklas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricsmonkey@mendoni.net: C:\Program Files (x86)\LyricsMonkey\FF\ [2013.04.23 15:13:22 | 000,000,000 | ---D | M]
 
[2013.04.23 15:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.11.11 21:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2012.11.11 21:20:33 | 000,213,316 | ---- | M] () (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi
[2012.07.31 17:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\extensions\gophoto@gophoto.it.xpi
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2012.08.14 11:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.04.30 22:36:41 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012.08.09 14:58:00 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.04.25 19:53:05 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: Delta Search
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.111_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.16.1.521_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.111_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.16.1.521_0\
 
O1 HOSTS File: ([2012.07.23 19:07:38 | 000,003,802 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 69 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Lyrics Monkey) - {18CAEA74-C7E8-4D37-967F-1D01351BA398} - C:\Program Files (x86)\LyricsMonkey\lyricsmonkey.dll (MNDi Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001..\Run: [Windows] C:\Users\Niklas\AppData\Roaming\vbc.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4259434227-2705773101-2174019467-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.102 80.69.100.230
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{547D67FF-C734-452A-A0A2-1F669F3E1562}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9B986C5-9FA1-4616-8288-E3C4141B0F9F}: DhcpNameServer = 80.69.100.102 80.69.100.230
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34208199-58e0-11e2-80c9-003067e84606}\Shell - "" = AutoRun
O33 - MountPoints2\{34208199-58e0-11e2-80c9-003067e84606}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{62a540dc-78e3-11e1-b537-003067e84606}\Shell - "" = AutoRun
O33 - MountPoints2\{62a540dc-78e3-11e1-b537-003067e84606}\Shell\AutoRun\command - "" = E:\ResidentEvil2.exe
O33 - MountPoints2\{81440cf9-7a9d-11e1-bf46-003067e84606}\Shell - "" = AutoRun
O33 - MountPoints2\{81440cf9-7a9d-11e1-bf46-003067e84606}\Shell\AutoRun\command - "" = G:\ResidentEvil2.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F40D8C75-CE42-894D-980B-10EDF9AA1A59} - Java (Sun)
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
MsConfig:64bit - StartUpFolder: C:^Users^Niklas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MutiKeyboard Driver.lnk - C:\Program Files (x86)\MultiKeyboard Driver\KbdDrv.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^Niklas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: EADM - hkey= - key= - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Niklas\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.15 14:25:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Niklas\Desktop\OTL.exe
[2013.05.04 19:48:49 | 000,000,000 | ---D | C] -- C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.05.04 19:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.05.04 19:48:40 | 000,000,000 | ---D | C] -- C:\Users\Niklas\AppData\Roaming\BabSolution
[2013.05.04 19:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.05.04 19:48:33 | 000,000,000 | ---D | C] -- C:\Users\Niklas\AppData\Roaming\Delta
[2013.05.04 19:48:17 | 000,000,000 | ---D | C] -- C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2013.05.04 19:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2013.05.04 19:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sopcast 3.5.0
[2013.05.04 19:45:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2013.05.03 16:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2013.05.03 16:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.05.03 16:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.05.03 14:05:58 | 000,000,000 | ---D | C] -- C:\Users\Niklas\AppData\Roaming\OpenOffice.org
[2013.05.03 14:05:16 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.05.03 14:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.05.02 20:34:20 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2013.05.02 20:34:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2013.05.02 20:34:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2013.05.02 20:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2013.05.02 20:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013.05.02 20:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2013.04.28 15:52:07 | 000,000,000 | ---D | C] -- C:\Users\Niklas\AppData\Local\Programs
[2013.04.23 15:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsMonkey
[2013.04.19 13:10:50 | 008,564,648 | ---- | C] (Valve Corporation) -- C:\Users\Niklas\Desktop\SteamUI.dll
[2013.04.16 15:03:58 | 000,000,000 | ---D | C] -- C:\Users\Niklas\AppData\Roaming\DealPly
[2013.04.16 15:03:47 | 000,000,000 | ---D | C] -- C:\Users\Niklas\Local Settings
[2013.04.16 15:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XingHaoLyrics
[2013.04.16 15:03:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.04.16 15:03:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.11.15 19:39:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2010.11.21 05:24:03 | 001,169,224 | -H-- | C] (Microsoft Corporation) -- C:\Users\Niklas\AppData\Roaming\vbc.exe
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Niklas\*.tmp files -> C:\Users\Niklas\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.15 15:54:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4259434227-2705773101-2174019467-1001UA.job
[2013.05.15 15:25:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.15 15:25:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 15:25:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.15 15:03:04 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Lyrics Monkey Update.job
[2013.05.15 14:25:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Niklas\Desktop\OTL.exe
[2013.05.15 14:21:17 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.15 14:21:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.15 14:21:04 | 3220,725,760 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.14 19:54:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4259434227-2705773101-2174019467-1001Core.job
[2013.05.14 19:00:03 | 014,289,835 | ---- | M] () -- C:\Users\Niklas\Desktop\ClientRegistry.blob
[2013.05.14 18:40:13 | 001,645,110 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.14 18:40:13 | 000,708,158 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.14 18:40:13 | 000,661,754 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.14 18:40:13 | 000,153,386 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.14 18:40:13 | 000,125,582 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.12 21:52:02 | 000,119,774 | ---- | M] () -- C:\Windows\SysWow64\minidump.dmp
[2013.05.12 12:22:01 | 229,794,420 | ---- | M] () -- C:\Users\Niklas\Desktop\DSCN0515.mp4
[2013.05.12 12:16:24 | 058,860,156 | ---- | M] () -- C:\Users\Niklas\Desktop\DSCN0514.mp4
[2013.05.12 12:12:22 | 077,383,111 | ---- | M] () -- C:\Users\Niklas\Desktop\DSCN0517.mp4
[2013.05.12 12:00:00 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job
[2013.05.06 22:20:26 | 4194,928,352 | ---- | M] () -- C:\Users\Niklas\Desktop\javaw 2013-05-06 22-12-39-03.avi
[2013.05.06 22:20:26 | 2498,833,520 | ---- | M] () -- C:\Users\Niklas\Desktop\javaw 2013-05-06 22-18-05-63.avi
[2013.05.06 21:19:38 | 000,014,160 | ---- | M] () -- C:\Users\Niklas\.recently-used.xbel
[2013.05.04 01:35:30 | 008,564,648 | ---- | M] (Valve Corporation) -- C:\Users\Niklas\Desktop\SteamUI.dll
[2013.05.03 16:58:51 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.05.03 15:52:46 | 004,935,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.03 15:47:21 | 000,007,602 | ---- | M] () -- C:\Users\Niklas\AppData\Local\Resmon.ResmonCfg
[2013.05.03 14:46:33 | 000,125,844 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.05.03 02:29:38 | 002,895,272 | ---- | M] (Valve Corporation) -- C:\Users\Niklas\Desktop\Steam.dll
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Niklas\*.tmp files -> C:\Users\Niklas\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.14 18:01:38 | 014,289,835 | ---- | C] () -- C:\Users\Niklas\Desktop\ClientRegistry.blob
[2013.05.12 12:07:28 | 077,383,111 | ---- | C] () -- C:\Users\Niklas\Desktop\DSCN0517.mp4
[2013.05.12 12:07:23 | 229,794,420 | ---- | C] () -- C:\Users\Niklas\Desktop\DSCN0515.mp4
[2013.05.12 12:07:16 | 058,860,156 | ---- | C] () -- C:\Users\Niklas\Desktop\DSCN0514.mp4
[2013.05.11 23:35:50 | 000,114,176 | ---- | C] () -- C:\Users\Niklas\AppData\Roaming\BabMaint.exe
[2013.05.06 22:12:40 | 2498,833,520 | ---- | C] () -- C:\Users\Niklas\Desktop\javaw 2013-05-06 22-18-05-63.avi
[2013.05.06 22:12:38 | 4194,928,352 | ---- | C] () -- C:\Users\Niklas\Desktop\javaw 2013-05-06 22-12-39-03.avi
[2013.05.06 21:19:38 | 000,014,160 | ---- | C] () -- C:\Users\Niklas\.recently-used.xbel
[2013.05.03 16:58:51 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.05.03 15:47:21 | 000,007,602 | ---- | C] () -- C:\Users\Niklas\AppData\Local\Resmon.ResmonCfg
[2013.05.02 20:34:51 | 000,001,215 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CS6.lnk
[2013.05.02 20:33:54 | 000,000,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013.04.23 15:13:25 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\Lyrics Monkey Update.job
[2012.12.09 13:43:11 | 000,004,608 | ---- | C] () -- C:\Users\Niklas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.27 17:59:35 | 000,000,047 | ---- | C] () -- C:\Windows\WinBIN2ISO.INI
[2012.11.24 12:52:53 | 000,089,600 | ---- | C] () -- C:\Windows\SysWow64\pdinc.dll
[2012.11.15 19:39:51 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.05 16:24:29 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2012.09.18 20:17:00 | 000,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2012.09.18 20:17:00 | 000,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2012.09.18 20:17:00 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2012.09.18 20:17:00 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2012.09.18 20:17:00 | 000,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2012.09.18 20:17:00 | 000,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2012.09.18 19:30:20 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini
[2012.09.03 19:21:55 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012.09.03 19:01:21 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.09.03 19:01:21 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.08.15 19:49:00 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.06.22 07:41:21 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.05.26 20:03:44 | 000,000,448 | ---- | C] () -- C:\ProgramData\eiqbxxkdkdtujaj
[2012.05.19 09:49:49 | 000,027,207 | ---- | C] () -- C:\Users\Niklas\AppData\Roaming\windows
[2012.05.13 11:32:10 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012.05.08 15:00:01 | 000,125,844 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.03.29 06:51:32 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.29 06:51:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.25 13:56:43 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\LAGARITH.DLL
[2012.02.25 13:56:43 | 000,006,336 | ---- | C] () -- C:\Windows\unins000.dat
[2012.02.25 13:01:53 | 000,084,616 | ---- | C] () -- C:\Windows\StkUnist.exe
[2012.01.13 23:42:25 | 922,460,208 | ---- | C] () -- C:\Users\Niklas\War_Rock_10182011_G1_Xfire.exe
[2011.12.14 15:42:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.10 14:38:21 | 004,072,009 | ---- | C] () -- C:\Windows\SysWow64\mododbc.exe
[2011.11.10 14:38:21 | 002,277,402 | ---- | C] () -- C:\Windows\SysWow64\stylebin.dll
[2011.11.10 14:38:21 | 002,089,245 | ---- | C] () -- C:\Windows\SysWow64\botctrl.dll
[2011.11.10 14:38:21 | 001,566,611 | ---- | C] () -- C:\Windows\SysWow64\ctlxp.dll
[2011.11.10 14:38:21 | 001,018,578 | ---- | C] () -- C:\Windows\SysWow64\xplan32.dll
[2011.11.10 14:38:21 | 000,345,855 | ---- | C] () -- C:\Windows\SysWow64\perfdos.dll
[2011.11.10 14:00:40 | 001,622,068 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.13 12:53:28 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.05.25 00:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

