Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste

LarryPerkins · 10.02.2015, 14:53

Also wenn ich AV deaktiviere... hatte ich ja auch schon versucht.
Er bricht ab bei "Scanning Chrome Extensions".

Warlord711 · 10.02.2015, 15:33

Dann vielleicht so:
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

LarryPerkins · 10.02.2015, 16:26

Ha! Jetzt hat's geklappt.
Allerdings waren da andere Scan Optionen mit Haken dran..? Also anders als im Bild.
Hier jedenfalls mal das File:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by SYSTEM on MININT-RUPRF0B on 10-02-2015 16:19:07
Running from G:\
Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9962016 2010-06-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2010-03-01] (Synaptics Incorporated)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite\launcher.exe [84744 2010-04-27] (UPEK Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [253440 2010-05-18] (Vodafone)
HKLM-x32\...\Run: [MarketingTools] => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2013-03-19] (Sony Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKU\XXX YYY\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\XXX YYY\...\Run: [SkyDrive] => C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\XXX YYY\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\XXX YYY\...\Run: [GoogleChromeAutoLaunch_550EDA027B4B11347618D98EDCBB3ADF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
Startup: C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
Startup: C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2011-06-17] ()
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
S2 QDLService2kSony; c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [332024 2010-06-03] (QUALCOMM, Inc.)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
S2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 0067591363772028mcinstcleanup; C:\Windows\TEMP\006759~1.EXE -cleanup -nolog [X]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-29] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-29] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 qcfiltersny2k; C:\Windows\System32\DRIVERS\qcfiltersny2k.sys [6400 2010-06-03] (QUALCOMM Incorporated)
S3 qcombussny; C:\Windows\System32\DRIVERS\qcombussny.sys [137800 2010-06-03] (MCCI)
S3 qcusbnetsny2k; C:\Windows\System32\DRIVERS\qcusbnetsny2k.sys [442368 2010-06-03] (QUALCOMM Incorporated)
S3 qcusbsersny2k; C:\Windows\System32\DRIVERS\qcusbserSny2k.sys [230784 2010-06-03] (QUALCOMM Incorporated)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-03-22] (RapidSolution Software AG)
S3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-03-22] (RapidSolution Software AG)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
S3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-09-05] (Razer Inc)
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-12-30] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 16:04 - 2015-02-10 16:04 - 00039026 _____ () C:\Users\XXX YYY\Desktop\HitmanPro_20150210_1603.log
2015-02-09 23:05 - 2015-02-09 23:05 - 11225840 _____ (SurfRight B.V.) C:\Users\XXX YYY\Downloads\HitmanPro_x64.exe
2015-02-09 21:15 - 2015-02-09 21:15 - 00039064 _____ () C:\ComboFix.txt
2015-02-09 20:56 - 2015-02-09 21:15 - 00000000 ____D () C:\Qoobox
2015-02-09 20:56 - 2015-02-09 21:13 - 00000000 ____D () C:\Windows\erdnt
2015-02-09 20:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-09 20:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-09 20:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-09 20:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-09 20:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-09 20:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-09 20:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-09 20:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-09 20:54 - 2015-02-09 20:55 - 05611930 ____R (Swearware) C:\Users\XXX YYY\Desktop\ComboFix.exe
2015-02-09 20:54 - 2015-02-09 20:54 - 05611930 _____ (Swearware) C:\Users\XXX YYY\Downloads\ComboFix.exe.part
2015-02-09 19:21 - 2015-02-09 19:21 - 02132992 _____ (Farbar) C:\Users\XXX YYY\Downloads\FRST64.exe
2015-02-09 18:04 - 2015-02-09 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-09 18:03 - 2015-02-09 18:21 - 00000000 ____D () C:\Users\XXX YYY\Desktop\mbar
2015-02-09 18:02 - 2015-02-09 18:02 - 16466552 _____ (Malwarebytes Corp.) C:\Users\XXX YYY\Downloads\mbar-1.08.3.1004.exe
2015-02-09 17:59 - 2015-02-09 17:59 - 00000000 ____D () C:\ProgramData\OnlineUpdate
2015-02-09 17:59 - 2015-02-09 17:59 - 00000000 ____D () C:\ProgramData\log
2015-02-09 17:23 - 2015-02-09 17:23 - 01124352 _____ (Farbar) C:\Users\XXX YYY\Downloads\FRST.exe
2015-02-09 15:05 - 2015-02-09 15:05 - 00442624 _____ () C:\Windows\Minidump\020915-9968-01.dmp
2015-02-09 12:53 - 2015-02-09 12:55 - 00042052 _____ () C:\Users\XXX YYY\Desktop\GMER.log
2015-02-09 12:40 - 2015-02-09 12:40 - 00268832 _____ () C:\Windows\Minidump\020915-10140-01.dmp
2015-02-09 12:29 - 2015-02-09 12:57 - 00149082 _____ () C:\Users\XXX YYY\Desktop\Trojanerboad Forumpost 090215.txt
