Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 64bit: rvzr-a.akamaihd

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.01.2014, 20:15   #1
Ronin1
 
Windows 7 64bit: rvzr-a.akamaihd - Beitrag

Windows 7 64bit: rvzr-a.akamaihd



Ich hatte ständige Pop-Ups mit der Adresse akamaihd.net/... außerdem Werbung auf Seiten wie Youtube die trotz adblocker zu sehen war.
Hab erst Avira und dann adwcleaner laufen lassen. Die Symptome verschwanden dann auch. Habe dann aber hier: computer.wer-weiss-was.de/viren/virenbefall-rvzr-auf-win7-ultimate-64-bit-sp1 noch mal nen wenig mehr gelesen und nen ziemlich Angst bekommen, dass es noch nicht ganz weg ist. Hier das Logfile von Avira:
Code:
ATTFilter
Exportierte Ereignisse:

12.01.2014 19:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Matthias\AppData\Local\Temp\Setup1.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '45035e06.qua' 
      verschoben!

12.01.2014 19:26 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\Matthias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\739271e3-52
      14774a'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/Java.HLP.FW' [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5dd971f3.qua' 
      verschoben!

12.01.2014 19:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Matthias\AppData\Local\Temp\kcp76Vrb.zip.part'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Kryptik.83865681' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '716f4b2e.qua' 
      verschoben!

12.01.2014 19:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Matthias\AppData\Local\Temp\Setup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '175c04ee.qua' 
      verschoben!

12.01.2014 14:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files 
      (x86)\VideoPlayerV3\VideoPlayerV3beta940\ie\VideoPlayerV3beta940.dll'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

12.01.2014 14:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files 
      (x86)\VideoPlayerV3\VideoPlayerV3beta940\ie\VideoPlayerV3beta940.dll'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

27.12.2013 13:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files 
      (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ie\WebexpEnhancedV1alpha7742.dl
      l'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5a7be512.qua' 
      verschoben!

27.12.2013 13:46 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files 
      (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ie\WebexpEnhancedV1alpha7742.dl
      l'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

27.12.2013 13:46 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files 
      (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ie\WebexpEnhancedV1alpha7742.dl
      l'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         
Hier das FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2014 01
Ran by Matthias (administrator) on MATTHIAS-PC on 12-01-2014 21:18:55
Running from C:\Users\Matthias\Desktop\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_FATIBGE.EXE
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
() C:\Users\Matthias\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(FUJIFILM Corporation) C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKCU\...\Run: [RegistryBooster] - "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation)
HKCU\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [Active Desktop Calendar] - C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe
HKCU\...\Run: [EPSON Stylus D78 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBGE.EXE [139264 2006-09-22] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-05-04] (AMD)
HKCU\...\Run: [HP Officejet 4620 series (NET)] - C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Matthias\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
MountPoints2: {d96fa71c-c014-11df-8f0e-806e6f6e6963} - D:\autorun.exe
MountPoints2: {dc064c09-c24b-11df-b1fb-1c6f654654fd} - E:\setup.exe
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2437DBC62654CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\lp85usfw.default-1378845892774
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Matthias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Matthias\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Pocket - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\lp85usfw.default-1378845892774\Extensions\isreaditlater@ideashower.com [2013-09-10]
FF Extension: FoxyDeal - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\lp85usfw.default-1378845892774\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-12-11]
FF Extension: Adblock Plus - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\lp85usfw.default-1378845892774\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-21]
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha7742.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff
FF Extension: Webexp Enhanced - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff [2013-12-27]
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta940.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff
FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff [2014-01-12]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [cofndncbjjkbmkhbkcbdefpgpbdbmbko] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ch\VideoPlayerV3beta940.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [mibkjfhmhmdhlikalehmhjmokpigooni] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ch\WebexpEnhancedV1alpha7742.crx [2013-12-20]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3852792 2010-09-08] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-29] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-10] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
S3 dump_wmimmc; \??\C:\gPotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
S1 qbumwzkd; \??\C:\Windows\system32\drivers\qbumwzkd.sys [x]
S1 samtlrvu; \??\C:\Windows\system32\drivers\samtlrvu.sys [x]
S1 stfmszyk; \??\C:\Windows\system32\drivers\stfmszyk.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-12 21:18 - 2014-01-12 21:18 - 00000000 ____D C:\FRST
2014-01-12 21:11 - 2014-01-12 21:11 - 00000120 ____H C:\Users\Matthias\Documents\.~lock.Ereignisse.txt#
2014-01-12 21:09 - 2014-01-12 21:09 - 00006328 _____ C:\Users\Matthias\Documents\Ereignisse.txt
2014-01-12 21:09 - 2014-01-12 21:09 - 00000000 ____D C:\Users\Matthias\Documents\Neuer Ordner (2)
2014-01-12 21:08 - 2014-01-12 21:08 - 00000000 ____D C:\Users\Matthias\Documents\Neuer Ordner
2014-01-12 21:01 - 2014-01-12 21:01 - 00000000 _____ C:\Users\Matthias\defogger_reenable
2014-01-12 19:30 - 2014-01-12 19:31 - 01233962 _____ C:\Users\Matthias\Desktop\adwcleaner_3.016(1).exe
2014-01-12 17:53 - 2014-01-12 20:52 - 00000000 ____D C:\AdwCleaner
2014-01-12 14:04 - 2014-01-12 14:04 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2014-01-02 16:54 - 2014-01-12 20:51 - 00000000 ___RD C:\Users\Matthias\Dropbox
2014-01-02 16:54 - 2014-01-02 16:54 - 00001045 _____ C:\Users\Matthias\Desktop\Dropbox.lnk
2014-01-02 16:50 - 2014-01-02 16:51 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-02 16:48 - 2014-01-02 16:49 - 00000222 _____ C:\Users\Matthias\Desktop\You Need A Budget 4 (YNAB).url
2014-01-02 16:37 - 2014-01-02 16:37 - 00000000 ____D C:\Users\Matthias\Documents\YNAB
2014-01-02 16:34 - 2014-01-12 20:51 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Dropbox
2014-01-02 16:24 - 2014-01-02 16:24 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\com.ynab.YNAB4.LiveSteam
2013-12-28 14:15 - 2013-12-28 14:15 - 00000000 ____D C:\Users\Matthias\Documents\ANNO 2070
2013-12-28 13:27 - 2013-12-28 13:27 - 00000000 ____D C:\ProgramData\Solidshield
2013-12-27 13:46 - 2013-12-27 13:46 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
2013-12-22 14:57 - 2013-12-26 21:53 - 00000000 ____D C:\Program Files (x86)\WarThunder
2013-12-22 14:57 - 2013-12-22 18:39 - 00000000 ____D C:\ProgramData\WarThunder
2013-12-22 14:57 - 2013-12-22 14:57 - 00001101 _____ C:\Users\Public\Desktop\WarThunder.lnk
2013-12-22 14:57 - 2013-12-22 14:57 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2013-12-22 14:57 - 2013-12-22 14:57 - 00000000 ____D C:\Users\Matthias\AppData\Local\WarThunder
2013-12-21 15:05 - 2013-12-21 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 11:17 - 2013-12-19 11:17 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk

==================== One Month Modified Files and Folders =======

2014-01-12 21:18 - 2014-01-12 21:18 - 00000000 ____D C:\FRST
2014-01-12 21:14 - 2011-06-09 17:30 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 21:11 - 2014-01-12 21:11 - 00000120 ____H C:\Users\Matthias\Documents\.~lock.Ereignisse.txt#
2014-01-12 21:09 - 2014-01-12 21:09 - 00006328 _____ C:\Users\Matthias\Documents\Ereignisse.txt
2014-01-12 21:09 - 2014-01-12 21:09 - 00000000 ____D C:\Users\Matthias\Documents\Neuer Ordner (2)
2014-01-12 21:08 - 2014-01-12 21:08 - 00000000 ____D C:\Users\Matthias\Documents\Neuer Ordner
2014-01-12 21:06 - 2009-07-14 05:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-12 21:06 - 2009-07-14 05:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 21:01 - 2014-01-12 21:01 - 00000000 _____ C:\Users\Matthias\defogger_reenable
2014-01-12 21:01 - 2010-09-14 16:41 - 00000000 ____D C:\Users\Matthias
2014-01-12 21:00 - 2012-04-02 01:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-12 20:55 - 2010-09-14 16:32 - 01236370 _____ C:\Windows\WindowsUpdate.log
2014-01-12 20:52 - 2014-01-12 17:53 - 00000000 ____D C:\AdwCleaner
2014-01-12 20:51 - 2014-01-02 16:54 - 00000000 ___RD C:\Users\Matthias\Dropbox
2014-01-12 20:51 - 2014-01-02 16:34 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Dropbox
2014-01-12 20:50 - 2011-06-09 17:30 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-12 20:50 - 2010-10-22 15:31 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-12 20:50 - 2010-09-30 19:48 - 00000350 _____ C:\Windows\Tasks\RegistryBooster.job
2014-01-12 20:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-12 20:50 - 2009-07-14 05:51 - 00245962 _____ C:\Windows\setupact.log
2014-01-12 20:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-12 19:32 - 2010-09-15 19:42 - 00000000 ____D C:\ProgramData\ICQ
2014-01-12 19:31 - 2014-01-12 19:30 - 01233962 _____ C:\Users\Matthias\Desktop\adwcleaner_3.016(1).exe
2014-01-12 14:04 - 2014-01-12 14:04 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2014-01-03 18:24 - 2013-04-01 14:29 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Skype
2014-01-02 16:54 - 2014-01-02 16:54 - 00001045 _____ C:\Users\Matthias\Desktop\Dropbox.lnk
2014-01-02 16:51 - 2014-01-02 16:50 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-02 16:51 - 2010-09-14 16:41 - 00000000 ___RD C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-02 16:49 - 2014-01-02 16:48 - 00000222 _____ C:\Users\Matthias\Desktop\You Need A Budget 4 (YNAB).url
2014-01-02 16:37 - 2014-01-02 16:37 - 00000000 ____D C:\Users\Matthias\Documents\YNAB
2014-01-02 16:24 - 2014-01-02 16:24 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\com.ynab.YNAB4.LiveSteam
2013-12-29 14:49 - 2012-05-03 14:48 - 00000000 ____D C:\Users\Matthias\Documents\Assassin's Creed Revelations
2013-12-29 14:45 - 2010-09-15 19:16 - 00189248 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-29 14:45 - 2010-09-15 19:16 - 00075136 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-29 14:45 - 2010-09-15 19:15 - 00532627 _____ C:\Windows\DirectX.log
2013-12-29 12:34 - 2013-06-24 15:24 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\HpUpdate
2013-12-28 14:15 - 2013-12-28 14:15 - 00000000 ____D C:\Users\Matthias\Documents\ANNO 2070
2013-12-28 13:27 - 2013-12-28 13:27 - 00000000 ____D C:\ProgramData\Solidshield
2013-12-28 13:09 - 2010-09-19 16:42 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Ubisoft
2013-12-28 00:20 - 2010-09-15 19:16 - 03123272 _____ C:\Windows\SysWOW64\pbsvc.exe
2013-12-27 13:46 - 2013-12-27 13:46 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
2013-12-26 21:53 - 2013-12-22 14:57 - 00000000 ____D C:\Program Files (x86)\WarThunder
2013-12-22 18:39 - 2013-12-22 14:57 - 00000000 ____D C:\ProgramData\WarThunder
2013-12-22 18:38 - 2010-10-01 15:42 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-22 18:38 - 2010-10-01 15:42 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-22 14:57 - 2013-12-22 14:57 - 00001101 _____ C:\Users\Public\Desktop\WarThunder.lnk
2013-12-22 14:57 - 2013-12-22 14:57 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2013-12-22 14:57 - 2013-12-22 14:57 - 00000000 ____D C:\Users\Matthias\AppData\Local\WarThunder
2013-12-22 14:57 - 2010-09-15 19:59 - 00000000 ____D C:\Users\Matthias\Documents\My Games
2013-12-22 14:49 - 2013-04-30 16:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 17:34 - 2013-04-29 21:30 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\MyPhoneExplorer
2013-12-21 15:47 - 2010-09-19 15:55 - 00000000 ____D C:\ProgramData\Ubisoft
2013-12-21 15:13 - 2010-09-19 16:23 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-12-21 15:13 - 2010-09-15 19:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-21 15:05 - 2013-12-21 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 22:29 - 2010-12-09 19:51 - 00000000 ____D C:\Users\Matthias\AppData\Local\PMB Files
2013-12-19 22:29 - 2010-12-09 19:51 - 00000000 ____D C:\ProgramData\PMB Files
2013-12-19 11:17 - 2013-12-19 11:17 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-19 11:17 - 2011-06-09 17:30 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-18 19:54 - 2013-10-17 01:18 - 00000000 ____D C:\Users\Matthias\Desktop\Stuff
2013-12-17 16:04 - 2013-05-07 15:01 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-17 16:04 - 2013-05-05 11:45 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 16:04 - 2013-05-05 11:45 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-15 00:36 - 2013-08-13 10:50 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 00:34 - 2010-09-18 10:13 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 11:43 - 2013-12-12 17:32 - 00000000 ____D C:\Users\Matthias\Desktop\Roverabschied