< End of report >
         
--- --- ---







Extras.Txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.05.2013 16:17:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Niklas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 71,31% Memory free
8,00 Gb Paging File | 6,63 Gb Available in Paging File | 82,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 162,25 Gb Free Space | 34,84% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 152,09 Gb Free Space | 32,65% Space Free | Partition Type: NTFS
Drive G: | 3,65 Gb Total Space | 2,62 Gb Free Space | 71,88% Space Free | Partition Type: FAT32
 
Computer Name: METROID | User Name: Niklas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Niklas\AppData\Roaming\vbc.exe" = C:\Users\Niklas\AppData\Roaming\vbc.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Niklas\AppData\Roaming\vbc.exe" = C:\Users\Niklas\AppData\Roaming\vbc.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0170FD91-14E9-42E7-98F6-39B673D9521A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{01B8AA4C-BB81-446B-8D84-97D9BF1CB8A7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{062EF7E2-ACAF-4AB6-A83C-AC5EB5B5A245}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{094791BC-6DAF-4D16-B19E-1C3C4EB2694C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0AFA0D53-0D56-4A02-A7FC-9B17BC42D86C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1D4681C9-C473-434B-A443-EC6B7A519CB2}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{2741BD53-7561-454B-9FB0-951781CBDA91}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{2F10FBA3-47D2-470D-A672-5B8F4DD9B1C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{300EA912-D06C-412D-A3E1-50EFA7C6621E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{306FA399-FC1D-4F5A-A070-950E4D5BF80D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{378B3B65-40FB-48AF-B4FF-51F0C6CC7E01}" = lport=10245 | protocol=6 | dir=in | app=system | 
"{5E0855E4-3306-40B4-9237-5659A98DDA32}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5FE1EEBE-220D-4744-BC96-582A4E00C1CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6AD20D5F-CE9F-4205-B681-754068B01219}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7FD25A3C-08C3-4870-BC2A-F12C37AFA377}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{80F58D4C-4453-4DFC-83E2-4D1676F27473}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{84AFCAFD-5838-4645-83A5-50791AF706D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{85CE4D3F-5114-443B-860D-E58D5B55ADC0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{88427BB2-A37C-4FDB-894A-9BAD0E1E012F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{971A0A3B-538E-47B4-91E7-B056C2D17451}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{9E7C2966-9137-4F92-BF49-5838CC7CDA24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A27B23F5-7F2C-4A0D-9885-49D1DCF55454}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A56D6881-F39D-4F29-90BD-4BA73F37266E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AB1C2572-1AF9-4191-B595-D29558797CCB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B0B6052F-4E8E-4BF8-B022-425773AD3F14}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B30FCCC9-1F60-484F-AC5E-C1379CB92950}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BDF314A8-B245-4501-9468-6FF298178E04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C2632EDF-7061-4F36-9006-439BFEF1569D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CBAA31F8-6E5E-456F-B695-8AB796FD0C41}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{CD117921-1924-4A26-96C7-0B20CEC83EB6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{D327EBC0-A285-44D9-A3DD-A1B445648C3C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E3D35551-A01F-476F-978B-24ADACAB8FD9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E55E1D3C-F850-4CAF-8398-4C0F0A79E9BB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{EE570BFA-E2B7-4BC2-B5CC-1F4209F7671C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DBF84E-0221-4A14-8ACE-D7BDB83B3226}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{04AD903B-FD1F-44D9-93DD-674C476189B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{052CE697-0CF8-4AAF-9060-7AA85BCFD07C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{05A2A5FE-30FE-4E9B-B3ED-21BC0DB7653B}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe | 
"{0AA2345B-E135-4639-8D7C-7109A51A7025}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{0E58D356-AB4F-46C7-8A8E-AF45B419BD86}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"{11D90AA6-D8A4-439E-8997-30F7FA782F84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{15F04FE1-6097-436D-8D00-A752CF7DB94C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{1739BD96-0CE4-404C-A06F-A25A7F4892B1}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe | 
"{1A4135A2-E2DE-42DA-AF0A-33587E1E9134}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | 
"{203E0662-A9B7-4A8F-9E4F-F44AEA138DD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{20A18168-C515-4532-8894-78422334B4E6}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{263AFC5C-C96F-4649-84AD-10F1F4EC8428}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{26C3C8F2-908E-4E8B-83CE-D499E05E2919}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{288E5A0E-8D6F-4BB3-A0F2-CAC7FA46E344}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{292B522A-E422-49DB-A983-286F7124D12C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{2DB40F50-EF33-421B-B6CB-AB7624328D30}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{2E961C89-A3A4-46CF-8423-147207B85C2E}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"{30A2F6DE-F21B-4E72-B013-3D063FA85678}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"{3314655A-CA6F-4A26-AC8B-08622DFA7133}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{36D40F65-F706-4A8A-AAA9-2EE79C966AB9}" = dir=in | app=c:\brickforce\bflauncher.exe | 
"{39C713EA-3675-425B-A633-D5B095108463}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\damnation\binaries\damngame.exe | 
"{3D1FD74B-7E15-4465-B3FD-0E6EAB9194F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3D72D673-0C4A-4100-AFDB-E2397CE70146}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{429F6677-D020-4192-8686-C07525F557F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{45A383E4-8992-47CD-AA92-3B4259BB4B5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4AAD49AE-5469-43E8-8F97-2D81A6E35A69}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4AAE8876-6AAB-4DB6-8AD6-D39165AA7CD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E333DFB-0E9C-4AFD-8F14-E0DAD50780EC}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{4E91E34F-3089-4CD7-9B3F-D40A26368FBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
"{4F489859-8F92-4494-AC07-FD855B3116DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{53250F2E-E021-4F05-A902-1A4CA40770D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe | 
"{5390793B-5FAC-46C9-B026-86984D31C15D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{53DB548F-8661-48C4-A537-EE0AE524423D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{57C1835E-5665-4CA1-A318-DD899333D510}" = protocol=6 | dir=out | app=system | 
"{5AC69692-7370-4E63-8CD3-F79D98ADCA8A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5BED84B0-360F-4514-A59C-3967EB38AD65}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{62B30E74-09C3-4D9E-83D1-EFC0267E2A95}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{62EC52DF-C44A-4FF7-B735-D993DF73BDF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6400A502-DCCE-4957-A5A7-DF68112D673D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6526E6A4-6D26-4764-A5E5-1E5A29537854}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{6622A134-6A4F-4E07-A552-17B9511900D6}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{6807B805-DF01-4DE0-BECF-451167DDBAE3}" = protocol=58 | dir=in | app=system | 
"{6928718B-A20C-47D1-9315-76891D97F5B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{6979F692-A33C-4CA9-B391-E2CD3AB4B0B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{6AA35732-08E4-47C4-BCE2-346D173E738D}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 
"{6E1C7437-4919-4660-BF47-8FCD56D29FB5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{72DA5C4A-A18F-4586-BCBA-8F8C6DF1F120}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld munchs oddysee\bin\launcher.exe | 
"{75C137CF-EEB7-4877-A44C-973D3F959D72}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{772CA0DC-17E5-4FE1-AF15-8F2C3CA4B525}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{7837AC77-EFB7-4CBC-9C02-1C8C884A94E2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7C00FE35-67D2-450A-90D1-C60D04A1309F}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"{7C1FC378-C869-4349-AA8B-13510BEC8EB8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7D95F1B2-55AD-4625-8116-D6D2133907ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
"{7EBC37C6-BA79-4F99-A364-46E91030D933}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{84E4CAD1-8F6F-49E2-B91B-2AA0DFB98FAB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{852AFAD8-51D3-4B1C-82B8-890CF308DFBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{862C9CCE-B532-464F-AABC-D3E526B21A18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{88BA8630-2E72-4C19-89F4-2E89E7BDF44F}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{892B7B24-4205-43D7-903D-E6C46C4A0F00}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8D678521-12B8-4252-B682-1902D3065C7B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{94595DD7-0FCC-481E-81A6-D3F978E029A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{94810E31-9E96-4CD8-8058-238105588940}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{94F522FB-C20C-4F94-B89C-D405D2610E86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{96A95486-CF4E-4E8B-8DFF-61655F5C4E36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9860F35D-7205-4EFC-8416-81F87AF0C81F}" = dir=in | app=c:\brickforce\brickforce.exe | 
"{9A5EEA55-21D7-4F81-B38B-456548403747}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9B40C3D7-A8E5-4AA4-9DC4-F9BDA415B586}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9BB98D7B-64B1-44E5-B15E-B5702FB5EA54}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{9DD54A27-5FCB-468D-BDC8-8C2DCFB97BA4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A293E469-5BB5-4430-BE68-F944BD937401}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{AB770B63-6911-4C15-85E8-8018DDC7618B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{AD148B1C-2225-4A31-A970-C824D89E5DDD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B161AA40-6987-4A39-9FC4-720275A35A7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{B7BCC21D-07B6-448E-AEA8-5959204BF0B3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B813AD1A-F244-4516-B02C-A7AF17A27675}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{B8CCBAAA-2E59-4F2B-8C54-37FAD61B814E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld munchs oddysee\bin\launcher.exe | 