2015-02-09 12:29 - 2015-02-09 12:29 - 00000869 _____ () C:\Users\XXX YYY\Desktop\Anleitung GMER.txt
2015-02-09 12:28 - 2015-02-09 12:28 - 00064922 _____ () C:\Users\XXX YYY\Downloads\Trojanerboad Forumpost 090215.txt
2015-02-09 12:23 - 2015-02-09 12:26 - 00001097 _____ () C:\Users\XXX YYY\Desktop\Malwarebytes Scan after Malwarebytes Removal.txt
2015-02-09 12:21 - 2015-02-09 12:30 - 00003827 _____ () C:\Users\XXX YYY\Desktop\Malwarebytes Scan.txt
2015-02-09 12:18 - 2015-02-09 12:18 - 00380416 _____ () C:\Users\XXX YYY\Downloads\Gmer-19357.exe
2015-02-09 12:01 - 2015-02-10 14:51 - 00024881 _____ () C:\Users\XXX YYY\Downloads\FRST.txt
2015-02-09 12:00 - 2015-02-10 14:51 - 00000000 ____D () C:\FRST
2015-02-09 11:58 - 2015-02-09 12:28 - 00000470 _____ () C:\Users\XXX YYY\Downloads\defogger_disable.log
2015-02-09 11:58 - 2015-02-09 11:58 - 00000000 _____ () C:\Users\XXX YYY\defogger_reenable
2015-02-09 11:57 - 2015-02-09 11:57 - 00050477 _____ () C:\Users\XXX YYY\Downloads\Defogger.exe
2015-02-09 09:49 - 2015-02-09 13:04 - 00003028 _____ () C:\Users\XXX YYY\Desktop\JRT.txt
2015-02-09 09:43 - 2015-02-09 09:43 - 01388274 _____ (Thisisu) C:\Users\XXX YYY\Downloads\JRT.exe
2015-02-09 09:37 - 2015-02-09 09:41 - 00000000 ____D () C:\AdwCleaner
2015-02-09 09:37 - 2015-02-09 09:37 - 02112512 _____ () C:\Users\XXX YYY\Downloads\AdwCleaner_4.110.exe
2015-02-07 08:01 - 2015-02-07 08:01 - 00262144 _____ () C:\Windows\Minidump\020715-11793-01.dmp
2015-02-05 17:20 - 2015-02-05 17:20 - 00000000 ____D () C:\Users\XXX YYY\Documents\Dungeon of the Endless
2015-02-05 16:56 - 2015-02-09 18:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-02-05 16:56 - 2015-02-09 18:03 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-02-05 16:56 - 2015-02-05 16:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-05 16:56 - 2015-02-05 16:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-05 16:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-02-05 16:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-02-05 16:55 - 2015-02-05 16:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\XXX YYY\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 15:20 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-02-04 15:20 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-02-04 15:20 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-02-04 15:20 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-04 15:20 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-02-04 15:20 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-02-04 15:20 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-02-04 15:20 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-02-04 15:20 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-04 15:20 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-04 15:20 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-04 15:20 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-02-04 15:20 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-02-04 15:20 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-04 15:20 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-03 15:00 - 2015-02-03 15:01 - 07811072 _____ () C:\Users\XXX YYY\Downloads\LWAPlugin64BitInstaller32.msi
2015-01-29 14:05 - 2015-01-29 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 16:42 - 2015-01-24 19:43 - 00000000 ____D () C:\ProgramData\Steam
2015-01-23 16:45 - 2015-01-23 16:45 - 00001169 _____ () C:\Users\Public\Desktop\VTech Download Manager.lnk
2015-01-23 16:45 - 2015-01-23 16:45 - 00000000 ____D () C:\ProgramData\VTech
2015-01-23 16:45 - 2015-01-23 16:45 - 00000000 ____D () C:\Program Files (x86)\VTech
2015-01-23 16:44 - 2015-01-23 16:45 - 20758664 _____ (VTech) C:\Users\XXX YYY\Downloads\Kidizoom1407_DE_ger_Setup.exe
2015-01-21 16:05 - 2015-01-21 16:05 - 00217384 _____ (Cisco WebEx LLC) C:\Users\XXX YYY\Downloads\eggits2_Awebex_Acom,eggits2-de,2077473508,-1093361774,MC,0-0,SDJTSwAAAAJeWSAuzW-CSBddk8nRdEnMuWSMwGr2g0C4q48zrQRhMg2_webex.exe
2015-01-21 15:56 - 2015-01-21 16:05 - 00000000 ____D () C:\Users\XXX YYY\AppData\Roaming\webex
2015-01-21 15:56 - 2015-01-21 15:56 - 00646648 _____ (Cisco WebEx LLC) C:\Users\XXX YYY\Downloads\Cisco_WebEx_Add-On.exe
2015-01-21 15:56 - 2015-01-21 15:56 - 00000000 ____D () C:\Users\XXX YYY\AppData\Local\WebEx
2015-01-21 15:56 - 2015-01-21 15:56 - 00000000 ____D () C:\ProgramData\WebEx
2015-01-20 14:11 - 2015-01-20 14:11 - 00359961 _____ () C:\Users\XXX YYY\Downloads\Dokument
2015-01-19 15:12 - 2015-01-19 15:12 - 00002263 _____ () C:\Users\XXX YYY\Desktop\Chrome App Launcher.lnk
2015-01-19 14:58 - 2015-01-19 14:58 - 00000000 ____D () C:\Users\XXX YYY\Documents\Google USB driver
2015-01-19 14:53 - 2015-01-19 14:53 - 08682859 _____ () C:\Users\XXX YYY\Downloads\latest_usb_driver_windows.zip
2015-01-19 13:39 - 2014-06-16 07:01 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2015-01-19 13:36 - 2015-01-19 13:36 - 16007072 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\XXX YYY\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.45.0.exe