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\11-8_vista64_win7_64_dd_ccc_ocl.exe
C:\Users\Matthias\AppData\Local\Temp\abd2bca3e572e998a09f73c81b93454a.exe
C:\Users\Matthias\AppData\Local\Temp\ApnStub.exe
C:\Users\Matthias\AppData\Local\Temp\AskSLib.dll
C:\Users\Matthias\AppData\Local\Temp\AutoRun.exe
C:\Users\Matthias\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\CoJBiBLauncher.exe
C:\Users\Matthias\AppData\Local\Temp\DivXSetup.exe
C:\Users\Matthias\AppData\Local\Temp\DownloadManager.exe
C:\Users\Matthias\AppData\Local\Temp\drm_dyndata_7340007.dll
C:\Users\Matthias\AppData\Local\Temp\drm_dyndata_7350008.dll
C:\Users\Matthias\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Matthias\AppData\Local\Temp\drm_dyndata_7380015.dll
C:\Users\Matthias\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Matthias\AppData\Local\Temp\EAD1978.exe
C:\Users\Matthias\AppData\Local\Temp\EAD21C2.exe
C:\Users\Matthias\AppData\Local\Temp\EAD33A.exe
C:\Users\Matthias\AppData\Local\Temp\EAD33FA.exe
C:\Users\Matthias\AppData\Local\Temp\EAD4078.exe
C:\Users\Matthias\AppData\Local\Temp\EAD42D9.exe
C:\Users\Matthias\AppData\Local\Temp\EAD47E8.exe
C:\Users\Matthias\AppData\Local\Temp\EAD55EC.exe
C:\Users\Matthias\AppData\Local\Temp\EAD5CFD.exe
C:\Users\Matthias\AppData\Local\Temp\EAD63FF.exe
C:\Users\Matthias\AppData\Local\Temp\EAD6E6B.exe
C:\Users\Matthias\AppData\Local\Temp\EAD848A.exe
C:\Users\Matthias\AppData\Local\Temp\EAD95D9.exe
C:\Users\Matthias\AppData\Local\Temp\EAD9E22.exe
C:\Users\Matthias\AppData\Local\Temp\EADA60E.exe
C:\Users\Matthias\AppData\Local\Temp\EADA65C.exe
C:\Users\Matthias\AppData\Local\Temp\EADA6D9.exe
C:\Users\Matthias\AppData\Local\Temp\EADA6F8.exe
C:\Users\Matthias\AppData\Local\Temp\EADAACF.exe
C:\Users\Matthias\AppData\Local\Temp\EADAB2C.exe
C:\Users\Matthias\AppData\Local\Temp\EADAB4B.exe
C:\Users\Matthias\AppData\Local\Temp\EADAC45.exe
C:\Users\Matthias\AppData\Local\Temp\EADAEB5.exe
C:\Users\Matthias\AppData\Local\Temp\EADB1B1.exe
C:\Users\Matthias\AppData\Local\Temp\EADB1D1.exe
C:\Users\Matthias\AppData\Local\Temp\EADB53A.exe
C:\Users\Matthias\AppData\Local\Temp\EADB8F2.exe
C:\Users\Matthias\AppData\Local\Temp\EADB9BD.exe
C:\Users\Matthias\AppData\Local\Temp\EADBDF1.exe
C:\Users\Matthias\AppData\Local\Temp\EADBEAC.exe
C:\Users\Matthias\AppData\Local\Temp\EADBEEB.exe
C:\Users\Matthias\AppData\Local\Temp\EADBFB5.exe
C:\Users\Matthias\AppData\Local\Temp\EADBFD5.exe
C:\Users\Matthias\AppData\Local\Temp\EADC15B.exe
C:\Users\Matthias\AppData\Local\Temp\EADC1C8.exe
C:\Users\Matthias\AppData\Local\Temp\EADC283.exe
C:\Users\Matthias\AppData\Local\Temp\EADC3CB.exe
C:\Users\Matthias\AppData\Local\Temp\EADC3F.exe
C:\Users\Matthias\AppData\Local\Temp\EADC698.exe
C:\Users\Matthias\AppData\Local\Temp\EADD068.exe
C:\Users\Matthias\AppData\Local\Temp\EADD1CF.exe
C:\Users\Matthias\AppData\Local\Temp\EADD4CB.exe
C:\Users\Matthias\AppData\Local\Temp\EADD6FD.exe
C:\Users\Matthias\AppData\Local\Temp\EADD7E7.exe
C:\Users\Matthias\AppData\Local\Temp\EADD87.exe
C:\Users\Matthias\AppData\Local\Temp\EADDA85.exe
C:\Users\Matthias\AppData\Local\Temp\EADDF08.exe
C:\Users\Matthias\AppData\Local\Temp\EADE54F.exe
C:\Users\Matthias\AppData\Local\Temp\EADE667.exe
C:\Users\Matthias\AppData\Local\Temp\EADE8B8.exe
C:\Users\Matthias\AppData\Local\Temp\EADE8F7.exe
C:\Users\Matthias\AppData\Local\Temp\EADEB67.exe
C:\Users\Matthias\AppData\Local\Temp\EADEC80.exe
C:\Users\Matthias\AppData\Local\Temp\EADED0C.exe
C:\Users\Matthias\AppData\Local\Temp\EADEDC7.exe
C:\Users\Matthias\AppData\Local\Temp\EADF18E.exe
C:\Users\Matthias\AppData\Local\Temp\EADF3C0.exe
C:\Users\Matthias\AppData\Local\Temp\EADF4E8.exe
C:\Users\Matthias\AppData\Local\Temp\EADF758.exe
C:\Users\Matthias\AppData\Local\Temp\EADFFA2.exe
C:\Users\Matthias\AppData\Local\Temp\EBU62F6.exe
C:\Users\Matthias\AppData\Local\Temp\EBUC1E7.DLL
C:\Users\Matthias\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Matthias\AppData\Local\Temp\FileSystemView.dll
C:\Users\Matthias\AppData\Local\Temp\First15.exe
C:\Users\Matthias\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Matthias\AppData\Local\Temp\gwunstal.exe
C:\Users\Matthias\AppData\Local\Temp\htmlayout.dll
C:\Users\Matthias\AppData\Local\Temp\i4jdel0.exe
C:\Users\Matthias\AppData\Local\Temp\installerdll129356.dll
C:\Users\Matthias\AppData\Local\Temp\installerdll143224.dll
C:\Users\Matthias\AppData\Local\Temp\installerdll144035.dll
C:\Users\Matthias\AppData\Local\Temp\installerdll163083.dll
C:\Users\Matthias\AppData\Local\Temp\installerdll166640.dll
C:\Users\Matthias\AppData\Local\Temp\installerdll172786.dll
C:\Users\Matthias\AppData\Local\Temp\installerdll180025.dll
C:\Users\Matthias\AppData\Local\Temp\installerdll194767.dll
C:\Users\Matthias\AppData\Local\Temp\installerdll197403.dll
C:\Users\Matthias\AppData\Local\Temp\installerdll207824.dll
C:\Users\Matthias\AppData\Local\Temp\installerdll221911.dll
C:\Users\Matthias\AppData\Local\Temp\installerdll241661.dll
C:\Users\Matthias\AppData\Local\Temp\installerdll373684.dll
C:\Users\Matthias\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Matthias\AppData\Local\Temp\InstallManager_GEN_GEN.exe
C:\Users\Matthias\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Matthias\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Matthias\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Matthias\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Matthias\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Matthias\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Matthias\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Matthias\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Matthias\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Matthias\AppData\Local\Temp\Launcher_i187897176.exe
C:\Users\Matthias\AppData\Local\Temp\mpam-ae20ddfa.exe
C:\Users\Matthias\AppData\Local\Temp\NeffySetup.exe
C:\Users\Matthias\AppData\Local\Temp\Quarantine.exe
C:\Users\Matthias\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Matthias\AppData\Local\Temp\sonarinst.exe
C:\Users\Matthias\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Matthias\AppData\Local\Temp\tbedrs.dll
C:\Users\Matthias\AppData\Local\Temp\tmp1296.exe
C:\Users\Matthias\AppData\Local\Temp\tmp2FF5.exe
C:\Users\Matthias\AppData\Local\Temp\tmp6509.exe
C:\Users\Matthias\AppData\Local\Temp\tmp84D8.exe
C:\Users\Matthias\AppData\Local\Temp\tmp89C7.exe
C:\Users\Matthias\AppData\Local\Temp\tmp89F6.exe
C:\Users\Matthias\AppData\Local\Temp\tmpC023.exe
C:\Users\Matthias\AppData\Local\Temp\tmpC419.exe
C:\Users\Matthias\AppData\Local\Temp\tmpCD4C.exe
C:\Users\Matthias\AppData\Local\Temp\tmpD74B.exe
C:\Users\Matthias\AppData\Local\Temp\tmpE12A.exe
C:\Users\Matthias\AppData\Local\Temp\tmpE687.exe
C:\Users\Matthias\AppData\Local\Temp\toolbar17420038.exe
C:\Users\Matthias\AppData\Local\Temp\toolbar17453937.exe
C:\Users\Matthias\AppData\Local\Temp\ubi1A83.tmp.exe
C:\Users\Matthias\AppData\Local\Temp\ubi224F.tmp.exe
C:\Users\Matthias\AppData\Local\Temp\ubi366F.tmp.exe
C:\Users\Matthias\AppData\Local\Temp\ubi8566.tmp.exe
C:\Users\Matthias\AppData\Local\Temp\ubi8C58.tmp.exe
C:\Users\Matthias\AppData\Local\Temp\ubiE927.tmp.exe
C:\Users\Matthias\AppData\Local\Temp\uninstall18629561.exe
C:\Users\Matthias\AppData\Local\Temp\uninstall18641214.exe
C:\Users\Matthias\AppData\Local\Temp\uninstall18641230.exe
C:\Users\Matthias\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Matthias\AppData\Local\Temp\utt8B24.tmp.exe
C:\Users\Matthias\AppData\Local\Temp\VP6Install.exe
C:\Users\Matthias\AppData\Local\Temp\VP6VFW.dll
C:\Users\Matthias\AppData\Local\Temp\ytb.exe
C:\Users\Matthias\AppData\Local\Temp\_is1489.exe
C:\Users\Matthias\AppData\Local\Temp\_is1FBF.exe
C:\Users\Matthias\AppData\Local\Temp\_is50F0.exe
C:\Users\Matthias\AppData\Local\Temp\_is58B.exe
C:\Users\Matthias\AppData\Local\Temp\_is58E8.exe
C:\Users\Matthias\AppData\Local\Temp\_is5C74.exe
C:\Users\Matthias\AppData\Local\Temp\_is68A1.exe
C:\Users\Matthias\AppData\Local\Temp\_is6C26.exe
C:\Users\Matthias\AppData\Local\Temp\_is94EA.exe
C:\Users\Matthias\AppData\Local\Temp\_is9617.exe
C:\Users\Matthias\AppData\Local\Temp\_isA62E.exe
C:\Users\Matthias\AppData\Local\Temp\_isAAB0.exe
C:\Users\Matthias\AppData\Local\Temp\_isB121.exe
C:\Users\Matthias\AppData\Local\Temp\_isBFC.exe
C:\Users\Matthias\AppData\Local\Temp\_isE367.exe
C:\Users\Matthias\AppData\Local\Temp\_isEE40.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-12 14:32