"{BB1E61F6-0B4E-407A-A3AB-51C20422BBB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{BB4E424D-61AA-4614-A6EF-86AB7C65AA41}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{BBC961C1-3467-49B0-A619-920F0A19B2E9}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\damnation\binaries\damngame.exe | 
"{BBF10493-B299-4AC8-BB21-ED67237FC03B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{BC0D8D08-A999-4140-A543-87688F130E5D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BC83B68A-4399-4A2A-9F35-B4578F944820}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{C0B19233-1646-482C-A631-D075E307A3A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C130CD37-A896-4346-A1E4-7E93F9A34CC2}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe | 
"{C52AC8C2-036C-4F73-84CD-FBA9090B63D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{C5D5DCEE-9554-4DA6-B9FB-7A67DAC8D050}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | 
"{C5D6D058-8638-4F24-8A5F-946EE5560078}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C6C52924-562A-4075-9E10-ABAF3389BF39}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | 
"{C94A1D1B-13C8-42DE-9145-E581337DA79E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\chrisredfield581\half-life\hl.exe | 
"{D14D9B5C-9208-4879-BF67-6EC2CFF19C3C}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe | 
"{D19C0D72-EECA-4138-AB2D-88AA153FE001}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe | 
"{D1AEAA85-15F3-4BD0-8378-F2BBE4D97F7A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D1DD0E05-560C-4AA7-86B1-2D0F192C603F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D2528AB7-86C0-4233-BB03-42C2FD73F176}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D605533F-9291-4490-B76B-8746694664A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D86D5CA5-52F6-4E67-B5A4-6C5F58D6F3A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{DA053C86-5945-4F40-9E0D-88C8A6908973}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DDC80AC2-A9A5-471A-B02B-9DB64B3147CA}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DDECDB84-DE40-41E3-A840-557714C6E5D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{E281BAC6-9399-48A4-BFFB-02D1E1A60514}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{E37204E1-6F99-4366-9752-48B301A3F0FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{E5999BB8-AB92-402A-B457-9BCED80827D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E6AF87CF-3F8C-4B8C-824E-49B034F0E8C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\chrisredfield581\half-life\hl.exe | 
"{E6B1E7DD-1882-42F2-83F1-4342523315A6}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 
"{EBD5EFC8-AF2F-443B-BE93-6A1CF6163680}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{EC19A524-15F4-49AA-90F1-57FF0CBC351F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{EEDCEA7B-4311-43EB-85B9-CEA97BDAC53C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"{F19188F0-84AF-43E2-95F4-F7D7ADA1FDC6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{F2487D84-C686-4FBB-B2D4-3B18D310F156}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{F2DBA076-6CC2-4F0B-8ADC-02568E707B77}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | 
"{F3F03B63-693C-423D-B678-3FE97BC1A7DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{F4793728-6DD7-464E-935F-6032D19CBB5A}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"{F599CD27-50A7-449D-A5C0-E39DF83AF930}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F5FD361B-1770-41B5-BA6A-F60CEE9301F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F977B5AB-BB3B-4A8F-8053-CF3591A3671E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{F9A817DC-38B7-47D9-9A39-1E979AE3933F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FE3C34B0-9D04-46DD-A294-D7210DB0579B}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{448E438A-6E51-4FEC-9853-43ECEF13DD63}C:\program files (x86)\capcom\resident evil 5\re5dx10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 
"TCP Query User{79E03B7C-FD13-460D-83E4-8826C84B9A89}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{CEDEF814-D7F6-4558-858C-F95DC8D811CC}C:\program files (x86)\valve\portal\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal\hl2.exe | 
"UDP Query User{74E41A95-A8D8-46D8-8FD9-FC785D42686E}C:\program files (x86)\capcom\resident evil 5\re5dx10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 
"UDP Query User{CEE71F85-14DB-4E04-AC12-741CA554AC4B}C:\program files (x86)\valve\portal\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{116C20CC-0843-1FC0-2AE8-BD3535911B36}" = AMD Drag and Drop Transcoding
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{15824B1C-BF4F-6E1E-CAE9-1D36986DAB61}" = ccc-utility64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{222400DE-7E85-7599-2BFA-AE99BFA904EC}" = AMD Fuel
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{27225900-26A4-11E1-9C98-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists
"{30CAD3B3-7EF6-4087-2A50-97EF66966776}" = ATI AVIVO64 Codecs
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8858A840-1D35-11E2-A8C7-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F99D081-8285-D986-E9D1-F32095DD1DF8}" = AMD Media Foundation Decoders
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{94D5B25E-194F-AF08-E444-F51FC2038DE5}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) Network Connections Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06C9AC04-E960-9AB2-776D-9D540E5ADCC5}" = CCC Help Finnish
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DE8527A-FE3E-4FCA-A023-D57EF0B796C9}_is1" = Plants vs. Zombies 1.0.4.7924 (by Scar)
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{13C64D80-2447-4509-B98D-614CAF6A9D42}" = Damnation
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{190E6FBD-BC93-397D-F3B2-5AEDE9C0BB1B}" = AMD VISION Engine Control Center
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6ACDA2-8272-F683-37FD-5313DB60719B}" = CCC Help Dutch
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{28CF3C17-0631-C92F-37B9-0EB916166FBE}" = CCC Help Chinese Traditional
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{302AC480-43D2-11D5-A818-00500435FC18}" = Gothic_Patch
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0005
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{3B13A3BF-9B10-6A8E-F101-B1F4DF31C35E}" = CCC Help Korean
"{3B42CB61-EA83-4EDB-B977-F57D3269304F}" = XSplit
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}" = Gothic 2 Gold
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"{45518B6D-9DDF-4144-83E4-A56762524F35}" = USB2.0 Grabber
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E13F1E6-CC89-8C89-CFB1-5567FAAA396B}" = Catalyst Control Center Graphics Previews Common
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{5D540B95-1238-79D5-359D-390732F2DC17}" = CCC Help Chinese Standard
"{5F6DBC94-5102-850E-11F6-C6B894437463}" = CCC Help Spanish
"{61D6862D-C3E2-6026-2E10-B3DBFECE729E}" = CCC Help Swedish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster
"{6759B364-88B8-BCFE-913F-09303A7A664E}" = CCC Help Japanese
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9D937D-807A-B6BE-134F-5610110DCA4C}" = CCC Help German
"{6C3168E7-1D35-EAED-9328-F157A05B0709}" = CCC Help Portuguese
"{6D0F581B-8FBF-4668-18EA-D502371E426A}" = CCC Help Hungarian
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{829A80DF-E9D4-DA84-79A6-6CDF2C515C7D}" = CCC Help Thai
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8531767F-C76F-9D60-F7A7-FF6DC3655D99}" = CCC Help French
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89A617DB-ECEA-3C50-7EED-68E38190AC4E}" = CCC Help Danish
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8B1CFC9A-C44F-23D3-76DA-3FCB80207D4D}" = CCC Help Russian
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A93D7BA-AE4D-57AE-D976-A8A9EF893794}" = CCC Help English
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A03CFE07-071C-1F3A-F0B1-B25D06F2AB23}" = CCC Help Czech
"{A2F166A0-F031-4E27-A057-C69733219436}_is1" = RaiderZ
"{A48CE6DE-1E75-EBE2-8EF7-6E6EA51962AC}" = HydraVision
"{A683088F-4D85-3E5F-7AA8-2B49F190E3E8}" = CCC Help Turkish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{C27B9A80-6A57-ECCF-F952-DC8F27AA67B7}" = Catalyst Control Center InstallProxy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3C697E8-9183-4088-994C-2662166830BC}" = Damnation
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{CB2B4C2B-0805-4E06-873D-CECB046A5BE8}" = Camtasia Studio 8
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE068074-A5F4-55EC-ED6C-0B2A6F0AF255}" = Catalyst Control Center Localization All
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E684CD9B-CE1D-3955-5554-14D1636F676E}" = CCC Help Polish
"{E81C8F78-42DF-9A7C-D8E7-9ED95A97A027}" = CCC Help Norwegian
"{EA5BCA5B-C0B2-6ED5-CD9D-63CACBD69CD1}" = CCC Help Greek
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE4AE8EC-7A6D-75EB-1547-F08D4A999A93}" = CCC Help Italian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FCFE3F81-C977-4D31-877B-2778BB2A02DE}" = Preset Manager 2.0
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = Movie2KDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcaniA" = ArcaniA - Gothic 4
"ArmA 2" = ArmA 2 Free Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye for OA" = BattlEye for OA Uninstall
"bi_uninstaller" = Bundled software uninstaller
"BrickForce" = BrickForce 1.9.87
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Cross Fire_is1" = Cross Fire En
"Crossfire Europe" = Crossfire Europe
"DAEMON Tools Lite" = DAEMON Tools Lite
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Desura" = Desura
"Desura_47876000448528" = Desura: Cry of Fear
"Fraps" = Fraps (remove only)
"GFWL_{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"Hitman Absolution_is1" = Hitman Absolution
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"LogMeIn Hamachi" = LogMeIn Hamachi
"lyricsmonkey@mendoni.net" = Lyrics Monkey
"Multimedia Keyboard Driver" = Multimedia Keyboard Driver
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Resident Evil: Operation Raccoon City_is1" = Resident Evil: Operation Raccoon City
"Silent Hill 2 PC (Widescreen Edition)" = Silent Hill 2 PC (Widescreen Edition)
"SopCast" = SopCast 3.5.0
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 620" = Portal 2
"USB2.0 Grabber" = USB2.0 Grabber
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.1
"Warrock EU" = WarRock
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4259434227-2705773101-2174019467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"d8be6c3f847d7d92" = Ghost Recon Online
"Google Chrome" = Google Chrome
"SOE Web Installer" = SOE Web Installer
"SOE-C:/Users/Niklas/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.04.2013 15:06:35 | Computer Name = Metroid | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.04.2013 15:06:36 | Computer Name = Metroid | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070002.
 