2015-01-19 13:24 - 2015-01-19 13:24 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-01-19 13:22 - 2015-01-19 13:22 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-19 13:21 - 2015-01-19 13:21 - 24111736 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\XXX YYY\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
2015-01-19 13:21 - 2015-01-19 13:21 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod
2015-01-19 13:20 - 2015-01-19 13:20 - 11060224 _____ () C:\Users\XXX YYY\Downloads\CarbonSetup.msi
2015-01-17 18:47 - 2015-01-19 10:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-15 16:55 - 2015-01-15 17:09 - 453311842 _____ () C:\Users\XXX YYY\Downloads\Mobalo folder.zip
2015-01-15 15:37 - 2015-01-15 15:37 - 00000000 ____D () C:\Windows\de
2015-01-15 15:36 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-01-13 17:25 - 2015-01-13 17:25 - 09175231 _____ (MusicBrainz) C:\Users\XXX YYY\Downloads\picard-setup-1.3.2.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 16:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 16:15 - 2009-07-14 05:51 - 00216244 _____ () C:\Windows\setupact.log
2015-02-10 16:13 - 2014-05-02 11:30 - 00005172 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for XXXYYY-VAIO-XXX YYY XXXYYY-VAIO
2015-02-10 16:13 - 2014-05-02 11:27 - 00000000 ___RD () C:\Users\XXX YYY\OneDrive
2015-02-10 16:13 - 2013-04-02 10:55 - 00000000 ___RD () C:\Users\XXX YYY\Dropbox
2015-02-10 16:13 - 2013-03-20 12:01 - 00000000 ____D () C:\Users\XXX YYY\AppData\Roaming\Skype
2015-02-10 16:13 - 2013-03-19 16:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 16:13 - 2013-03-19 16:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 16:12 - 2013-04-02 10:51 - 00000000 ____D () C:\Users\XXX YYY\AppData\Roaming\Dropbox
2015-02-10 16:12 - 2013-04-02 09:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-10 16:05 - 2013-03-19 16:35 - 00703214 _____ () C:\Windows\System32\perfh007.dat
2015-02-10 16:05 - 2013-03-19 16:35 - 00150822 _____ () C:\Windows\System32\perfc007.dat
2015-02-10 16:05 - 2009-07-14 06:13 - 01629436 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-02-10 16:04 - 2013-03-19 16:42 - 01452400 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 16:03 - 2013-04-02 10:14 - 00000000 ____D () C:\Users\XXX YYY\Documents\mobalo
2015-02-10 15:28 - 2013-03-20 11:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 23:00 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 23:00 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 21:15 - 2013-03-20 12:05 - 00000000 ____D () C:\Users\XXX YYY\AppData\Local\Apps\2.0
2015-02-09 21:15 - 2009-07-14 04:20 - 00000000 __RHD () C:\users\Default
2015-02-09 21:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-09 21:10 - 2010-07-19 21:44 - 00503914 _____ () C:\Windows\PFRO.log
2015-02-09 15:05 - 2013-03-23 17:07 - 00000000 ____D () C:\Windows\Minidump
2015-02-09 11:58 - 2013-03-19 16:59 - 00000000 ____D () C:\users\XXX YYY
2015-02-09 09:46 - 2013-03-19 17:01 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{74DD3A27-0DC4-4DEC-A150-6D12E280742E}
2015-02-08 16:08 - 2013-03-19 16:48 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 16:08 - 2013-03-19 16:48 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 17:19 - 2013-03-20 11:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-05 17:19 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\addins
2015-02-05 16:28 - 2013-03-20 11:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 16:28 - 2013-03-20 11:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 16:28 - 2013-03-20 11:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 15:46 - 2014-12-22 11:11 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-05 15:46 - 2013-12-06 11:02 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-05 15:46 - 2013-03-23 22:04 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-04 15:41 - 2009-07-14 05:45 - 00446136 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-02-04 15:31 - 2013-08-19 18:06 - 00000000 ____D () C:\Windows\System32\MRT
2015-02-04 15:20 - 2013-03-20 11:10 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-02-02 12:18 - 2013-03-19 16:59 - 00117264 _____ () C:\Users\XXX YYY\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-02 12:08 - 2010-07-19 21:45 - 00626734 _____ () C:\Windows\DPINST.LOG
2015-01-24 19:43 - 2014-12-12 18:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-01-21 18:27 - 2013-04-02 10:22 - 00000000 ____D () C:\Users\XXX YYY\.thinkbuzan
2015-01-21 18:26 - 2013-04-02 10:22 - 00000000 ____D () C:\ProgramData\ThinkBuzan
2015-01-21 18:26 - 2013-04-02 10:22 - 00000000 ____D () C:\ProgramData\JSoft
2015-01-18 13:24 - 2014-12-22 00:54 - 00000000 ____D () C:\Users\XXX YYY\AppData\Roaming\Cinders
2015-01-15 15:48 - 2013-04-24 16:20 - 00000000 ____D () C:\Users\XXX YYY\Tracing
2015-01-15 15:36 - 2013-03-19 16:53 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-15 15:36 - 2013-03-19 16:52 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-01-15 15:35 - 2013-03-19 16:53 - 00151643 _____ () C:\Windows\DirectX.log