==================== End Of Log ============================
         
--- --- ---

und das Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2014 01
Ran by Matthias at 2014-01-12 21:22:07
Running from C:\Users\Matthias\Desktop\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (x32 Version: 3.2.1.28086 - BitTorrent Inc.)
7-Zip 4.65 (x32 Version:  - )
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7 - Adobe Systems Incorporated)
Age of Mythology - The Titans Expansion (x32 Version:  - )
Age of Mythology (x32 Version:  - )
Age of Wonders II (x32 Version:  - )
Age of Wonders Shadow Magic (x32 Version:  - )
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.9 (x32 Version:  - )
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ANNO 1404 (x32 Version: 1.03.0000 - Ubisoft)
Apple Application Support (x32 Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Assassin’s Creed® III (x32 Version:  - Ubisoft Montreal)
Assassin's Creed (x32 Version: 1.00 - Ubisoft)
Assassin's Creed Brotherhood (x32 Version: 1.03 - Ubisoft)
Assassin's Creed II (x32 Version: 1.01 - Ubisoft)
Assassin's Creed Revelations (x32 Version:  - Ubisoft Montreal)
Assassin's Creed Revelations (x32 Version: 1.00 - Ubisoft)
ATI AVIVO64 Codecs (Version: 11.1.0.50504 - ATI Technologies Inc.) Hidden
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Battle for Wesnoth 1.8.5 (x32 Version: 1.8.5 - )
Battlelog Web Plugins (x32 Version: 2.3.0 - EA Digital Illusions CE AB)
BioShock (x32 Version: 2.62.0000 - 2K Games)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Call of Juarez - Bound in Blood (x32 Version: 1.00.0000 - Ubisoft)
Call of Juarez - Bound in Blood (x32 Version: 1.00.0000 - Ubisoft) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Company of Heroes 2 (x32 Version:  - Relic Entertainment)
Counter-Strike: Global Offensive (x32 Version:  - )
Counter-Strike: Source (x32 Version:  - Valve)
CPU-Control (x32 Version:  - Koma-Code)
Crysis 2 Maximum Edition (x32 Version:  - Electronic Arts)
Crysis(R) (x32 Version: 1.00.0000 - Electronic Arts)
Dawn of War - Dark Crusade (x32 Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
Dead Space (x32 Version:  - EA Redwood Shores)
Die Sims 2 (x32 Version:  - )
Die Sims 2: Open For Business (x32 Version:  - )
Die Sims™ 2 Vier Jahreszeiten (x32 Version:  - )
DivX-Setup (x32 Version: 2.6.0.34 - DivX, LLC)
Dragonica(DE) (x32 Version: 9.5.8.0 - GALA Networks Europe Limited.)
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
EAX Unified (x32 Version:  - )
EAX4 Unified Redist (x32 Version: 4.001 - Creative Labs)
Empire: Total War (x32 Version:  - The Creative Assembly)
EPSON-Drucker-Software (Version:  - SEIKO EPSON Corporation)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden
Fallout New Vegas (x32 Version:  - )
FIFA 11 (x32 Version: 1.0.0.0 - Electronic Arts)
FinePix Studio (x32 Version:  - )
FinePixViewer Resource (x32 Version: 1.2 - FUJIFILM Corporation)
FinePixViewer Ver.5.4 (x32 Version: 5.4 - FUJIFILM Corporation)
FoxyDeal (x32 Version: 1.1.0 - R&E Media GmbH)
FreeTorrentViewer (x32 Version: 1.0.0.1 - Free Torrent Viewer)
GameSpy Comrade (x32 Version: 1.5.0.156 - GameSpy)
GIMP 2.6.10 (x32 Version: 2.6.10 - The GIMP Team)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version:  - Rockstar)
Grand Theft Auto IV (x32 Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto: Episodes from Liberty City (x32 Version:  - Rockstar)
GRID 2 (x32 Version:  - Codemasters Racing)
Half-Life 2 (x32 Version:  - Valve)
Half-Life 2: Episode One (x32 Version:  - Valve)
Half-Life 2: Episode Two (x32 Version:  - Valve)
Half-Life 2: Lost Coast (x32 Version:  - Valve)
HP Officejet 4620 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (x32 Version: 5.003.003.001 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden
I.R.I.S. OCR (x32 Version: 12.3.4.0 - HP)
ICQ7.4 (x32 Version: 7.4 - ICQ)
iTunes (Version: 11.0.1.12 - Apple Inc.)
Jagged Alliance 2 (x32 Version: v1.05 - Grosses_K)
League of Legends (x32 Version: 1.02.0000 - Riot Games)
Left 4 Dead 2 (x32 Version:  - Valve)
LEGO Star Wars II (x32 Version: 1.00.0000 - LucasArts) Hidden
Logitech Gaming Software 5.10 (Version: 5.10.127 - Logitech)
Mafia (x32 Version:  - )
Mafia II (x32 Version:  - 2K Czech)
Mass Effect (x32 Version:  - BioWare)
Mass Effect 2 (x32 Version:  - BioWare)
Mass Effect™ 3 (x32 Version: 1.05.0.0 - Electronic Arts)
Max Payne 3 (x32 Version:  - Rockstar Studios)
Medieval II Total War (x32 Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (x32 Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (x32 Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (x32 Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (x32 Version: 1.03.000 - SEGA)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mirror's Edge™ (x32 Version: 1.0.1.0 - Electronic Arts)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (x32 Version: 1.0.0 - Microsoft Game Studios)
Mumble 1.2.3 (x32 Version: 1.2.3 - Thorvald Natvig)
MyPhoneExplorer (x32 Version: 1.8.4 - F.J. Wechselberger)
Neffy 1,3,29,0 (x32 Version: 1,3,29,0 - CDNetworks)
NVIDIA PhysX (x32 Version: 9.11.1107 - NVIDIA Corporation)
OpenAL (x32 Version:  - )
OpenOffice.org 3.2 (x32 Version: 3.2.9502 - OpenOffice.org)
Opera 12.02 (x32 Version: 12.02.1578 - Opera Software ASA)
Origin (x32 Version: 9.1.15.109 - Electronic Arts, Inc.)
Pando Media Booster (x32 Version: 2.3.5.1 - Pando Networks Inc.)
PhotoFiltre (HKCU Version:  - )
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Portal (x32 Version:  - Valve)
Portal 2 (x32 Version:  - Valve)
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
Rockstar Games Social Club (x32 Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (x32 Version: 1.1.0.6 - Rockstar Games)
Sid Meier's Civilization 4 - Warlords (x32 Version: 1.00.0000 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Sid Meier's Civilization 4 (x32 Version: 1.61 - Firaxis Games)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Source SDK Base 2007 (x32 Version:  - Valve)
SPORE™ (x32 Version: 1.00.0000 - Electronic Arts)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 (x32 Version: v2012.build.51 - eRightSoft)
TeamSpeak 3 Client (HKCU Version: 3.0.10 - TeamSpeak Systems GmbH)
The War Z version 1.0 (x32 Version: 1.0 - Arktos Entertainment Group LLC)
Tom Clancy's Splinter Cell Conviction (x32 Version: 1.04.000 - Ubisoft)
Tom Clancy's Splinter Cell Double Agent (x32 Version: 1.00.0000 - Ubisoft)
Tomb Raider (x32 Version:  - Crystal Dynamics)
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Uniblue RegistryBooster (x32 Version:  - Uniblue Systems Ltd)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Player (x32 Version: 1.1 - Video Player)
VirtualCloneDrive (x32 Version:  - Elaborate Bytes)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2 - AVG Technologies)
VLC media player 2.1.0 (Version: 2.1.0 - VideoLAN)
War Thunder Launcher 1.0.1.299 (x32 Version:  - 2013 Gaijin Entertainment Corporation)
Warhammer 40,000: Dawn Of War - Gold Edition (x32 Version: 1.51 - THQ)
Webexp Enhanced (x32 Version: 1.1 - Webexp Enhanced) <==== ATTENTION
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
X-COM: UFO Defense (x32 Version:  - MicroProse)
Xfire (remove only) (x32 Version:  - )
You Need A Budget 4 (YNAB) (x32 Version:  - YouNeedABudget.com)

==================== Restore Points  =========================

28-12-2013 12:05:23 DirectX wurde installiert
28-12-2013 12:08:04 Configured Ubisoft Game Launcher
29-12-2013 13:42:53 DirectX wurde installiert
29-12-2013 13:46:02 Configured Ubisoft Game Launcher
30-12-2013 15:50:16 Windows Update
04-01-2014 18:01:39 Windows Update
09-01-2014 17:24:23 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2011-08-16 16:55 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {025FA450-9305-4126-A407-BFBC9A1C2198} - System32\Tasks\{393EBFC6-F79C-407C-8894-66246EF8FA01} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {235E976F-E0D6-4BAB-81C3-5487DD9B6CC1} - System32\Tasks\RegistryBooster => C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
Task: {2B9EAAFA-785E-4240-A18C-5C38CBA5AF8B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {2F5CC7C0-E42E-4E95-AE20-EDE314F25893} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09] (Google Inc.)
Task: {77A5CEB1-5243-410D-BB6E-DA8005AEC42C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8EF0E7A0-4687-45A0-9A7A-387E17C98981} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09] (Google Inc.)
Task: {94FF2ED8-F5CA-448D-AF7F-DC3894CAA51C} - \Express FilesUpdate No Task File
Task: {9F34725E-8956-419C-9649-CB3F816FB823} - \AmiUpdXp No Task File
Task: {CE799BDB-813F-407C-B72E-6D76E085CCFF} - \Scheduled Update for Ask Toolbar No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegistryBooster.job => C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe

==================== Loaded Modules (whitelisted) =============

2013-08-30 18:47 - 2013-08-30 18:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-05-05 11:45 - 2013-05-05 10:45 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-29 00:09 - 2011-07-29 00:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2011-03-27 19:03 - 2007-02-16 19:01 - 00081920 _____ () C:\Program Files (x86)\FinePixViewer\wia_register_event.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Matthias\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-21 15:05 - 2013-12-21 15:05 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-03-24 21:51 - 2010-12-20 17:31 - 00166400 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2013-12-11 16:00 - 2013-12-11 16:00 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2014 06:42:28 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (01/12/2014 06:42:28 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{d96fa719-c014-11df-8f0e-806e6f6e6963} - 0000000000000114,0x0053c010,000000000033EAD0,0,00000000001A7FD0,4096,[0]).


Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (01/02/2014 04:48:48 PM) (Source: Application Hang) (User: )
Description: Programm Steam.exe, Version 2.4.35.50 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d0c

Startzeit: 01cf07ca3135f2d5

Endzeit: 30

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 52d9863e-73c5-11e3-b312-1c6f654654fd

Error: (12/29/2013 10:30:10 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.6.15, Zeitstempel: 0x4e31ebcf
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x73f8e384
ID des fehlerhaften Prozesses: 0xe10
Startzeit der fehlerhaften Anwendung: 0xDivXUpdate.exe0
Pfad der fehlerhaften Anwendung: DivXUpdate.exe1
Pfad des fehlerhaften Moduls: DivXUpdate.exe2
Berichtskennung: DivXUpdate.exe3

Error: (12/23/2013 02:51:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.6.15, Zeitstempel: 0x4e31ebcf
Name des fehlerhaften Moduls: netprofm.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4a5bda75
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74572505
ID des fehlerhaften Prozesses: 0xd84
Startzeit der fehlerhaften Anwendung: 0xDivXUpdate.exe0
Pfad der fehlerhaften Anwendung: DivXUpdate.exe1
Pfad des fehlerhaften Moduls: DivXUpdate.exe2
Berichtskennung: DivXUpdate.exe3

Error: (12/21/2013 05:37:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15568

Error: (12/21/2013 05:37:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15568

Error: (12/21/2013 05:37:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2013 03:36:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (12/19/2013 03:36:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584


System errors:
=============
Error: (01/12/2014 08:51:44 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/12/2014 08:51:36 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (01/12/2014 08:50:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/12/2014 07:36:05 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/12/2014 07:36:00 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (01/12/2014 07:35:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/12/2014 07:34:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/12/2014 02:06:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/12/2014 02:06:20 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (01/12/2014 01:59:48 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (01/12/2014 06:42:28 PM) (Source: VSS)(User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (01/12/2014 06:42:28 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{d96fa719-c014-11df-8f0e-806e6f6e6963} - 0000000000000114,0x0053c010,000000000033EAD0,0,00000000001A7FD0,4096,[0])

Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (01/02/2014 04:48:48 PM) (Source: Application Hang)(User: )
Description: Steam.exe2.4.35.50d0c01cf07ca3135f2d530C:\Program Files (x86)\Steam\Steam.exe52d9863e-73c5-11e3-b312-1c6f654654fd

Error: (12/29/2013 10:30:10 AM) (Source: Application Error)(User: )
Description: DivXUpdate.exe1.0.6.154e31ebcfunknown0.0.0.000000000c000000573f8e384e1001cf04787f1d4685C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exeunknowncf98d42a-706b-11e3-9767-1c6f654654fd

Error: (12/23/2013 02:51:44 PM) (Source: Application Error)(User: )
Description: DivXUpdate.exe1.0.6.154e31ebcfnetprofm.dll_unloaded0.0.0.04a5bda75c000000574572505d8401ceffb57d45c647C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exenetprofm.dll5b1098d0-6bd9-11e3-8c85-1c6f654654fd

Error: (12/21/2013 05:37:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15568

Error: (12/21/2013 05:37:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15568

Error: (12/21/2013 05:37:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/19/2013 03:36:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (12/19/2013 03:36:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584


CodeIntegrity Errors:
===================================
  Date: 2010-12-10 17:40:02.601
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-10 17:40:02.601
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-10 17:40:02.507
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-10 17:40:02.491
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-10 17:39:48.627
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-10 17:39:48.611
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-10 17:39:48.471
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-10 17:39:48.455
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-10 17:39:31.057
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-12-10 17:39:31.041
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 4092.54 MB
Available physical RAM: 2139.13 MB
Total Pagefile: 8183.25 MB
Available Pagefile: 5764.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1397.17 GB) (Free:751.01 GB) NTFS
Drive d: (CONVICTION) (CDROM) (Total:7.73 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 45F25BB4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-698828718080) - (Type=07 NTFS)

==================== End Of Log ============================
         
Defogger habe ich vor Erstellung des FRST-Scans ausgeführt.

Geändert von Ronin1 (12.01.2014 um 20:25 Uhr)

Alt 13.01.2014, 07:04   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 64bit: rvzr-a.akamaihd - Standard

Windows 7 64bit: rvzr-a.akamaihd



hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 13.01.2014, 21:09   #3
Ronin1
 
Windows 7 64bit: rvzr-a.akamaihd - Standard

Windows 7 64bit: rvzr-a.akamaihd



Hi schrauber, vielen Dank für deine Hilfe.
Hier das MalwarebytesLog:
Code:
ATTFilter
Malwarebytes:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.13.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Matthias :: MATTHIAS-PC [Administrator]

13.01.2014 21:18:44
mbam-log-2014-01-13 (21-18-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 226274
Laufzeit: 10 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webexp Enhanced (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Player (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {41C70318-C1AE-11DF-B4C2-1C6F654654FD} -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 19
C:\Users\Matthias\AppData\Local\Temp\CT2851647 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Local\Temp\CT2851647\xpi (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1 (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742 (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ch (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff\chrome (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff\chrome\content (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff\chrome\content\icons (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff\chrome\content\icons\default (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ie (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940 (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ch (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff\chrome (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff\chrome\content (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff\chrome\content\icons (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff\chrome\content\icons\default (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ie (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 28
C:\Users\Matthias\AppData\Local\Temp\awh3558.tmp (PUP.Optional.Amonetize) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.OutBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Local\Temp\Launcher_i187897176.exe (PUP.Optional.InstallMonetizer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Local\Temp\uninstall18629561.exe (PUP.Optional.ExpressFiles.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Local\Temp\CT2851647\conduitStatistics.csf (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Local\Temp\CT2851647\CT2851647.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Local\Temp\CT2851647\CT2851647.xpi (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Local\Temp\CT2851647\initData.json (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Local\Temp\CT2851647\manifest.json (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Local\Temp\CT2851647\version.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Local\Temp\CT2851647\xpi\install.rdf (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\uninstall.exe (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ch\WebexpEnhancedV1alpha7742.crx (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff\chrome.manifest (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff\install.rdf (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff\chrome\content\ffWebexpEnhancedV1alpha7742.js (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff\chrome\content\overlay.xul (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff\chrome\content\icons\Thumbs.db (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff\chrome\content\icons\default\WebexpEnhancedV1alpha7742_32.png (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\uninstall.exe (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ch\VideoPlayerV3beta940.crx (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff\chrome.manifest (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff\install.rdf (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff\chrome\content\ffVideoPlayerV3beta940.js (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff\chrome\content\ffVideoPlayerV3beta940ffaction.js (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff\chrome\content\overlay.xul (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff\chrome\content\icons\Thumbs.db (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff\chrome\content\icons\default\VideoPlayerV3beta940_32.png (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Dann das AdwcleanerLog:
Code:
ATTFilter
# AdwCleaner v3.017 - Bericht erstellt am 13/01/2014 um 21:38:25
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Matthias - MATTHIAS-PC
# Gestartet von : C:\Users\Matthias\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\lp85usfw.default-1378845892774\prefs.js ]


*************************

AdwCleaner[R0].txt - [15782 octets] - [12/01/2014 17:53:59]
AdwCleaner[R1].txt - [15846 octets] - [12/01/2014 19:31:30]
AdwCleaner[R2].txt - [1101 octets] - [12/01/2014 20:29:07]
AdwCleaner[R3].txt - [1125 octets] - [13/01/2014 21:37:36]
AdwCleaner[S0].txt - [14387 octets] - [12/01/2014 19:32:33]
AdwCleaner[S1].txt - [1163 octets] - [12/01/2014 20:49:20]
AdwCleaner[S2].txt - [1047 octets] - [13/01/2014 21:38:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1107 octets] ##########
         
Das JrtFile
Code:
ATTFilter
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Matthias on 13.01.2014 at 21:43:48,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-683131984-1800021330-2316601673-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\foxydeal