Error - 28.04.2013 05:34:35 | Computer Name = Metroid | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.04.2013 05:35:19 | Computer Name = Metroid | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070002.
 
Error - 28.04.2013 07:28:56 | Computer Name = Metroid | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\splitmedialabs\XSplit\XSplitBroadcasterSrc.exe".  Die abhängige Assemblierung
 "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
 werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 28.04.2013 14:02:20 | Computer Name = Metroid | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: audacity.exe, Version: 0.0.0.0, Zeitstempel:
 0x455814e4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00038dc9  ID des fehlerhaften Prozesses:
 0x658  Startzeit der fehlerhaften Anwendung: 0x01ce443a8295ac10  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Audacity\audacity.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: c4b88c70-b02d-11e2-ac18-003067e84606
 
Error - 29.04.2013 11:21:18 | Computer Name = Metroid | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070002.
 
Error - 29.04.2013 11:22:28 | Computer Name = Metroid | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.04.2013 14:08:32 | Computer Name = Metroid | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\splitmedialabs\XSplit\XSplitBroadcasterSrc.exe".  Die abhängige Assemblierung
 "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
 werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 30.04.2013 10:29:11 | Computer Name = Metroid | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070002.
 
Error - 30.04.2013 10:30:49 | Computer Name = Metroid | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.04.2013 11:02:13 | Computer Name = Metroid | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Amnesia.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c761a46  Name des fehlerhaften Moduls: Amnesia.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c761a46  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00109c97  ID des fehlerhaften Prozesses:
 0xf40  Startzeit der fehlerhaften Anwendung: 0x01ce45b22ccca760  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Amnesia - The Dark Descent\redist\Amnesia.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Amnesia - The Dark Descent\redist\Amnesia.exe
Berichtskennung:
 f0355a20-b1a6-11e2-bc8e-003067e84606
 
[ System Events ]
Error - 14.05.2013 14:14:51 | Computer Name = Metroid | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 14.05.2013 14:16:25 | Computer Name = Metroid | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 14.05.2013 14:16:25 | Computer Name = Metroid | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 14.05.2013 14:16:25 | Computer Name = Metroid | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 14.05.2013 14:16:25 | Computer Name = Metroid | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 14.05.2013 14:20:04 | Computer Name = Metroid | Source = DCOM | ID = 10010
Description = 
 
Error - 15.05.2013 08:23:51 | Computer Name = Metroid | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 15.05.2013 08:23:51 | Computer Name = Metroid | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 15.05.2013 08:23:51 | Computer Name = Metroid | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 15.05.2013 08:23:51 | Computer Name = Metroid | Source = WMPNetworkSvc | ID = 866317
Description = 
 
 
< End of report >
         
--- --- ---


Defogger Disable
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:38 on 15/05/2013 (Niklas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

Alt 15.05.2013, 16:03   #5
MetroidLP
 
GVU Trojaner - RunDLL - Standard

GVU Trojaner - RunDLL



Gmer:

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-15 17:00:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006d WDC_WD50 rev.18.0 465,76GB
Running: bngfkr2v.exe; Driver: C:\Users\Niklas\AppData\Local\Temp\ugldypob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                    000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000076f71465 2 bytes [F7, 76]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1724] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076f71465 2 bytes [F7, 76]
.text   C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1764] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                         000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000076f71465 2 bytes [F7, 76]
.text   C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\Windows\SysWOW64\schtasks.exe[1788] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\Windows\SysWOW64\schtasks.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                       0000000076f71465 2 bytes [F7, 76]
.text   C:\Windows\SysWOW64\schtasks.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                      0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1376] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                              0000000070941a22 2 bytes [94, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                              0000000070941ad0 2 bytes [94, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                              0000000070941b08 2 bytes [94, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                              0000000070941bba 2 bytes [94, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                              0000000070941bda 2 bytes [94, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                       0000000076f71465 2 bytes [F7, 76]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                      0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2092] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000076f71465 2 bytes [F7, 76]
.text   C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2268] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                   000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000076f71465 2 bytes [F7, 76]
.text   C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2708] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                  000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000076f71465 2 bytes [F7, 76]
.text   C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\kernel32.dll!CopyFileW                                                                                    00000000769392d0 5 bytes JMP 0000000176670298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus                                                                    000000007693a4d0 5 bytes JMP 00000001765b0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\kernel32.dll!CreateFileW                                                                                  0000000076941870 5 bytes JMP 00000001766d0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\kernel32.dll!CopyFileExW                                                                                  00000000769423d0 5 bytes JMP 0000000176680298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                               0000000076951b50 5 bytes JMP 00000001765c0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\kernel32.dll!CloseHandle                                                                                  0000000076952f20 5 bytes JMP 00000001766b0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\kernel32.dll!WriteFile                                                                                    0000000076953540 5 bytes JMP 00000001766c0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW                                                                        00000000769bf6b0 5 bytes JMP 0000000176690298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\kernel32.dll!MoveFileW                                                                                    00000000769bf7b0 5 bytes JMP 00000001766a0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\kernel32.dll!CopyFileTransactedW                                                                          00000000769c5440 5 bytes JMP 0000000176660298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                               00000000769c8800 5 bytes JMP 00000001765d0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                000007fefd7d7490 5 bytes JMP 000007fffd470298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!WSASend                                                                                        000007feff0613b0 5 bytes JMP 000007fffefe0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!closesocket                                                                                    000007feff0618e0 5 bytes JMP 000007fffef90298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!WSARecv                                                                                        000007feff062200 5 bytes JMP 000007fffefb0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!connect                                                                                        000007feff0645c0 5 bytes JMP 000007feff0b0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!send                                                                                           000007feff068000 5 bytes JMP 000007feff0d0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!sendto                                                                                         000007feff06d7f0 5 bytes JMP 000007feff0f0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!recv                                                                                           000007feff06df40 5 bytes JMP 000007feff100298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!accept                                                                                         000007feff06ea00 5 bytes JMP 000007fffefa0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!WSAAccept                                                                                      000007feff06ea20 5 bytes JMP 000007feff130298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!recvfrom                                                                                       000007feff06eb90 5 bytes JMP 000007feff110298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!WSASendTo                                                                                      000007feff06ed50 5 bytes JMP 000007fffefd0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult                                                                         000007feff087a50 5 bytes JMP 000007feff140298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                                     000007feff08e0f0 5 bytes JMP 000007feff0c0298
.text   C:\Windows\system32\taskhost.exe[2968] C:\Windows\system32\WS2_32.dll!WSARecvFrom                                                                                    000007feff08e6c0 5 bytes JMP 000007feff120298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\kernel32.dll!CopyFileW                                                                                     00000000769392d0 5 bytes JMP 0000000176670298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus                                                                     000000007693a4d0 5 bytes JMP 00000001765b0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\kernel32.dll!CreateFileW                                                                                   0000000076941870 5 bytes JMP 00000001766d0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\kernel32.dll!CopyFileExW                                                                                   00000000769423d0 5 bytes JMP 0000000176680298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                0000000076951b50 5 bytes JMP 00000001765c0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\kernel32.dll!CloseHandle                                                                                   0000000076952f20 5 bytes JMP 00000001766b0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\kernel32.dll!WriteFile                                                                                     0000000076953540 5 bytes JMP 00000001766c0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW                                                                         00000000769bf6b0 5 bytes JMP 0000000176690298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\kernel32.dll!MoveFileW                                                                                     00000000769bf7b0 5 bytes JMP 00000001766a0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\kernel32.dll!CopyFileTransactedW                                                                           00000000769c5440 5 bytes JMP 0000000176660298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                00000000769c8800 5 bytes JMP 00000001765d0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                 000007fefd7d7490 5 bytes JMP 000007fffd470298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!WSASend                                                                                         000007feff0613b0 5 bytes JMP 000007fffefe0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!closesocket                                                                                     000007feff0618e0 5 bytes JMP 000007fffef90298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!WSARecv                                                                                         000007feff062200 5 bytes JMP 000007fffefb0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!connect                                                                                         000007feff0645c0 5 bytes JMP 000007feff0b0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!send                                                                                            000007feff068000 5 bytes JMP 000007feff0d0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!sendto                                                                                          000007feff06d7f0 5 bytes JMP 000007feff0f0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!recv                                                                                            000007feff06df40 5 bytes JMP 000007feff100298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!accept                                                                                          000007feff06ea00 5 bytes JMP 000007fffefa0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!WSAAccept                                                                                       000007feff06ea20 5 bytes JMP 000007feff130298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!recvfrom                                                                                        000007feff06eb90 5 bytes JMP 000007feff110298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!WSASendTo                                                                                       000007feff06ed50 5 bytes JMP 000007fffefd0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult                                                                          000007feff087a50 5 bytes JMP 000007feff140298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                                      000007feff08e0f0 5 bytes JMP 000007feff0c0298
.text   C:\Windows\system32\taskeng.exe[3020] C:\Windows\system32\WS2_32.dll!WSARecvFrom                                                                                     000007feff08e6c0 5 bytes JMP 000007feff120298
.text   C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2508] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076f71465 2 bytes [F7, 76]