ZeroAccess:
C:\Users\XXX YYY\AppData\Local\{4fa287a5-a9e8-a902-8c66-f7e1d24caa8e}

Some content of TEMP:
====================
C:\Users\XXX YYY\AppData\Local\Temp\avgnt.exe
C:\Users\XXX YYY\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdhh4az.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no auXXXatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-02-09 23:13:21

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 3765.82 MB
Available physical RAM: 3127.61 MB
Total Pagefile: 3763.97 MB
Available Pagefile: 3115.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.17 GB) (Free:12.39 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:7.98 GB) (Free:0.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:1.87 GB) (Free:0.75 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 720CB564)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: F9A2B4B0)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)


LastRegBack: 2015-01-26 14:22

==================== End Of Log ============================

--- --- ---

Warlord711 · 11.02.2015, 14:51

Tjo, komische Sache.

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Mach dann nach nem Neustart nochmal den Versuch, nen FRST Log zu erstellen.

LarryPerkins · 11.02.2015, 15:34

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1) 
 Mozilla Thunderbird (31.4.0) 
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.94) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Internet Manager OnlineUpdate ouc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015
Ran by XXX at 2015-02-11 15:25:22 Run:1
Running from C:\Users\XXX\Desktop
Loaded Profiles: XXX (Available profiles: XXX)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
emptytemp:
*****************

EmptyTemp: => Removed 1016.8 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:26:13 ====

Warlord711 · 11.02.2015, 15:46

Versuch bitte nochmal nen Log zu erstellen (mit FRST)

LarryPerkins · 11.02.2015, 16:08

Nein, bricht leider immernoch mit "Farbar REcovery Scan Tool funktioniert nicht mehr" bei
Scanning Chrome Extensions.

Oder soll ich das mit dem USB Stick nochmal machen?

Warlord711 · 11.02.2015, 16:41

Nö, wir greifen mal auf etwas älteres zurück:

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).

Doppelklick auf die OTL.exe
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

LarryPerkins · 12.02.2015, 11:25

Code:

ATTFilter

OTL logfile created on: 12.02.2015 10:59:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX YYY\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 23,00% Memory free
7,35 Gb Paging File | 3,89 Gb Available in Paging File | 52,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,17 Gb Total Space | 12,80 Gb Free Space | 11,51% Space Free | Partition Type: NTFS
 