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\registrybooster.job



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\lp85usfw.default-1378845892774\minidumps [131 files]



~~~ Event Viewer Logs were cleared
         
Wenn ich den Frst Scan ausführen will erhalte ich folgende Fehlermeldung:
Line 11537 (File"C:\Users\Matthias\Desktop\Downloads\FRST64.exe"):
Error: Variable used without being declared.
__________________

Alt 14.01.2014, 14:00   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 64bit: rvzr-a.akamaihd - Standard

Windows 7 64bit: rvzr-a.akamaihd



FRST löschen und neu laden. Geht es dann?


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.01.2014, 21:42   #5
Ronin1
 
Windows 7 64bit: rvzr-a.akamaihd - Standard

Windows 7 64bit: rvzr-a.akamaihd



FRST funktioniert immer noch nicht auch nach mehrfachem löschen und installieren.
Hier das ESET-Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d334156c814642428b2b64c21409a603
# engine=16646
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-14 09:23:51
# local_time=2014-01-14 10:23:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 41749 160405936 34521 0
# compatibility_mode=5893 16776574 100 94 16196015 141364481 0 0
# scanned=498409
# found=0
# cleaned=0
# scan_time=24488
         
Und das von SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
Avira Desktop                   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 11.9.900.170  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (26.0) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         


Alt 15.01.2014, 13:45   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 64bit: rvzr-a.akamaihd - Standard

Windows 7 64bit: rvzr-a.akamaihd



Adobe updaten.

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
--> Windows 7 64bit: rvzr-a.akamaihd

Alt 15.01.2014, 15:51   #7
Ronin1
 
Windows 7 64bit: rvzr-a.akamaihd - Standard

Windows 7 64bit: rvzr-a.akamaihd



Adobe ist geupdated.
Hier das OtlLog:
Code:
ATTFilter
OTL logfile created on: 15.01.2014 16:09:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matthias\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 44,19% Memory free
7,99 Gb Paging File | 5,34 Gb Available in Paging File | 66,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 747,57 Gb Free Space | 53,51% Space Free | Partition Type: NTFS
 
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Matthias\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Matthias\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Matthias\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\Steam\libavresample-1.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
MOD - C:\Program Files (x86)\Steam\libavutil-52.dll ()
MOD - C:\Users\Matthias\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Users\Matthias\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\FinePixViewer\wia_register_event.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 37 DB C6 26 54 CB 01  [binary data]
IE - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matthias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Matthias\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha7742.net: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha7742\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta940.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.01.15 16:07:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.01.15 16:07:12 | 000,000,000 | ---D | M]
 
[2013.04.30 16:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2014.01.12 21:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\lp85usfw.default-1378845892774\extensions
[2013.09.10 21:49:56 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\lp85usfw.default-1378845892774\extensions\isreaditlater@ideashower.com
[2014.01.12 20:17:26 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\lp85usfw.default-1378845892774\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.12.21 15:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.12.21 15:05:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.12.21 15:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.12.21 15:05:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2011.08.16 16:55:31 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-683131984-1800021330-2316601673-1000..\Run: [Active Desktop Calendar] C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe File not found
O4 - HKU\S-1-5-21-683131984-1800021330-2316601673-1000..\Run: [AmazonMP3DownloaderHelper] C:\Users\Matthias\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKU\S-1-5-21-683131984-1800021330-2316601673-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-683131984-1800021330-2316601673-1000..\Run: [EPSON Stylus D78 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBGE.EXE /FU "C:\Windows\TEMP\E_S7C33.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-683131984-1800021330-2316601673-1000..\Run: [HP Officejet 4620 series (NET)] C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-683131984-1800021330-2316601673-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-683131984-1800021330-2316601673-1000..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000  File not found
O4 - HKU\S-1-5-21-683131984-1800021330-2316601673-1000..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKU\S-1-5-21-683131984-1800021330-2316601673-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-683131984-1800021330-2316601673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58D4EE92-AF69-40F9-805A-3F7DFC74A744}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C4BE9DD-5449-4023-A2D4-268B11EC0AA2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dc064c09-c24b-11df-b1fb-1c6f654654fd}\Shell - "" = AutoRun
O33 - MountPoints2\{dc064c09-c24b-11df-b1fb-1c6f654654fd}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.01.15 16:08:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2014.01.14 16:14:24 | 000,000,000 | ---D | C] -- C:\FRST
[2014.01.13 21:43:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.01.13 21:16:33 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2014.01.13 21:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014.01.13 21:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.01.13 21:16:20 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.01.13 21:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014.01.12 21:09:18 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\Neuer Ordner (2)
[2014.01.12 21:08:56 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\Neuer Ordner
[2014.01.12 17:53:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.01.12 14:04:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPlayerV3
[2014.01.02 16:54:24 | 000,000,000 | R--D | C] -- C:\Users\Matthias\Dropbox
[2014.01.02 16:50:59 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014.01.02 16:37:43 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\YNAB
[2014.01.02 16:34:49 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Dropbox
[2014.01.02 16:24:32 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\com.ynab.YNAB4.LiveSteam
[2013.12.28 14:15:40 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\ANNO 2070
[2013.12.28 13:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2013.12.22 14:57:47 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\WarThunder
[2013.12.22 14:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013.12.22 14:57:37 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
[2013.12.22 14:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WarThunder
[2013.12.22 14:57:22 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Programs
[2013.12.21 15:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.12.19 11:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.01.15 16:14:40 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.15 16:08:58 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.15 16:08:58 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.15 16:08:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2014.01.15 16:01:29 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.15 16:01:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.15 16:00:55 | 3218,497,536 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.14 22:37:23 | 000,014,768 | ---- | M] () -- C:\Users\Matthias\Desktop\Virus.odt
[2014.01.14 22:00:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.01.14 15:34:00 | 000,987,410 | ---- | M] () -- C:\Users\Matthias\Desktop\SecurityCheck.exe
[2014.01.13 21:36:32 | 001,236,282 | ---- | M] () -- C:\Users\Matthias\Desktop\adwcleaner.exe
[2014.01.13 21:16:21 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.01.12 21:01:06 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable
[2014.01.02 16:54:24 | 000,001,045 | ---- | M] () -- C:\Users\Matthias\Desktop\Dropbox.lnk
[2014.01.02 16:51:14 | 000,001,055 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.01.02 16:49:33 | 000,000,222 | ---- | M] () -- C:\Users\Matthias\Desktop\You Need A Budget 4 (YNAB).url
[2013.12.29 14:45:57 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.12.29 14:45:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.12.28 00:20:50 | 003,123,272 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.12.22 14:57:37 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\WarThunder.lnk
[2013.12.19 11:17:12 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.12.17 16:04:15 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.12.17 16:04:15 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.12.17 16:04:15 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.01.14 15:33:57 | 000,987,410 | ---- | C] () -- C:\Users\Matthias\Desktop\SecurityCheck.exe
[2014.01.13 21:36:29 | 001,236,282 | ---- | C] () -- C:\Users\Matthias\Desktop\adwcleaner.exe
[2014.01.13 21:35:51 | 000,014,768 | ---- | C] () -- C:\Users\Matthias\Desktop\Virus.odt
[2014.01.13 21:16:21 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.01.12 21:01:06 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable
[2014.01.02 16:54:24 | 000,001,045 | ---- | C] () -- C:\Users\Matthias\Desktop\Dropbox.lnk
[2014.01.02 16:51:14 | 000,001,055 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.01.02 16:48:22 | 000,000,222 | ---- | C] () -- C:\Users\Matthias\Desktop\You Need A Budget 4 (YNAB).url
[2013.12.22 14:57:37 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\WarThunder.lnk
[2013.12.19 11:17:12 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.08.31 00:47:50 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.08.31 00:47:50 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.08.30 18:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013.06.24 15:23:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.05.13 00:41:24 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.08.15 14:20:52 | 000,045,573 | -H-- | C] () -- C:\Users\Matthias\userdiff.sav
[2010.12.30 19:03:39 | 000,007,602 | ---- | C] () -- C:\Users\Matthias\AppData\Local\Resmon.ResmonCfg
[2010.10.15 11:27:07 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\AppData\Local\prvlcl.dat
[2010.09.16 15:04:36 | 000,000,096 | ---- | C] () -- C:\Users\Matthias\AppData\Local\fusioncache.dat
[2004.01.26 16:15:29 | 000,233,472 | R--- | C] () -- C:\Users\Matthias\AppData\Roaming\MafiaSetup.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.16 23:10:37 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\.minecraft
[2013.11.11 23:14:36 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Amazon
[2011.06.13 20:58:11 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Bioshock
[2013.05.04 19:24:58 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Buni
[2014.01.02 16:24:32 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\com.ynab.YNAB4.LiveSteam
[2010.12.30 19:08:21 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\CPUControl
[2014.01.15 16:02:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Dropbox
[2013.08.11 16:00:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\EurekaLog
[2012.02.25 13:14:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FreeTorrentViewer
[2011.03.27 19:09:19 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FUJIFILM
[2012.05.13 00:46:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\GoldWaveCDDB
[2012.03.15 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\gtk-2.0
[2012.11.09 16:52:30 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ
[2013.05.08 15:36:24 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Icyrky
[2013.05.08 18:50:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Imokoz
[2011.01.02 13:46:03 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Leadertech
[2012.12.27 18:21:02 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Lionhead Studios
[2010.12.09 20:54:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\LolClient
[2012.06.16 14:06:51 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Mumble
[2010.10.17 15:56:37 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\My Games
[2013.12.21 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\MyPhoneExplorer
[2010.12.20 17:32:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org
[2012.09.09 13:42:49 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Opera
[2013.06.23 16:06:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Origin
[2011.03.28 20:36:51 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PhotoFiltre
[2012.02.19 15:58:03 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PlagiarismFinder
[2012.05.03 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PunkBuster
[2010.12.06 09:29:19 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\SPORE
[2010.09.17 13:49:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TeamViewer
[2013.09.26 11:11:41 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\The Creative Assembly
[2013.06.05 22:05:41 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TS3Client
[2013.12.28 13:09:21 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ubisoft
[2010.09.30 19:48:21 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Uniblue
[2012.04.02 12:36:13 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Unity
[2013.12.12 00:18:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\uTorrent
[2012.02.09 22:18:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\XemiComputers
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.11.20 18:10:32 | 105,361,780 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ペŒ
[2013.11.20 18:10:32 | 105,361,780 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ペŒ