.text   C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\kernel32.dll!CopyFileW                                                                                         00000000769392d0 5 bytes JMP 0000000176670298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus                                                                         000000007693a4d0 5 bytes JMP 00000001765b0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\kernel32.dll!CreateFileW                                                                                       0000000076941870 5 bytes JMP 00000001766d0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\kernel32.dll!CopyFileExW                                                                                       00000000769423d0 5 bytes JMP 0000000176680298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                    0000000076951b50 5 bytes JMP 00000001765c0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\kernel32.dll!CloseHandle                                                                                       0000000076952f20 5 bytes JMP 00000001766b0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\kernel32.dll!WriteFile                                                                                         0000000076953540 5 bytes JMP 00000001766c0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW                                                                             00000000769bf6b0 5 bytes JMP 0000000176690298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\kernel32.dll!MoveFileW                                                                                         00000000769bf7b0 5 bytes JMP 00000001766a0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\kernel32.dll!CopyFileTransactedW                                                                               00000000769c5440 5 bytes JMP 0000000176660298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                    00000000769c8800 5 bytes JMP 00000001765d0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!WSASend                                                                                             000007feff0613b0 5 bytes JMP 000007fffefe0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!closesocket                                                                                         000007feff0618e0 5 bytes JMP 000007fffef90298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!WSARecv                                                                                             000007feff062200 5 bytes JMP 000007fffefb0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!connect                                                                                             000007feff0645c0 5 bytes JMP 000007feff0b0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!send                                                                                                000007feff068000 5 bytes JMP 000007feff0d0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!sendto                                                                                              000007feff06d7f0 5 bytes JMP 000007feff0f0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!recv                                                                                                000007feff06df40 5 bytes JMP 000007feff100298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!accept                                                                                              000007feff06ea00 5 bytes JMP 000007fffefa0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!WSAAccept                                                                                           000007feff06ea20 5 bytes JMP 000007feff130298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!recvfrom                                                                                            000007feff06eb90 5 bytes JMP 000007feff110298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!WSASendTo                                                                                           000007feff06ed50 5 bytes JMP 000007fffefd0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult                                                                              000007feff087a50 5 bytes JMP 000007feff140298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                                          000007feff08e0f0 5 bytes JMP 000007feff0c0298
.text   C:\Windows\system32\Dwm.exe[3128] C:\Windows\system32\WS2_32.dll!WSARecvFrom                                                                                         000007feff08e6c0 5 bytes JMP 000007feff120298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\kernel32.dll!CopyFileW                                                                                             00000000769392d0 5 bytes JMP 0000000176670298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus                                                                             000000007693a4d0 5 bytes JMP 00000001765b0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\kernel32.dll!CreateFileW                                                                                           0000000076941870 5 bytes JMP 00000001766d0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\kernel32.dll!CopyFileExW                                                                                           00000000769423d0 5 bytes JMP 0000000176680298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                        0000000076951b50 5 bytes JMP 00000001765c0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\kernel32.dll!CloseHandle                                                                                           0000000076952f20 5 bytes JMP 00000001766b0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\kernel32.dll!WriteFile                                                                                             0000000076953540 5 bytes JMP 00000001766c0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW                                                                                 00000000769bf6b0 5 bytes JMP 0000000176690298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\kernel32.dll!MoveFileW                                                                                             00000000769bf7b0 5 bytes JMP 00000001766a0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\kernel32.dll!CopyFileTransactedW                                                                                   00000000769c5440 5 bytes JMP 0000000176660298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                        00000000769c8800 5 bytes JMP 00000001765d0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                         000007fefd7d7490 5 bytes JMP 000007fffd450298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!WSASend                                                                                                 000007feff0613b0 5 bytes JMP 000007fffefe0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!closesocket                                                                                             000007feff0618e0 5 bytes JMP 000007fffef90298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!WSARecv                                                                                                 000007feff062200 5 bytes JMP 000007fffefb0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!connect                                                                                                 000007feff0645c0 5 bytes JMP 000007feff0b0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!send                                                                                                    000007feff068000 5 bytes JMP 000007feff0d0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!sendto                                                                                                  000007feff06d7f0 5 bytes JMP 000007feff0f0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!recv                                                                                                    000007feff06df40 5 bytes JMP 000007feff100298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!accept                                                                                                  000007feff06ea00 5 bytes JMP 000007fffefa0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!WSAAccept                                                                                               000007feff06ea20 5 bytes JMP 000007feff130298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!recvfrom                                                                                                000007feff06eb90 5 bytes JMP 000007feff110298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!WSASendTo                                                                                               000007feff06ed50 5 bytes JMP 000007fffefd0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult                                                                                  000007feff087a50 5 bytes JMP 000007feff140298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                                              000007feff08e0f0 5 bytes JMP 000007feff0c0298
.text   C:\Windows\Explorer.EXE[3148] C:\Windows\system32\WS2_32.dll!WSARecvFrom                                                                                             000007feff08e6c0 5 bytes JMP 000007feff120298
.text   C:\Windows\SysWOW64\rundll32.exe[3276] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\Windows\SysWOW64\rundll32.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                       0000000076f71465 2 bytes [F7, 76]
.text   C:\Windows\SysWOW64\rundll32.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                      0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3292] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                          000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000076f71465 2 bytes [F7, 76]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                       0000000075ef103d 5 bytes JMP 0000000103765ae0
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                       0000000075ef1072 5 bytes JMP 0000000103764ad8
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\kernel32.dll!WriteFile                                                                            0000000075ef1282 5 bytes JMP 0000000103751a40
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\kernel32.dll!CloseHandle                                                                          0000000075ef1410 5 bytes JMP 0000000103752a48
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                                          0000000075ef3f2c 5 bytes JMP 0000000103750a38
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                                          0000000075ef8983 5 bytes JMP 0000000103753a50
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                0000000075f09a9c 5 bytes JMP 0000000103755a60
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                                            0000000075f09ac0 5 bytes JMP 0000000103754a58
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus                                                            0000000075f0d38b 5 bytes JMP 0000000103779b80
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\kernel32.dll!CreateIoCompletionPort                                                               0000000075f0eeba 5 bytes JMP 000000010377ab88
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\kernel32.dll!CopyFileExW                                                                          0000000075f13b5a 5 bytes JMP 0000000103756a68
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                                            0000000075f182d5 5 bytes JMP 0000000103757a70
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\kernel32.dll!CopyFileTransactedW                                                                  0000000075f6eb9f 5 bytes JMP 0000000103758a78
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                                       0000000074727809 5 bytes JMP 000000010375daa0
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\USER32.dll!DispatchMessageW                                                                       000000007472787b 5 bytes JMP 000000010375eaa8
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                            00000000747278e2 5 bytes JMP 0000000103760ab8
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\USER32.dll!DispatchMessageA                                                                       0000000074727bbb 5 bytes JMP 000000010375fab0
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                            0000000074727bd3 5 bytes JMP 0000000103761ac0
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                  00000000747290d3 5 bytes JMP 000000010377cb98
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                           00000000747305ba 5 bytes JMP 0000000103762ac8
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                           0000000074735f74 5 bytes JMP 0000000103763ad0
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                  0000000074736c30 5 bytes JMP 000000010377dba0
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\USER32.dll!IsDialogMessage                                                                        00000000747450ed 5 bytes JMP 000000010375ca98
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\USER32.dll!IsDialogMessageW                                                                       000000007474c701 5 bytes JMP 000000010375ba90
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                        000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithTokenW                                                              0000000074ce531f 5 bytes JMP 0000000103769b00
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW                                                                      0000000075169708 5 bytes JMP 0000000103759a80
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                        0000000075dc9d0b 5 bytes JMP 000000010375aa88
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                               0000000076f71465 2 bytes [F7, 76]
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                              0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!sendto                                                                                 00000000749e34b5 5 bytes JMP 000000010376fb30
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                            00000000749e3918 5 bytes JMP 0000000103778b78
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                00000000749e4406 5 bytes JMP 000000010376eb28
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!accept                                                                                 00000000749e68b6 5 bytes JMP 0000000103776b68
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!WSAAccept                                                                              00000000749e68d6 5 bytes JMP 0000000103777b70
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!recv                                                                                   00000000749e6b0e 5 bytes JMP 0000000103771b40
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!connect                                                                                00000000749e6bdd 5 bytes JMP 000000010376ab08
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!send                                                                                   00000000749e6f01 5 bytes JMP 000000010376cb18
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                                00000000749e7089 5 bytes JMP 0000000103773b50
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult                                                                 00000000749e7489 5 bytes JMP 000000010377bb90