Computer Name: XXXYYY-VAIO | User Name: XXX YYY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX YYY\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe ()
PRC - C:\Users\XXX YYY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Microsoft Corporation)
PRC - C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
PRC - C:\Programme\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (DEVGURU Co., LTD.)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Sony\VAIO Care\listener.exe ()
PRC - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe ()
PRC - C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Windows\SysWOW64\prevhost.exe (Microsoft Corporation)
PRC - c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe (QUALCOMM, Inc.)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\users\XXXrau~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_a6zrt.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\video.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7ab3e68c2e523f60bfc4f222cbd1c1d0\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\9370714a38ae2805434296b26a9f5b14\PresentationFramework-SystemXmlLinq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\4df6733efc348c009a4a6e0adccc42a6\PresentationFramework-SystemData.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Shor#\6d11b1280a9a392d44aa6521e2556554\Vodafone.Model.Shortcut.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\1f7c7abe1f996fc1c0b3f7b84756935a\Vodafone.Model.Connection.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\fdbb2979fdc6741ea5831d2f3c33c817\Vodafone.View.SecondaryWindows.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\c6e757994ee024eb51b8315d50b830d4\Vodafone.Vpn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.FortinetCo#\acc9994c2360c02708f2df8545964a05\Vodafone.FortinetConnector.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\d215f84e68a80fd6764101688d8d6afc\Vodafone.BusinessLogic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceMana#\172dd8b2ffe4d266341ed18fc2b0ad42\Vodafone.DeviceManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\00276057b3eab06ccf44e69342fee7cd\Vodafone.LanWlanManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Common.Logging\130217a40884b8223387289476e0b369\Common.Logging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Spring.Core\9abaae8e1e3d1f7e2f1b29dc7cbebafb\Spring.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\2606b67de3a2bfa7330c30f3a1afb5ff\Vodafone.Contracts.Presenter.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\6b3bbbd2d8df19986ca6d81d71c4a620\Vodafone.InstanceProvider.Impl.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\7ddbfd7d906aba4a4ceafb46695bcb1e\Vodafone.CommonDialogs.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\02f6143d2c1c4a56f4859fddc52b1b1b\Vodafone.Contracts.View.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\38c6e4589d8305015e679397491ac790\Vodafone.Contracts.Model.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\d91aa460c6ef2e24c8d894926324ca00\Vodafone.UpdateManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\6b7f22226fa804f268049d7a1cc8e069\Vodafone.ReportingManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\d9a5f52353cfb0bdae1008b37a9a661b\Vodafone.SmsContactManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\5d57d33088f8b61a2e67724c5c9d448e\Vodafone.OutlookConnector.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.TrafficOpt#\80a661491008870892b3df895c7c9494\Vodafone.TrafficOptimiser.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.WwanWrapper\141c9d8ee374af48e387086029847736\Vodafone.WwanWrapper.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\6d16b105f4110fe112de7033fde6080f\Vodafone.MobileBroadband.CallbackHandler.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\fb0231c220234f61cb937ce8b59eac38\Vodafone.ConnectionServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\c6aed7007b040c395bd822602b38663e\Vodafone.Contracts.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\598964772a2907ab8164c095f316336a\Vodafone.Contracts.Adapter.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\6e21f0516168665f220378804c93e5f5\Vodafone.ApplicationHost.Impl.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\40bdbb0dc4396b08b4e252f0a98b1e49\Vodafone.SettingsManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\f808ee3535387fb7135d906fd06f99ab\Vodafone.DataAccessor.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\ac46c145e1e72641f2f324c7f78a395c\MobileBroadbandResources.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Win32\1f3d0d19fe930a5d2b38723a9514b887\Vodafone.Win32.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\5850044a65af63ab08b3c3f6f8250412\Vodafone.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\5d2d2ef2c4da9cc3bd59449347125aa7\Vodafone.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\c52f2b752f831abf01960e77ab4de8e6\Vodafone.Platform.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\9d036ebb6ab008752843fabd507f4d0f\Vodafone.LogEngine.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadband\0ef374b6e55a6d75448955c6f338f187\MobileBroadband.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1f861b2b88c8a5a5b3b6c6144dc261d2\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a229c5bed4a12b5db6ca55d223ada6df\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\03a626bdcfdec1158034377d1edc5f4d\System.Design.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\875c35969785fa170d186e7ca546ac9e\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f45bc0251cceb599622f55cc1c7f4aba\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\4b335bfaa07fc54f2d72213d33f53e97\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\fc21baf1fd69ebbc21be4a9189951fc0\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\cc7bb025e7cca401787cec5893c2cb67\System.ComponentModel.Composition.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\5e84979fadb7eb63caedea9f4acefcc9\System.Data.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\c90a4b709b46b64c89fce02585d55370\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll ()
MOD - C:\Program Files (x86)\Steam\v8.dll ()
MOD - C:\Program Files (x86)\Steam\icui18n.dll ()
MOD - C:\Program Files (x86)\Steam\icuuc.dll ()
MOD - C:\Program Files (x86)\Steam\libavcodec-56.dll ()
MOD - C:\Program Files (x86)\Steam\libswscale-3.dll ()
MOD - C:\Program Files (x86)\Steam\libavformat-56.dll ()
MOD - C:\Program Files (x86)\Steam\libavutil-54.dll ()
MOD - C:\Program Files (x86)\Steam\libavresample-2.dll ()
MOD - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Users\XXX YYY\AppData\Roaming\Dropbox\bin\libGLESv2.dll ()
MOD - C:\Users\XXX YYY\AppData\Roaming\Dropbox\bin\libEGL.dll ()
MOD - C:\Users\XXX YYY\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll ()
MOD - C:\Users\XXX YYY\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\3a55f96f50938ec904bc6c62066529c3\Interop.FNCClient11Lib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\f28f529f01ffbdb55a4099ad9c9394c3\Interop.Shell32.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\6d59d9742c26700fc254ea66189c9b70\Vodafone.ConnectionManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\ca50dccc60c3d966e536b6b9842f98de\Vodafone.SmsProfileManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Conflictin#\8e25c8199d77606fda99470ea99726ad\Vodafone.ConflictingApplications.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\37a397c89b8d3479378d1eab94c95579\Vodafone.NtServiceMessaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\0483c93466914f3fbd5b44454b0c8a98\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll ()
MOD - C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtiff.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qmng.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qwbmp.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtga.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\plugins\sensors\qtsensors_dummy.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qsvg.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\plugins\platforms\qwindows.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qico.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qgif.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qjpeg.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qnativewifibearer.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qgenericbearer.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QHttpServer.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAuXXXationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAuXXXationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Sony\VAIO Care\listener.exe ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Sony\Marketing Tools\Win32Interop.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (mcbootdelaystartsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Intel Corporation)