[2013.10.31 15:19:01 | 104,348,737 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䠋ߢ›
[2013.10.31 15:19:01 | 104,348,737 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䠋ߢ›
[2013.10.29 21:14:07 | 104,021,456 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\฻Š
[2013.10.29 15:13:51 | 104,021,456 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\฻Š
[2013.10.23 20:11:57 | 102,674,996 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\崝‚
[2013.10.23 20:11:57 | 102,674,996 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\崝‚
[2013.10.19 10:02:26 | 101,890,677 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\턑릫“
[2013.10.19 10:02:26 | 101,890,677 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\턑릫“
[2013.10.17 12:39:06 | 101,413,064 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\푋帼š
[2013.10.17 12:39:06 | 101,413,064 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\푋帼š
[2013.10.07 20:34:40 | 099,820,400 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\⛈ഄ‹
[2013.10.07 20:34:40 | 099,820,400 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\⛈ഄ‹
[2013.10.01 19:30:36 | 098,612,549 | ---- | M] ()(C:\Windows\SysWow64\???s) -- C:\Windows\SysWow64\꾾퀪s
[2013.10.01 13:35:05 | 098,612,549 | ---- | C] ()(C:\Windows\SysWow64\???s) -- C:\Windows\SysWow64\꾾퀪s
[2013.09.21 10:18:19 | 098,533,909 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\ᗅ忇
[2013.09.21 10:18:19 | 098,533,909 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\ᗅ忇

< End of report >
         
Und das ExtraLog:
Code:
ATTFilter
OTL Extras logfile created on: 15.01.2014 16:09:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matthias\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 44,19% Memory free
7,99 Gb Paging File | 5,34 Gb Available in Paging File | 66,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 747,57 Gb Free Space | 53,51% Space Free | Partition Type: NTFS
 
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-683131984-1800021330-2316601673-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files (x86)\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files (x86)\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CAFC7B-4DFF-419C-8EED-126595D1A9E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{06B7F28E-6BA4-4B03-B391-B78B703D2975}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0CE0A593-AF9E-4278-BFB6-1A3A511073E1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{16A4334E-A0D1-4D7D-BF61-032CB84DE5D2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{24584947-3419-4088-B312-A2029CF0C72E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2F11C8A1-A37C-4A5E-81CF-AA55AD780930}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31455C2B-8636-4F60-919A-0129333770CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{369A3553-FAD1-4A6D-B17B-86659AE3C99F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{397A80D6-6C62-4142-9F1D-C801760BF8CB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4555780A-1713-4381-BCEB-1A81B68DE517}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{58536881-C29D-4AB7-9388-DDA8A17ACDBF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{62A18B64-5367-46A2-9204-FE6B6632D63A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{65B6F70C-5878-4C16-B5D1-434BDEC4B8F6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{694C6FFB-10B7-40ED-A066-42D8AE540AAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6A213F3B-F903-45F2-BB6D-EB38A6021BB6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6ECA8B64-B9AE-43B7-BF4E-595AB59E8BD5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{78C94586-4C50-40FB-BC5C-9F35E6F32FA2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{82E6A255-C5AC-4B2E-B100-9C82EEF8BAC2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{864AA80E-105F-4BC4-A545-20F760514D31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{86A15E42-9C48-45C3-B0B6-F0A077671882}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8A9934F2-2136-4403-B443-23BEEDD5370B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A552EEEF-CED9-4D46-A6FD-523593371030}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B2692BE0-4601-4AF4-AB6A-87CF6193904B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C6CF82C8-0280-4C9F-ACCE-986DE8A0DCF6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D3A8D779-2CA1-4C12-99ED-0009F76A3778}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DFA6D02A-D299-4803-89D3-E1E6BDCDFFDE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E00882B8-4C09-4716-8D6F-DBCDA28159E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E07C3E07-BCB8-481C-82D1-1BF4497AA281}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E95B2E88-60E5-4E5C-B726-72CFBF4EB753}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F03E9BB0-835C-4F66-B868-DD90AE260A5C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F830E7BF-477E-459E-9259-62413D83E3D7}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DE6119-E847-4A09-A81B-A05E3BBAEFE7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe | 
"{01F38EE4-2FC0-43FA-9D42-3C7F2BCFDEE5}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{04ED62FA-4988-42F3-BCD0-1F828564F858}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{053D8FDF-E15C-4DBC-B83D-5043DD512625}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{06C8D9B5-1326-446C-84AF-A40043D38C32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe | 
"{0870DDAB-9C35-4A65-82A3-959FC64B0E81}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{08822170-2F1D-44C1-BBB2-07C76270C4F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe | 
"{089F7778-F9B7-42FD-8008-9A708DB91458}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{08D6850E-A232-446D-B0EC-FFC4CE5FB02E}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{095151B2-6A4D-4386-92BC-FA9ED8C835AC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{09680A95-7F72-4995-BF50-943BDDE3C868}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0A9797A6-838D-486F-AA7B-891E347F0397}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{0AC02C4C-46A7-4662-B6E8-B4458CA93427}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0BCB130B-1220-4532-B64A-B83D733C6C2F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{0C180A08-A2A9-4200-89F7-339BCB6F0448}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe | 
"{0EB81EF0-97E6-4101-B371-79DF3140DCCA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0F77621F-251D-4FA6-BEC9-1F35A0D556BC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{106E6CF9-D296-478C-B913-CD904A024159}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{10B33C26-2C94-45E0-B331-3B5707F36582}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{13336B0F-F271-4E8F-94A8-0507900801A7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{14D3A1C0-0695-43C2-B7D0-2B76B6A25841}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{14F38AA2-3F53-4A59-8A63-780F498831E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{1673834D-F0E2-49A2-80A5-338A2A8D62C6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{18F693FD-7119-4B63-9AA7-1A036399CB6B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{19981261-4EB2-4727-B1D9-EA55196305C4}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe | 
"{19CFDD15-A973-4DC6-ABF8-C3C610FBE256}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{1A7A3E7F-B81D-48F8-AC7D-2845382E7351}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | 
"{1B2698CD-322D-44EE-9196-F6D271EE8B86}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{1BA27EF4-B3DF-4501-A032-3E09C92F4F78}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{1DC4CE07-D218-4088-BFB0-088478CE2AD0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1FCEAD09-605D-4C6D-A7E9-72E075ABAEC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{20867E05-F5D6-4056-A038-F3F47608A9A9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{20FF6D43-A278-40D2-95F1-8A4B848D2463}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2387833A-99A7-4230-BA05-D00AE67AC62F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{24F59B81-D8BE-45E0-9756-A94BF4673556}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{25279D33-CCEB-4895-B822-87F913DABDDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{264DE9C0-294F-4254-9D7D-996B65A44161}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe | 
"{27EAC8D7-BBE0-448B-9C61-C33D8CCB7F33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kidoke\counter-strike source\hl2.exe | 
"{28D643CD-53FF-4B2F-9903-EE850D0418EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe | 
"{2C5C34CF-54F8-486A-8D9B-CE16DAF8926E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | 
"{2D2E6391-9256-4D11-B995-69ABB3C29A35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{2D42E253-ED8B-425B-A83B-4A2B811CC4A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kidoke\source sdk base 2007\hl2.exe | 
"{2E245DF1-48DE-4EA3-B9A3-551E0E6AE9D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{2E409C4A-80CC-475C-8687-D49C8748E9D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2EB4E22F-E95A-450A-84C7-C6E82BB67768}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{2F943001-C68C-4DAC-8AA5-F3D0CC1C5162}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe | 
"{32DF0DEA-1B5F-4CEC-AF0B-8DD6C3077589}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{338A1C7B-3DF0-49BC-AFCC-74585C22ED37}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe | 
"{34498ACD-C4F8-4A47-97D9-9071BB6D374B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid 2\grid2.exe | 
"{38DBD0F1-201C-48CA-9862-B67795B06615}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{393E7A2F-BECE-443E-9A4C-199312E9A638}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe | 
"{3A27AE11-0AA7-4344-9811-D07027A27269}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{3BA37751-81A1-4706-B417-989366BCFA63}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ynab 4\ynab 4.exe | 
"{3BC7ED00-DAE0-4F0D-BFE1-ABE24ABE52CC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3C3C3183-963D-49A9-B615-A476946B510B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | 
"{3E956441-F046-4B73-BE76-32DBD4F0B96F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | 
"{3EA0B77D-A512-44A9-BFF8-94F5C83B98AB}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{3F3BF44D-FD92-4452-BD65-D38C3E9B4245}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe | 
"{4167F774-E2E5-4867-8653-0220511A88DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{448E6C21-5ADC-4078-9F11-637874EC7DCA}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe | 
"{44F9CA02-DA9B-4AE3-8AF0-7D2A29C6772E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe | 
"{47E67DBC-D980-4286-8F2A-09EA9A10DEB2}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | 
"{4A1FB19B-8F93-4366-AA0F-5CBE6A6765D0}" = protocol=17 | dir=in | app=c:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4ADAE7D5-4687-4147-A05F-88763000EA0E}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{4B524472-FA90-48A8-AE9A-D8FCEB84CA5A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{4CA988C0-F322-4AD4-85AF-190B5E5ED137}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{4FB97429-78D5-4007-AD3C-26C21358A014}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{51BA4C55-C8BF-4A1B-BA52-23A99DD383F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{538D58F1-770D-445C-BC67-9A13F69C7FCC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{53B37529-DA0F-46B0-81BC-ABA7C19A3986}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{550815DE-4538-49B1-BA58-42CDE4A2E1E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe | 
"{5575C870-0027-4706-BC24-D90418ED5632}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{56343D84-3FB5-4E73-BC4F-B857BA756A95}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5743F085-8E85-4190-B232-D78691EEB1E3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{596559A1-B92F-48D9-B5B9-9435C5D6A0CA}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{59B5F906-7658-49A6-A7F7-AB0BAC12A03A}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe | 
"{59F16A60-F38E-4B47-87E9-CBE9DA44BF2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | 
"{5BC31B81-8F8A-47B6-AEF0-2F6BD0C8A032}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{5BCE38BD-EC1E-42ED-9124-38C80093F242}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E31306E-BE90-4D9F-BE24-BB903D0008E7}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe | 
"{5ED527AE-0A4B-4763-BA8B-03ED6F67DE95}" = protocol=6 | dir=in | app=c:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5F4D8AA0-A665-42F5-990B-4F03FD358E9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kidoke\counter-strike source\hl2.exe | 
"{61C6F4CE-FA1F-4C21-AED7-FF6F4AFCB515}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{61CC4569-23D8-47A3-A52E-9FB6B07E3F79}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{632E11C8-6340-4D24-8682-ECD29ED6E199}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{6335F73B-64FF-4118-98DC-D5A449B6418F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{63417CF3-AB9F-4DDD-928F-BD78795C29C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{64FEEBF6-1994-486E-BC1A-CE7BB6F84485}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{66BE9DB8-0341-4E2C-9359-6AC9590BE6D7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{693D6140-3CDF-4BC6-971B-A42913131719}" = dir=in | app=c:\users\matthias\documents\the war z\warz.exe | 
"{6B8E43C0-4A49-483F-88BA-7E5C4CCF175C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe | 
"{6BE949BA-6ECB-455F-9DF9-90364CF0127A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6D9E5E54-6888-4A2E-B226-BA2931CDAAA1}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicatorcom.exe | 
"{6F1F9D5D-57C2-4EDC-AB53-B81340C9A1CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe | 
"{7032B980-A4F5-40CD-B6B0-F0A8D60A2122}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72739499-4519-4E5B-8855-BEA7AC621930}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe | 
"{7691C704-DDCF-472D-BBEC-90F2A0311DAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{771935D4-5A7D-4920-BBD6-367B990CD61F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{78387ED7-6089-4085-B398-2C8732C8311B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7B70AB67-BA89-490B-B4A8-368C21223D6F}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{7DB295E0-73FA-44A6-8655-60D5722D5696}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe | 
"{7F106922-7995-463B-A5AE-B1A992E8E7F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | 