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!recvfrom                                                                               00000000749eb6dc 5 bytes JMP 0000000103774b58
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom                                                                            00000000749ecba6 5 bytes JMP 0000000103775b60
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                             00000000749ecc3f 5 bytes JMP 000000010376bb10
.text   C:\Program Files (x86)\Safari\Safari.exe[4848] C:\Windows\syswow64\WS2_32.dll!WSASendTo                                                                              00000000749fb30c 5 bytes JMP 0000000103770b38
?       C:\Windows\system32\mssprxy.dll [4848] entry point in ".rdata" section                                                                                               0000000069d971e6
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                  0000000075ef103d 5 bytes JMP 000000010c175ae0
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                  0000000075ef1072 5 bytes JMP 000000010c174ad8
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\kernel32.dll!WriteFile                                       0000000075ef1282 5 bytes JMP 000000010c161a40
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\kernel32.dll!CloseHandle                                     0000000075ef1410 5 bytes JMP 000000010c162a48
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\kernel32.dll!CreateFileW                                     0000000075ef3f2c 5 bytes JMP 000000010c160a38
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                     0000000075ef8983 5 bytes JMP 000000010c163a50
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                           0000000075f09a9c 5 bytes JMP 000000010c165a60
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\kernel32.dll!MoveFileW                                       0000000075f09ac0 5 bytes JMP 000000010c164a58
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus                       0000000075f0d38b 5 bytes JMP 000000010c189b80
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\kernel32.dll!CreateIoCompletionPort                          0000000075f0eeba 5 bytes JMP 000000010c18ab88
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\kernel32.dll!CopyFileExW                                     0000000075f13b5a 5 bytes JMP 000000010c166a68
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\kernel32.dll!CopyFileW                                       0000000075f182d5 5 bytes JMP 000000010c167a70
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\kernel32.dll!CopyFileTransactedW                             0000000075f6eb9f 5 bytes JMP 000000010c168a78
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\USER32.dll!TranslateMessage                                  0000000074727809 5 bytes JMP 000000010c16daa0
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\USER32.dll!DispatchMessageW                                  000000007472787b 5 bytes JMP 000000010c16eaa8
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\USER32.dll!GetMessageW                                       00000000747278e2 5 bytes JMP 000000010c170ab8
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\USER32.dll!DispatchMessageA                                  0000000074727bbb 5 bytes JMP 000000010c16fab0
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\USER32.dll!GetMessageA                                       0000000074727bd3 5 bytes JMP 000000010c171ac0
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                             00000000747290d3 5 bytes JMP 000000010c18cb98
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\USER32.dll!PeekMessageW                                      00000000747305ba 5 bytes JMP 000000010c172ac8
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\USER32.dll!PeekMessageA                                      0000000074735f74 5 bytes JMP 000000010c173ad0
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                             0000000074736c30 5 bytes JMP 000000010c18dba0
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\USER32.dll!IsDialogMessage                                   00000000747450ed 5 bytes JMP 000000010c16ca98
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\USER32.dll!IsDialogMessageW                                  000000007474c701 5 bytes JMP 000000010c16ba90
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                   000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithTokenW                         0000000074ce531f 5 bytes JMP 000000010c179b00
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW                                 0000000075169708 5 bytes JMP 000000010c169a80
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                   0000000075dc9d0b 5 bytes JMP 000000010c16aa88
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000076f71465 2 bytes [F7, 76]
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!sendto                                            00000000749e34b5 5 bytes JMP 000000010c17fb30
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!closesocket                                       00000000749e3918 5 bytes JMP 000000010c188b78
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!WSASend                                           00000000749e4406 5 bytes JMP 000000010c17eb28
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!accept                                            00000000749e68b6 5 bytes JMP 000000010c186b68
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!WSAAccept                                         00000000749e68d6 5 bytes JMP 000000010c187b70
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!recv                                              00000000749e6b0e 5 bytes JMP 000000010c181b40
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!connect                                           00000000749e6bdd 5 bytes JMP 000000010c17ab08
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!send                                              00000000749e6f01 5 bytes JMP 000000010c17cb18
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!WSARecv                                           00000000749e7089 5 bytes JMP 000000010c183b50
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult                            00000000749e7489 5 bytes JMP 000000010c18bb90
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!recvfrom                                          00000000749eb6dc 5 bytes JMP 000000010c184b58
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom                                       00000000749ecba6 5 bytes JMP 000000010c185b60
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                        00000000749ecc3f 5 bytes JMP 000000010c17bb10
.text   C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe[5100] C:\Windows\syswow64\WS2_32.dll!WSASendTo                                         00000000749fb30c 5 bytes JMP 000000010c180b38
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                           0000000075ef103d 5 bytes JMP 0000000104135ae0
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                           0000000075ef1072 5 bytes JMP 0000000104134ad8
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\kernel32.dll!WriteFile                                                                                0000000075ef1282 5 bytes JMP 0000000104121a40
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\kernel32.dll!CloseHandle                                                                              0000000075ef1410 5 bytes JMP 0000000104122a48
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                                              0000000075ef3f2c 5 bytes JMP 0000000104120a38
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                                              0000000075ef8983 5 bytes JMP 0000000104123a50
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                    0000000075f09a9c 5 bytes JMP 0000000104125a60
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                                                0000000075f09ac0 5 bytes JMP 0000000104124a58
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus                                                                0000000075f0d38b 5 bytes JMP 0000000104149b80
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\kernel32.dll!CreateIoCompletionPort                                                                   0000000075f0eeba 5 bytes JMP 000000010414ab88
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\kernel32.dll!CopyFileExW                                                                              0000000075f13b5a 5 bytes JMP 0000000104126a68
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                                                0000000075f182d5 5 bytes JMP 0000000104127a70
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\kernel32.dll!CopyFileTransactedW                                                                      0000000075f6eb9f 5 bytes JMP 0000000104128a78
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithTokenW                                                                  0000000074ce531f 5 bytes JMP 0000000104139b00
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                                           0000000074727809 5 bytes JMP 000000010412daa0
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\USER32.dll!DispatchMessageW                                                                           000000007472787b 5 bytes JMP 000000010412eaa8
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                00000000747278e2 5 bytes JMP 0000000104130ab8
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\USER32.dll!DispatchMessageA                                                                           0000000074727bbb 5 bytes JMP 000000010412fab0
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                0000000074727bd3 5 bytes JMP 0000000104131ac0
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                      00000000747290d3 5 bytes JMP 000000010414cb98
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                               00000000747305ba 5 bytes JMP 0000000104132ac8
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                               0000000074735f74 5 bytes JMP 0000000104133ad0
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                      0000000074736c30 5 bytes JMP 000000010414dba0
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\USER32.dll!IsDialogMessage                                                                            00000000747450ed 5 bytes JMP 000000010412ca98
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\USER32.dll!IsDialogMessageW                                                                           000000007474c701 5 bytes JMP 000000010412ba90
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                            000000007474cfca 5 bytes JMP 0000000172a94720
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW                                                                          0000000075169708 5 bytes JMP 0000000104129a80
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                            0000000075dc9d0b 5 bytes JMP 000000010412aa88
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                   0000000076f71465 2 bytes [F7, 76]
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                  0000000076f714bb 2 bytes [F7, 76]
.text   ...                                                                                                                                                                  * 2
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!sendto                                                                                     00000000749e34b5 5 bytes JMP 000000010413fb30
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                                00000000749e3918 5 bytes JMP 0000000104148b78
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                    00000000749e4406 5 bytes JMP 000000010413eb28
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!accept                                                                                     00000000749e68b6 5 bytes JMP 0000000104146b68
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!WSAAccept                                                                                  00000000749e68d6 5 bytes JMP 0000000104147b70
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!recv                                                                                       00000000749e6b0e 5 bytes JMP 0000000104141b40
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!connect                                                                                    00000000749e6bdd 5 bytes JMP 000000010413ab08
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!send                                                                                       00000000749e6f01 5 bytes JMP 000000010413cb18
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                                    00000000749e7089 5 bytes JMP 0000000104143b50
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult                                                                     00000000749e7489 5 bytes JMP 000000010414bb90
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!recvfrom                                                                                   00000000749eb6dc 5 bytes JMP 0000000104144b58
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom                                                                                00000000749ecba6 5 bytes JMP 0000000104145b60
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                                 00000000749ecc3f 5 bytes JMP 000000010413bb10
.text   C:\Users\Niklas\Desktop\bngfkr2v.exe[2336] C:\Windows\syswow64\WS2_32.dll!WSASendTo                                                                                  00000000749fb30c 5 bytes JMP 0000000104140b38