SRV:64bit: - (nvservice) -- C:\Windows\SysNative\nvservice.exe (NVIDIA Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Avira.OE.ServiceHost) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Razer Game Scanner Service) -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe ()
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (ss_conn_service) -- C:\Programme\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (DEVGURU Co., LTD.)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (RzOvlMon) -- C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe (Razer, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (USER_ESRV_SVC) -- C:\Programme\Sony\VAIO Care\ESRV\esrv_svc.exe (Intel Corporation)
SRV - (ESRV_SVC) -- C:\Programme\Sony\VAIO Care\ESRV\esrv_svc.exe (Intel Corporation)
SRV - (McComponentHostServiceSony) -- C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Internet Manager. RunOuc) -- C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe ()
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (QDLService2kSony) -- c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe (QUALCOMM, Inc.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (semav6thermal64ro) -- C:\Windows\SysNative\drivers\semav6thermal64ro.sys ()
DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer Inc)
DRV:64bit: - (rzpnk) -- C:\Windows\SysNative\drivers\rzpnk.sys (Razer, Inc.)
DRV:64bit: - (rzpmgrk) -- C:\Windows\SysNative\drivers\rzpmgrk.sys (Razer, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (rzmpos) -- C:\Windows\SysNative\drivers\rzmpos.sys (Razer Inc)
DRV:64bit: - (rzendpt) -- C:\Windows\SysNative\drivers\rzendpt.sys (Razer Inc)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (RzDxgk) -- C:\Windows\SysNative\drivers\RzDxgk.sys (Razer, Inc.)
DRV:64bit: - (RzFilter) -- C:\Windows\SysNative\drivers\RzFilter.sys (Razer, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (qcusbnetsny2k) -- C:\Windows\SysNative\drivers\qcusbnetsny2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (qcusbsersny2k) -- C:\Windows\SysNative\drivers\qcusbserSny2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (qcombussny) -- C:\Windows\SysNative\drivers\qcombussny.sys (MCCI)
DRV:64bit: - (qcfiltersny2k) -- C:\Windows\SysNative\drivers\qcfiltersny2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3617BCD7-E991-4BB5-8542-09A0B20EE913}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{794C16B2-C354-42CB-8212-172F5BD771B6}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{A70EC677-F517-45E6-831A-E87104D7AC0B}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: toolbar%40alexa.com:1.8.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:2.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: passwordbank@upek.com:5.9.3.6319.3.6
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*'))%20%7B%20return%20'PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..services.sync.prefs.sync.browser.search.selectedEngine: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\XXX YYY\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\XXX YYY\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\LWAPlugin15.8: C:\Users\XXX YYY\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.03.20 12:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\Extensions
[2013.03.19 02:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2015.02.10 17:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\Firefox\Profiles\gwlew6n9.default\extensions
[2015.02.03 10:47:08 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\Firefox\Profiles\gwlew6n9.default\extensions\abs@avira.com
[2013.03.20 12:33:34 | 000,000,000 | ---D | M] (Password Bank) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\Firefox\Profiles\gwlew6n9.default\extensions\passwordbank@upek.com
[2013.03.20 11:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\Firefox\Profiles\rsv63erq.default\extensions
[2014.10.28 17:08:14 | 001,443,602 | ---- | M] () (No name found) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\firefox\profiles\gwlew6n9.default\extensions\firefox@ghostery.com.xpi
[2014.07.06 13:36:20 | 000,394,918 | ---- | M] () (No name found) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\firefox\profiles\gwlew6n9.default\extensions\firegestures@xuldev.org.xpi
[2015.02.10 17:26:58 | 000,174,448 | ---- | M] () (No name found) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\firefox\profiles\gwlew6n9.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2015.02.10 17:26:59 | 002,178,746 | ---- | M] () (No name found) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\firefox\profiles\gwlew6n9.default\extensions\jid1-T5mdAATMX3urKA@jetpack.xpi
[2013.06.20 17:13:34 | 000,178,105 | ---- | M] () (No name found) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\firefox\profiles\gwlew6n9.default\extensions\rapportive@rapportive.com.xpi
[2013.03.19 02:16:06 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\firefox\profiles\gwlew6n9.default\extensions\tineye@ideeinc.com.xpi
[2015.02.09 12:15:39 | 000,086,749 | ---- | M] () (No name found) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\firefox\profiles\gwlew6n9.default\extensions\toolbar@alexa.com.xpi
[2013.03.19 02:16:06 | 000,077,793 | ---- | M] () (No name found) -- C:\Users\XXX YYY\AppData\Roaming\mozilla\firefox\profiles\gwlew6n9.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi
[2013.03.19 02:16:10 | 000,002,103 | ---- | M] () -- C:\Users\XXX YYY\AppData\Roaming\mozilla\firefox\profiles\gwlew6n9.default\searchplugins\translate-korean-to-english.xml
[2015.02.05 17:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2015.01.29 14:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015.01.29 14:05:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015.01.29 14:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2015.01.29 14:05:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\XXX YYY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped\6.6_0\
CHR - Extension: No name found = C:\Users\XXX YYY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\XXX YYY\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\
CHR - Extension: No name found = C:\Users\XXX YYY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpglbgbpeobllokpmeagpoagjbfknanl\1.0.0.9_0\
CHR - Extension: No name found = C:\Users\XXX YYY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2015.02.09 21:10:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_550EDA027B4B11347618D98EDCBB3ADF] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [SkyDrive] C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\XXX YYY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk = C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{151AB8A6-ED2A-4662-A219-5E83E7F62040}: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{876E33B5-EE1E-4322-8F79-79EB6087A1E2}: NameServer =  
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2DF348-6AB3-482F-A8BC-41E89158A468}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2DF348-6AB3-482F-A8BC-41E89158A468}: NameServer = 10.74.210.210 10.74.210.211
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015.02.12 10:56:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXX YYY\Desktop\OTL.exe
[2015.02.11 15:25:14 | 000,000,000 | ---D | C] -- C:\Users\XXX YYY\Desktop\FRST-OlderVersion
[2015.02.11 15:24:20 | 002,134,016 | ---- | C] (Farbar) -- C:\Users\XXX YYY\Desktop\FRST64.exe
[2015.02.09 21:12:24 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2015.02.09 20:56:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015.02.09 20:56:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015.02.09 20:56:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015.02.09 20:56:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015.02.09 20:56:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.02.09 20:54:56 | 005,611,930 | R--- | C] (Swearware) -- C:\Users\XXX YYY\Desktop\ComboFix.exe
[2015.02.09 18:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2015.02.09 18:03:25 | 000,000,000 | ---D | C] -- C:\Users\XXX YYY\Desktop\mbar
[2015.02.09 17:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineUpdate
[2015.02.09 17:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\log
[2015.02.09 12:00:25 | 000,000,000 | ---D | C] -- C:\FRST