"{7FEBDBD9-1349-46AE-9B1E-1B495110AFC6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{80D19B96-51D8-473C-9D5B-F533B3BB5B9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{811CA63E-B2E4-4E66-879E-63FEF9BF12AF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{8141BB6B-9E59-4D82-9D8D-26F199470863}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{816634BE-086A-42BE-A84A-61106EBAD701}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{838CF4DA-F999-4BE5-B17E-2CE07BE74941}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe | 
"{84D420AA-8212-4F42-B763-D50E4135123C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ynab 4\ynab 4.exe | 
"{858A4C6A-6884-46D4-AAEF-160EFF78C030}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{88D8225C-393B-47E9-B680-44D73E2C2BDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{926DF2EE-98AD-48F5-9D54-35307376EDB0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{92805F49-FB73-45E2-8717-D46AD99B81D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe | 
"{92AEC54D-63C6-4089-9008-2D1462E3608F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe | 
"{93460475-6EFA-4ECF-97DC-A3F73884FF6C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe | 
"{959E2A53-015D-4201-BCB7-592E45FDE78E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{96483B33-6C16-4AB0-911A-80ECE1F3566A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{9660D746-7CEA-4AE0-996C-675C395CDFFE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{96E7BF74-AD89-4490-BE74-8E4554F74BC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe | 
"{97FA712D-8D19-46A6-9123-A40ABDAEDEEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe | 
"{9AC10D21-1187-4CC0-B123-9CAE1C2FC63C}" = protocol=6 | dir=out | app=system | 
"{9B3248A1-4A10-4648-B37B-1B11C6C2605C}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{9D360130-6F01-4C24-AB61-9BE4B74EA7D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9D6096F8-FAF6-4619-8F2E-A1319491444A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe | 
"{A1B1F8B0-2E21-4C52-89B8-945F3FE3F370}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{A835D331-5B47-4A57-ACA7-A11290C26852}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{A886EA5D-DE01-4F8A-A100-A32D856ABA7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe | 
"{A8A49844-14EB-42DD-B4E3-0C6B5465F714}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A924E051-9A62-4FAC-B5A0-BC84FA8A7345}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | 
"{AB695D14-19A3-4335-BA24-78CC708F6863}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{AD969C65-C6F1-46F0-B644-38B41A406E6E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{B1EDD75D-B72B-4E54-89E8-90E2333442EA}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{B206F4DC-D02E-4283-B650-810EE811DE93}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{B355DB69-A24A-4D22-98D2-20B280FA60C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe | 
"{B5E48848-90D6-4C79-8006-3F837AB04885}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{B66E575E-7A66-427A-B8EC-2913005957D2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{B77744C5-A2FA-4805-849A-C2E2146F5C21}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{B8A56D37-C8F0-4712-B472-B3A10BBEC2B8}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | 
"{B9A60955-EAEA-40C1-B739-181F05370D86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe | 
"{BB196A71-F4F7-4DE9-8AC6-5B13F0B6128B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BC603448-02CB-4B41-B201-7A6DCC525AF5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{BCFABBE4-DB33-47D4-9073-E37B63178189}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{BE1801DC-B21B-475C-BE64-E6FFFAD3565F}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{C06DB176-3A3B-45AB-B9DB-B84A099613A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | 
"{C12197CE-769A-4B73-858D-DD517410AC99}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C162FD47-F167-4086-A923-43903AB2A3C6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{C4EFB49B-C26D-4DEE-8AB2-8401B74FD62C}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe | 
"{C4F1F16A-1EFD-4333-9E5A-058B343E1918}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe | 
"{C5C2B9BF-719B-424C-8261-7E5D9194F43B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C7CE5B5B-244D-4898-B6E3-F89CE1689F0B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C93BCBB3-6145-4F70-BC41-25182C453303}" = protocol=6 | dir=in | app=c:\users\matthias\downloads\sweetimsetup.exe | 
"{CA75D92F-0624-4D19-9976-1B1E7815F94A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{CCBC7831-45A1-4937-8575-F70159D8A8C5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{CD35AB32-E9DE-45CF-AB27-AAE9BD8CEA95}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{CD42B6B9-97E5-4CF0-8384-4083E6407F47}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{CE62AD6D-B256-450D-B4DA-E1E65026BA29}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{CED0D04B-0DD4-4BBB-BD1A-27B94C76ADF7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{D0658FC8-F935-46A9-BDCA-D9956FB791D8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{D2D640B4-0DC0-47F7-9CB4-296010F8F48E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{D3513A30-7400-4553-93C1-B9E91B081BC4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe | 
"{D395BDB3-9B65-43D0-9C9E-787F0AE1CFF4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{D398942A-1016-485A-9C76-5CE3E3B41734}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{D6215896-AC33-40D6-B461-62ABE491EBF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{D6B5528A-E7F7-4FBA-8D5A-13DE3509DDFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe | 
"{D6D79576-4991-46B7-8B74-2166D163BF1C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D777809F-ACAE-4D0C-8AE7-DA03CC90C9DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | 
"{D8072415-8668-478D-8D4C-91A26E4E2D44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid 2\grid2.exe | 
"{D8207B1A-EFAA-40AF-9081-DA088026FDFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D8587CA1-676B-44DC-84BE-9A17E8C50548}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{D9A2AD0C-B1E9-4D70-8567-9269C487B140}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{D9BF6CE1-B455-4BC0-A016-5330F7DEBC02}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | 
"{D9FF4125-E922-4900-827F-966034D0C498}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe | 
"{DA1D560A-FA2E-41AC-8F7B-F065B33B0E01}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DBB73A07-E416-4A88-9B75-E98C54DE8FA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC9EBE12-959B-4D98-A6C8-4A56FF8F7D90}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{DDC63D98-25ED-450E-BE88-B76F71F71757}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe | 
"{E08ED6AF-8ABD-43F0-A5B2-A909BB02E35D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E34D7921-93AA-4F4B-8D6A-E07E5BEC7513}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{E355B25B-6CB3-4A3E-A8F4-61C83B6A3CE1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{E39D999C-9165-4E0F-B6AC-0B85519FBB05}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{E51AE6F3-4810-4F29-AA47-DE3F83AC176D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{E637AFE2-2096-4663-9E11-392783909451}" = protocol=17 | dir=in | app=c:\users\matthias\downloads\sweetimsetup.exe | 
"{E6F003D8-1390-42F0-898E-6AB4E64AF821}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E7A8AA98-D12B-48C7-8923-449899F2D020}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{E7BDBE27-D0C7-4454-84EC-50DAD4BD00D1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{E7E83EF9-0E91-4CF8-B206-CAF274BF23AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{E9B2BFE4-74C2-4BE4-A0F1-28EDD7D8D613}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{EBDF6986-67A4-4F94-ABFF-576D87196722}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{ED6B5A18-0B64-4C68-84BB-8195266D25FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe | 
"{F01A9040-532D-42EC-B12E-A2B3A9985D52}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{F320D52F-4BA1-4FA6-BFFD-ACDA643B4338}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F36E61E2-A6DB-4731-A4CD-DCB70045C3EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe | 
"{F3B98076-441F-4B51-AF1F-1EA7422091A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{F40E576F-8B10-4F0E-9A2F-61E49C7CDABE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{F7CE316E-E43B-43B4-9D31-397AFC9DD080}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe | 
"{F939DF00-766B-4E9B-BF5D-7F36485A9C0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{F96E36DE-F6C0-411B-8B03-353526747374}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{F9FC2535-D80F-4967-ACA1-345C5FA5F514}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{FC8CC2FC-6DD5-4386-8327-CAC6BC5C2A1E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{FD31AECE-A7F2-46EA-9459-C878E167795B}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{FDABEF3B-F21E-495A-891F-F842A2E242D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe | 
"{FFAE94E1-7E1F-4F22-963D-D6D0BF4F0AC6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kidoke\source sdk base 2007\hl2.exe | 
"{FFF01E6C-D65F-489C-9848-F256256CC26A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe | 
"TCP Query User{01032475-8B1A-402C-8FC8-77EC212C700F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{04987025-5A52-4EEB-A8F4-8DEE389D0AC3}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"TCP Query User{0E207688-2F82-4493-9668-354EE794F439}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
"TCP Query User{0FB88CAF-8E5B-483B-A73A-C6D3B30362CB}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"TCP Query User{138D1C26-F655-4A2C-A056-87E9EC58669E}C:\users\matthias\appdata\local\temp\7zs4d95\enterprisedu.exe" = protocol=6 | dir=in | app=c:\users\matthias\appdata\local\temp\7zs4d95\enterprisedu.exe | 
"TCP Query User{168830B9-7DF2-4C3B-AE58-A75601686AC1}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | 
"TCP Query User{20028E3D-BA10-450B-8BA8-8B729B7D10E3}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"TCP Query User{20FA29D2-3832-4FE7-AFDA-C78BD8E8D54C}C:\program files (x86)\wing commander saga\wcsaga_sse2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wing commander saga\wcsaga_sse2.exe | 
"TCP Query User{213AFFBD-2920-45D2-8B71-65C1F8539097}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe | 
"TCP Query User{2458C2C8-1CED-4B32-A5ED-0230F7FA9E6C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{2D59E5B4-DCA0-4CD2-94CA-D3DC2A00CABD}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{356926E6-BFA0-46ED-AE0D-69EF8BD1C20A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{3A85FBC3-9FE9-4D2C-82AF-C42388D6A25A}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"TCP Query User{3B23F783-8A56-43A1-A840-D171CEE3E673}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{4B47B27F-E542-4AED-AF6C-D637CFEA2B4D}C:\users\matthias\spiele\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\users\matthias\spiele\call of duty - world at war\codwaw.exe | 
"TCP Query User{5B81A37E-A250-4393-8ECE-6B5DAAE37AA4}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{5C4540CD-B802-46C9-9A88-73B7283EA772}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{617EC620-55E8-4624-A17A-0C0D30073BFB}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"TCP Query User{6DA08638-04A0-4F8D-93A6-56C57001C16C}C:\users\matthias\appdata\roaming\imokoz\ohab.exe" = protocol=6 | dir=in | app=c:\users\matthias\appdata\roaming\imokoz\ohab.exe | 
"TCP Query User{6EBE2A95-5F9A-4D7C-80DB-B772A61AF972}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{76F8BE0B-7C25-4D54-8232-700A026E90D7}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{7FF4CF88-FF6A-437E-A126-684D4CAE5712}C:\program files (x86)\battle for wesnoth 1.8.5\wesnothd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\battle for wesnoth 1.8.5\wesnothd.exe | 
"TCP Query User{80261115-CB56-49EA-A975-BA14866EFB92}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{92232C4D-2ED9-40D4-86BB-8029D2E042AB}C:\program files (x86)\freetorrentviewer\freetorrentviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freetorrentviewer\freetorrentviewer.exe | 
"TCP Query User{9F1C1692-049D-4837-8928-E3073EFD7548}C:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe | 
"TCP Query User{A06CA91E-2462-4357-A20B-7C7F5177C8FA}C:\program files (x86)\steam\steamapps\kidoke\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kidoke\counter-strike source\hl2.exe | 
"TCP Query User{A1ACE035-21CE-415D-8272-BBF968E2F5D4}C:\users\matthias\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\users\matthias\spiele\anno 1404\tools\anno4web.exe | 
"TCP Query User{AC3D7334-672C-4015-9596-CB6E17A9B1C5}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"TCP Query User{C48E012A-FB9D-4D9D-8C1A-A9D522046261}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{C5193DAB-1F26-4305-8EC3-69E7DB7D9320}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{D9002E5D-BF4B-4E68-B005-EE086F9E49CC}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"TCP Query User{D94E8573-3A52-49EE-B5B4-A3AEFF2969A8}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
"TCP Query User{E30AA8F2-9FAE-4982-B534-C12560C7CAA2}C:\users\matthias\appdata\roaming\imokoz\ohab.exe" = protocol=6 | dir=in | app=c:\users\matthias\appdata\roaming\imokoz\ohab.exe | 
"TCP Query User{E35A4B01-BCCD-4CD2-9324-53497D03D2C5}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe | 
"TCP Query User{E36761EA-3CB4-4535-B050-26E109E7A411}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | 
"TCP Query User{E3FFFC66-CD74-4C18-969F-0B5146F9C475}C:\users\matthias\spiele\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\users\matthias\spiele\call of duty - world at war\codwaw.exe | 
"TCP Query User{F7526DBF-54D8-4810-A4B3-1B9DE43D8BCF}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{000AFF8D-9866-4119-B99B-4962527C59B1}C:\users\matthias\appdata\roaming\imokoz\ohab.exe" = protocol=17 | dir=in | app=c:\users\matthias\appdata\roaming\imokoz\ohab.exe | 
"UDP Query User{00B9B30A-C550-46D8-BF60-D8C8F94DF1A6}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{09E2BE64-F73C-47DF-853A-CFC1EED842ED}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"UDP Query User{2420F81E-015D-415A-9D78-3D424BFCC6EA}C:\users\matthias\spiele\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\users\matthias\spiele\call of duty - world at war\codwaw.exe | 