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [852:4692]                                                                                                        000007fefb882a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [852:1244]                                                                                                        000007feef9ed618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [852:4124]                                                                                                        000007feef9ed618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [852:1372]                                                                                                        000007fef6845124

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                  0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                  0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                               0x48 0xB6 0x59 0xA4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                  C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                         0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                      0x1D 0x38 0xC2 0x01 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                 0x50 0xDD 0x76 0xFE ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                 
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                      0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                      0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                   0x48 0xB6 0x59 0xA4 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                      C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                        
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                             0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                          0x1D 0x38 0xC2 0x01 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                   
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                     0x50 0xDD 0x76 0xFE ...

---- EOF - GMER 2.1 ----
         
--- --- ---


Alt 15.05.2013, 17:25   #6
M-K-D-B
/// TB-Ausbilder
 
GVU Trojaner - RunDLL - Standard

GVU Trojaner - RunDLL



Servus,



Aus deiner Logdatei:
Zitat:
O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner Software benutzt wird, die nicht legal erworben wurde.

Supportstopp
Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.
Damit ist das Thema beendet.
__________________
--> GVU Trojaner - RunDLL

Thema geschlossen

Themen zu GVU Trojaner - RunDLL
andere, appdata, arten, beim starten, black, dll, fehlermeldung, foren, frage, fragen, google, gvu trojaner, hilfe benötigt, interne, internet, langer, leute, local, modul, nichts, rundll, starte, starten, temp, troja, trojaner, trotz, users, wgsdgsdgdsgsd.exe



Ähnliche Themen: GVU Trojaner - RunDLL


  1. RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (25)
  2. RunDll : install_0_msi.exe wurde nicht gefunden, trojaner?
    Log-Analyse und Auswertung - 31.10.2012 (32)
  3. RunDLL Fehlermeldung nachz GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (16)
  4. RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (8)
  5. GVU-Trojaner, runDLL-Fehlermeldung, was ist noch zu tun?
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (16)
  6. GVU Trojaner inkl. rundll-Probleme beim Systemstart
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (12)
  7. Nach GVU Trojaner Entfernung RUNDLL Fehlermeldung nach Systemstart ?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (2)
  8. RunDLL Message nach Entfernung von GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  9. Bundespolizei Trojaner, RunDLL Fehler nach Virenscan
    Log-Analyse und Auswertung - 29.03.2012 (3)
  10. RunDll Fehler nach Trojaner-Fund
    Log-Analyse und Auswertung - 26.08.2011 (22)
  11. Rundll-Fehler, unbek. Sys-dateien, aufspringende IE-Fenster, Trojaner ...
    Plagegeister aller Art und deren Bekämpfung - 04.12.2010 (31)
  12. runDLL Meldung nach löschen von Trojaner
    Plagegeister aller Art und deren Bekämpfung - 01.11.2010 (0)
  13. Rundll Fehlermeldung nach Entfernen von Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.08.2009 (2)
  14. Trojaner gelöscht - nun RUNDLL-Meldung bei Neustart
    Plagegeister aller Art und deren Bekämpfung - 27.06.2009 (23)
  15. Systemstart rundll-Meldung und hartnäckiger Trojaner/Spyware Befall
    Log-Analyse und Auswertung - 27.01.2009 (4)
  16. RUNDLL Fehermeldung und mind. 6 Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.12.2008 (0)
  17. Rundll ist ein Trojaner, was tun??
    Archiv - 28.01.2003 (1)

Zum Thema GVU Trojaner - RunDLL - Hallo Leute ich habe seit langem eine Fehlermeldung wenn ich meinen PC anschalte! Die Lautet: RunDLL Problem beim Starten von C\Users\Niklas\AppData\Local\Temp\wgsdgsdgdsgsd.exe Das angegebene Modul wurde nicht gefunden. Ich weis das - GVU Trojaner - RunDLL...
Archiv
Du betrachtest: GVU Trojaner - RunDLL auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.