[2015.02.09 09:37:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015.02.05 17:20:32 | 000,000,000 | ---D | C] -- C:\Users\XXX YYY\Documents\Dungeon of the Endless
[2015.02.05 16:56:36 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015.02.05 16:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2015.02.05 16:56:00 | 000,097,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015.02.05 16:56:00 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015.02.05 16:56:00 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015.02.05 16:56:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2015.02.05 16:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.02.04 15:20:33 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015.02.04 15:20:29 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015.02.04 15:20:29 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015.02.04 15:20:28 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015.02.04 15:20:28 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015.02.04 15:20:28 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015.02.04 15:20:28 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015.02.04 15:20:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015.02.04 15:20:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015.02.04 15:20:14 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015.01.29 14:05:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015.01.24 16:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2015.01.23 16:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTech
[2015.01.23 16:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\VTech
[2015.01.23 16:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VTech
[2015.01.21 15:56:50 | 000,000,000 | ---D | C] -- C:\Users\XXX YYY\AppData\Roaming\webex
[2015.01.21 15:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2015.01.21 15:56:20 | 000,000,000 | ---D | C] -- C:\Users\XXX YYY\AppData\Local\WebEx
[2015.01.19 15:12:51 | 000,000,000 | ---D | C] -- C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps
[2015.01.19 15:12:47 | 000,000,000 | ---D | C] -- C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015.01.19 14:58:04 | 000,000,000 | ---D | C] -- C:\Users\XXX YYY\Documents\Google USB driver
[2015.01.19 13:39:09 | 000,110,336 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2015.01.19 13:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2015.01.19 13:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2015.01.19 13:21:07 | 000,000,000 | ---D | C] -- C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
[2015.01.19 13:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClockworkMod
[2015.01.17 18:47:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2015.01.15 15:37:41 | 000,000,000 | ---D | C] -- C:\Windows\de
[2015.01.15 15:37:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2015.01.15 15:36:09 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\XXX YYY\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\XXX YYY\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\XXX YYY\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\XXX YYY\AppData\Local\bass.dll
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015.02.12 10:57:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX YYY\Desktop\OTL.exe
[2015.02.12 10:53:43 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.02.12 10:52:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.02.12 10:52:38 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.02.11 16:13:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.02.11 16:04:49 | 002,134,016 | ---- | M] (Farbar) -- C:\Users\XXX YYY\Desktop\FRST64.exe
[2015.02.11 15:35:00 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.02.11 15:35:00 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.02.11 15:33:36 | 001,629,436 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015.02.11 15:33:36 | 000,703,214 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2015.02.11 15:33:36 | 000,657,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015.02.11 15:33:36 | 000,150,822 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2015.02.11 15:33:36 | 000,123,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015.02.11 15:27:14 | 2961,563,648 | -HS- | M] () -- C:\hiberfil.sys
[2015.02.11 15:18:05 | 000,852,594 | ---- | M] () -- C:\Users\XXX YYY\Desktop\SecurityCheck.exe
[2015.02.09 21:10:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015.02.09 20:55:00 | 005,611,930 | R--- | M] (Swearware) -- C:\Users\XXX YYY\Desktop\ComboFix.exe
[2015.02.09 18:04:32 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015.02.09 18:03:28 | 000,097,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015.02.09 11:58:11 | 000,000,000 | ---- | M] () -- C:\Users\XXX YYY\defogger_reenable
[2015.02.05 16:28:09 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015.02.05 16:28:09 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015.02.04 15:41:38 | 000,446,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015.01.23 16:45:52 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\VTech Download Manager.lnk
[2015.01.21 15:32:54 | 000,103,435 | ---- | M] () -- C:\Users\XXX YYY\Documents\zustimmung_uste2012-signed.pdf
[2015.01.21 15:32:16 | 000,102,722 | ---- | M] () -- C:\Users\XXX YYY\Documents\zustimmung_este2012-signed.pdf
[2015.01.20 14:18:41 | 000,368,519 | ---- | M] () -- C:\Users\XXX YYY\Documents\379827381 Geschäftskonto von 2012.pdf
[2015.01.20 14:18:12 | 001,687,247 | ---- | M] () -- C:\Users\XXX YYY\Documents\7150717 von 2012.pdf
[2015.01.19 15:12:47 | 000,002,263 | ---- | M] () -- C:\Users\XXX YYY\Desktop\Chrome App Launcher.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015.02.11 15:18:02 | 000,852,594 | ---- | C] () -- C:\Users\XXX YYY\Desktop\SecurityCheck.exe
[2015.02.09 20:56:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015.02.09 20:56:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015.02.09 20:56:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015.02.09 20:56:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015.02.09 20:56:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2015.02.09 11:58:11 | 000,000,000 | ---- | C] () -- C:\Users\XXX YYY\defogger_reenable
[2015.01.23 16:45:52 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\VTech Download Manager.lnk
[2015.01.21 15:32:54 | 000,103,435 | ---- | C] () -- C:\Users\XXX YYY\Documents\zustimmung_uste2012-signed.pdf
[2015.01.21 15:32:16 | 000,102,722 | ---- | C] () -- C:\Users\XXX YYY\Documents\zustimmung_este2012-signed.pdf
[2015.01.20 14:18:41 | 000,368,519 | ---- | C] () -- C:\Users\XXX YYY\Documents\379827381 Geschäftskonto von 2012.pdf
[2015.01.20 14:18:12 | 001,687,247 | ---- | C] () -- C:\Users\XXX YYY\Documents\7150717 von 2012.pdf
[2015.01.19 15:12:47 | 000,002,263 | ---- | C] () -- C:\Users\XXX YYY\Desktop\Chrome App Launcher.lnk
[2015.01.15 15:37:25 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2014.04.05 12:13:59 | 000,000,017 | ---- | C] () -- C:\Users\XXX YYY\AppData\Local\resmon.resmoncfg
[2014.01.07 17:28:04 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.09.13 13:59:12 | 000,001,509 | ---- | C] () -- C:\Users\XXX YYY\AppData\Local\RecConfig.xml
[2013.06.18 09:01:33 | 000,000,870 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.06.06 12:42:26 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.04.23 09:18:09 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2013.03.25 14:28:50 | 000,000,032 | ---- | C] () -- C:\Users\XXX YYY\.simfy
[2013.03.25 12:25:49 | 001,603,716 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.20 12:05:56 | 000,000,000 | ---- | C] () -- C:\Users\XXX YYY\AppData\Local\{E0B5EB61-5E6A-4483-A017-B5D5359A35B3}
[2013.03.20 12:05:56 | 000,000,000 | ---- | C] () -- C:\Users\XXX YYY\AppData\Local\{8163A258-9D27-40E7-8400-AAC988DB596D}
[2010.05.17 14:20:06 | 000,157,382 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2013.03.19 02:13:42 | 000,000,000 | ---D | M] -- C:\Users\XXX YYY\AppData\Local\{4fa287a5-a9e8-a902-8c66-f7e1d24caa8e}\L
[2013.03.19 02:13:42 | 000,000,000 | ---D | M] -- C:\Users\XXX YYY\AppData\Local\{4fa287a5-a9e8-a902-8c66-f7e1d24caa8e}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013.10.22 07:50:35 | 102,303,549 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\ႢअD
[2013.10.21 21:57:42 | 102,303,549 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\ႢअD
[2013.09.26 08:48:15 | 097,892,804 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꅤꋼˆ
[2013.09.26 08:48:15 | 097,892,804 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꅤꋼˆ
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:7C784982