"UDP Query User{2BEE87BB-B2E3-4221-AC96-593AE8410055}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"UDP Query User{2CFBF626-A92F-48F7-8D6B-CAFD442F7F8B}C:\program files (x86)\steam\steamapps\kidoke\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kidoke\counter-strike source\hl2.exe | 
"UDP Query User{356F4412-2C91-452A-9234-D69F253F7340}C:\program files (x86)\freetorrentviewer\freetorrentviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freetorrentviewer\freetorrentviewer.exe | 
"UDP Query User{421E46E9-E11A-48AE-B19C-58FE6CE18040}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"UDP Query User{450F4785-CE85-4BCA-AA33-B6D63A3C25FD}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{490E3735-0F21-4E41-A031-8841AAD1DC97}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{63B8F00B-B5A9-4DB1-B998-4BBFFBC3C34E}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | 
"UDP Query User{6A750276-7B65-4C58-991E-DCD5C2C24E59}C:\users\matthias\spiele\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\users\matthias\spiele\call of duty - world at war\codwaw.exe | 
"UDP Query User{6A97FF65-EBF1-4D54-B7B6-EC2BAF60C0A2}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
"UDP Query User{725BC77E-0B41-4FAD-B991-E3DEAC5AF18B}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{7C8CDBBA-F94D-4F9F-9C9C-94A2A64CD2B7}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{7D0E9816-DC20-4BF8-B386-BECB9FC33F3B}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{8B16210A-F542-4C5F-BC40-3FBB796B34D6}C:\users\matthias\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\users\matthias\spiele\anno 1404\tools\anno4web.exe | 
"UDP Query User{8F48D0B0-E09F-4593-8AB6-EEDF169A7400}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"UDP Query User{9E73D81E-D0E1-4B95-A5C4-7D128FEE6E64}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{A2198983-6230-4B2E-8BBE-5D0F1D87E546}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe | 
"UDP Query User{A4392130-CA8D-4848-9220-2FB8EE7037E0}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe | 
"UDP Query User{A62E5112-28F7-4015-9BAC-15E9D3546BB1}C:\program files (x86)\battle for wesnoth 1.8.5\wesnothd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\battle for wesnoth 1.8.5\wesnothd.exe | 
"UDP Query User{A677B18F-283A-475A-B385-5B38FFB72772}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{A6F32353-B152-41E5-A51E-F970C0A64BCA}C:\users\matthias\appdata\roaming\imokoz\ohab.exe" = protocol=17 | dir=in | app=c:\users\matthias\appdata\roaming\imokoz\ohab.exe | 
"UDP Query User{AFB1879D-3B4E-4B8F-AE7B-696138ACD318}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{B0B702B5-7281-4A0E-8AD1-041C9F189470}C:\users\matthias\appdata\local\temp\7zs4d95\enterprisedu.exe" = protocol=17 | dir=in | app=c:\users\matthias\appdata\local\temp\7zs4d95\enterprisedu.exe | 
"UDP Query User{C615DAD7-BBFC-46CE-B50A-E3A03E013900}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | 
"UDP Query User{CEBE0515-545F-4B1B-B743-A9735CD40E10}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{D215A02B-FD97-4257-9E8B-1CD44BE1E198}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"UDP Query User{D3ABDFDC-80CE-4FAE-A510-A63E42EC9B79}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{D87AFE51-3C7B-4F57-9FD4-6D206E954842}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"UDP Query User{DD3EDBE4-F305-48B4-B983-108464B42820}C:\program files (x86)\wing commander saga\wcsaga_sse2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wing commander saga\wcsaga_sse2.exe | 
"UDP Query User{DD6143AD-8445-43AC-86B4-50F6D003556B}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
"UDP Query User{E8BF6D6D-F21D-4BFC-9536-CC7315F03555}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{EBF18728-3375-4901-A183-46534CAFDF46}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{FAB6E475-83C1-4484-92FC-78F6BC00F52C}C:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe | 
"UDP Query User{FDDCA2AD-CDBD-4676-B21C-DEB4CF2BDD49}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13351E83-6DCD-4E97-2A8C-5D496259A47F}" = AMD Catalyst Install Manager
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2D9FC0E7-A616-F52C-FE18-2460ACB578C8}" = AMD Fuel
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3AA627AF-DD36-F927-D91F-207FB3CC32D9}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62BDA98E-352B-5244-FA5C-5C441EF799EB}" = ATI AVIVO64 Codecs
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B16F9E6E-1388-472C-98C3-F32D397EF85D}" = HP Officejet 4620 series - Grundlegende Software für das Gerät
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B775540C-E635-B6CF-379F-87222AEC77C6}" = AMD Media Foundation Decoders
"{C4838EB8-FCED-B4EB-2777-017DFC3BD65D}" = AMD Accelerated Video Transcoding
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F62B016F-677E-0079-0052-18D45F186798}" = AMD Drag and Drop Transcoding
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft Security Client" = Microsoft Security Essentials
"VLC media player" = VLC media player 2.1.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{03496F77-5835-D529-1ED8-044FCD372E0F}" = HydraVision
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{1008F030-1D06-C7C2-14F7-18CE3307F51F}" = CCC Help Portuguese
"{14732331-A762-44D5-A5CE-02F129473F32}_is1" = Jagged Alliance 2
"{174F94E5-581E-EFCA-60FF-72B99A893BAE}" = CCC Help Thai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.4
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{3C9EF074-E7E8-1DAD-7B24-E2ACDC48FBDE}" = CCC Help English
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000028301}" = Fable III
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4F07D6C9-3AB0-0567-FA40-FA091398E7BE}" = CCC Help Italian
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{56978E45-6A6B-8DF7-B37C-58043F182D6C}" = CCC Help Swedish
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6672A809-A0D9-A47E-7CFE-AF0B0D599D40}" = Catalyst Control Center Localization All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6AFE5E25-121D-6054-62B8-F3354C82FAAF}" = CCC Help Hungarian
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7BDECEC6-87A7-A7AA-8AE8-A8D663F3B9E5}" = CCC Help Finnish
"{7D6835C4-F6C7-7D78-5DC7-593E025A58FD}" = CCC Help Korean
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8BB6D134-BFBA-F4B7-D086-6EF765576DBE}" = CCC Help Norwegian
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A69B5801-707A-D310-2DD1-0DE7EFF761AC}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Deutsch
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version 1.0
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C42B66AB-B0A2-516D-63BE-6D9608A3B9BC}" = CCC Help Dutch
"{C9B21EB7-9E61-55EF-DC76-ADB8DDEEFE56}" = CCC Help Polish
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC45C792-5348-9446-1FBB-2A287A19D48E}" = AMD Catalyst Control Center
"{CC9AD130-069C-E5AF-A56C-48E58781BE24}" = CCC Help Chinese Standard
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0A0DC26-EDD5-C03D-6AFC-8F10D2FD974F}" = CCC Help Chinese Traditional
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D805E716-EE94-64C4-04FB-BE98A4BF6CF6}" = CCC Help Spanish
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E002447E-6B41-DCF6-8133-987BF12C5B50}" = CCC Help Czech
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7970ADC-319A-A32B-7D8D-9404F4807365}" = CCC Help German
"{E7E71065-1152-440D-F258-5B6DE3817E41}" = Catalyst Control Center Graphics Previews Common
"{EADF01C1-9C48-5157-AF54-8E5DC3540185}" = CCC Help Turkish
"{EB48CCF6-69EC-F24E-0F24-6A13DFF63A05}" = CCC Help French
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.299
"{EF2E4024-2B49-F761-B36F-167033D7F005}" = CCC Help Japanese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F88FFBE5-6A07-6206-0B13-4F648A6718C9}" = Catalyst Control Center InstallProxy
"{FA5BA14A-631B-3AFB-8918-B75443396D4C}" = CCC Help Danish
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE8DA369-A02D-F0E4-231C-7D73A2D62028}" = CCC Help Russian
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Age of Wonders II" = Age of Wonders II
"Age of Wonders Shadow Magic" = Age of Wonders Shadow Magic
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battle for Wesnoth 1.8.5" = Battle for Wesnoth 1.8.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"CPU-Control_is1" = CPU-Control
"DivX Setup" = DivX-Setup
"Dragonica(DE)" = Dragonica(DE)
"EAX Unified" = EAX Unified
"ESN Sonar-0.70.4" = ESN Sonar
"Fallout New Vegas_is1" = Fallout New Vegas
"FreeTorrentViewer" = FreeTorrentViewer
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"Mafia" = Mafia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Neffy" = Neffy 1,3,29,0
"OpenAL" = OpenAL
"Opera 12.02.1578" = Opera 12.02
"Origin" = Origin
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Steam App 10500" = Empire: Total War
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 17460" = Mass Effect
"Steam App 17470" = Dead Space
"Steam App 201870" = Assassin's Creed Revelations
"Steam App 203160" = Tomb Raider
"Steam App 204100" = Max Payne 3
"Steam App 208480" = Assassin’s Creed® III
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 227320" = You Need A Budget 4 (YNAB)
"Steam App 231430" = Company of Heroes 2
"Steam App 240" = Counter-Strike: Source
"Steam App 24980" = Mass Effect 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 44350" = GRID 2
"Steam App 50130" = Mafia II
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 7760" = X-COM: UFO Defense
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"WinGimp-2.0_is1" = GIMP 2.6.10
"Xfire" = Xfire (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-683131984-1800021330-2316601673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.18
"Dropbox" = Dropbox
"PhotoFiltre" = PhotoFiltre
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.01.2014 17:10:10 | Computer Name = Matthias-PC | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 6.11.59.102 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7fc    Startzeit: 
01cf10a2f3c75947    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

Berichts-ID:
   
 
Error - 14.01.2014 10:27:14 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Matthias\Desktop\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.01.2014 10:30:26 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Matthias\Desktop\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.01.2014 10:30:45 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Matthias\Desktop\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.01.2014 10:32:50 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Matthias\Desktop\Downloads\SoftonicDownloader40385.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 14.01.2014 17:28:49 | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 14.01.2014 06:42:39 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 14.01.2014 06:43:41 | Computer Name = Matthias-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 14.01.2014 06:43:43 | Computer Name = Matthias-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 14.01.2014 06:44:37 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 15.01.2014 11:01:10 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 15.01.2014 11:02:14 | Computer Name = Matthias-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 15.01.2014 11:02:17 | Computer Name = Matthias-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         

Alt 16.01.2014, 08:10   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 64bit: rvzr-a.akamaihd - Standard

Windows 7 64bit: rvzr-a.akamaihd



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.01.2014, 17:36   #9
Ronin1
 
Windows 7 64bit: rvzr-a.akamaihd - Standard

Windows 7 64bit: rvzr-a.akamaihd



Funktioniert alles wieder.
Vielen, Vielen Dank für deine Hilfe, schrauber!!

Alt 17.01.2014, 11:58   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 64bit: rvzr-a.akamaihd - Standard

Windows 7 64bit: rvzr-a.akamaihd



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7 64bit: rvzr-a.akamaihd
adware.vplayer, adware/adware.gen, akamaihd.net, appdata, branding, exp/java.hlp.fw, exploit, malware, namen, newtab, officejet, pop-ups, programm, pup.optional.amonetize, pup.optional.conduit.a, pup.optional.expressfiles.a, pup.optional.installmonetizer, pup.optional.outbrowse, pup.optional.sweetim.a, pup.optional.webexp, tr/kryptik.83865681, trotz adblocker, virenschutz, werbung, windows, youtube, zugriff



Ähnliche Themen: Windows 7 64bit: rvzr-a.akamaihd


  1. Windows 7: Firefox wird von rvzr-a.akamaihd.net , gefolgt von <... mehr> attackiert
    Log-Analyse und Auswertung - 24.08.2014 (23)
  2. Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up
    Log-Analyse und Auswertung - 28.04.2014 (6)
  3. Windows 7 64 - Unerwünschte Popupwebseite http://rvzr-a.akamaihd.net/sd/....
    Log-Analyse und Auswertung - 24.01.2014 (1)
  4. rvzr-a.akamaihd.net
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (19)
  5. Windows 8 Unerwünschtes aufpoppen durch rvzr-a.akamaihd.net
    Log-Analyse und Auswertung - 07.01.2014 (10)
  6. Trojaner rvzr-a.akamaihd.net & spy hunter/windows 8
    Log-Analyse und Auswertung - 11.12.2013 (7)
  7. Windows 7: rvzr-a.akamaihd.net - permanente Werbe PopUps
    Plagegeister aller Art und deren Bekämpfung - 09.12.2013 (10)
  8. Windows 7: rvzr-a.akamaihd.net - permanente Werbe PopUps- wie kann ich (Laie) das entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2013 (9)
  9. Rvzr-a.akamaihd.net Infektion
    Log-Analyse und Auswertung - 03.12.2013 (11)
  10. rvzr-a.akamaihd.net entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.12.2013 (5)
  11. Windows 7: rvzr-a-akamaihd stört in Mozilla
    Log-Analyse und Auswertung - 03.12.2013 (5)
  12. rvzr-a.akamaihd.net/
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (3)
  13. rvzr-a.akamaihd auf Windows 7 64-bit
    Log-Analyse und Auswertung - 20.11.2013 (1)
  14. rvzr-a.akamaihd.net snapdo.com
    Plagegeister aller Art und deren Bekämpfung - 18.11.2013 (3)
  15. http://rvzr-a.akamaihd.net/
    Plagegeister aller Art und deren Bekämpfung - 15.11.2013 (10)
  16. rvzr-a.akamaihd
    Log-Analyse und Auswertung - 11.11.2013 (7)
  17. rvzr-a.akamaihd.net
    Plagegeister aller Art und deren Bekämpfung - 10.11.2013 (24)

Zum Thema Windows 7 64bit: rvzr-a.akamaihd - Ich hatte ständige Pop-Ups mit der Adresse akamaihd.net/... außerdem Werbung auf Seiten wie Youtube die trotz adblocker zu sehen war. Hab erst Avira und dann adwcleaner laufen lassen. Die Symptome - Windows 7 64bit: rvzr-a.akamaihd...
Archiv
Du betrachtest: Windows 7 64bit: rvzr-a.akamaihd auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.