< End of report >

LarryPerkins · 12.02.2015, 11:28

Code:

ATTFilter

OTL Extras logfile created on: 12.02.2015 10:59:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX YYY\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 23,00% Memory free
7,35 Gb Paging File | 3,89 Gb Available in Paging File | 52,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,17 Gb Total Space | 12,80 Gb Free Space | 11,51% Space Free | Partition Type: NTFS
 
Computer Name: XXXYYY-VAIO | User Name: XXX YYY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{063A3779-2A95-4225-A532-70711CA6746D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0BCBA248-8D90-4A04-81F7-2811E2E8D271}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{16E195E0-1B6C-413F-8E52-3D46E19F4FDD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{203CE65A-898F-4C46-97CA-44EF06ED06E7}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 | 
"{21AC4557-8664-43E6-A09E-39A3D485195C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2A337B81-23B2-401F-972B-D79EFEA3463C}" = lport=9997 | protocol=6 | dir=in | app=c:\program files\sony\vaio care\vaioshell.exe | 
"{39B20583-D18B-4C05-8793-FA1EAA38B6ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{41E0D1EB-68B5-4E6A-B8E2-E6839D649B4B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{45D0967E-49DE-4524-AEBB-DC1BB1489683}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4B7ABFDA-1D2C-4EFE-A32C-13440ACF603F}" = lport=9996 | protocol=6 | dir=in | app=c:\program files\sony\vaio care\vcsystemtray.exe | 
"{4EF779D1-A8EC-48BD-9CD0-5383C3852C39}" = lport=139 | protocol=6 | dir=in | app=system | 
"{50FE81F8-7C9A-40A1-BD9D-6CA92A0EA745}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 | 
"{511982EB-13C1-47A7-AFE6-3FBDAEFAB5DB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{580B05D9-F478-4154-9AB1-17600EE2363B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6DC34417-CEA5-4F34-84A3-13C7124D5071}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7376E49C-E0C2-411E-8477-15984B449014}" = rport=445 | protocol=6 | dir=out | app=system | 
"{73E7AC66-3A06-4CF3-A8C2-086759F725A9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{771FECFD-B8EF-4BAB-A6F7-F68B60AAD487}" = rport=139 | protocol=6 | dir=out | app=system | 
"{77C251A7-DD4A-4008-9678-8616708F6D50}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90F9E177-8F48-4641-9764-06D5F93D8031}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{92A2267C-6DB4-4303-B8A8-0DF5352A93B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{974FBFBA-6423-49AD-A4E5-7BFB2D8F7EF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A1F5A213-4EF1-4F37-B802-1A012AEC4F7C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AE210627-49D0-40B3-B6BA-260946820D5D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AEDF4E97-C394-4A4B-B830-931698D2A3FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B4F6D652-D738-4EA9-A2BF-439F4FC0B406}" = lport=9998 | protocol=6 | dir=in | app=c:\program files\sony\vaio care\vcadmin.exe | 
"{B8A5C112-7A58-4350-B1FB-1F8012CC7D20}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{C1D64EE0-1624-48E8-8FEC-E89E3832B729}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C8D8AAC2-D961-40FB-85FD-533CC94E7523}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D329CFD5-35BA-47E0-983A-416E08CB603F}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 | 
"{D52601B5-E066-4E3B-BCE6-3D0B66E0B5F5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D87391AF-22B0-40CD-B723-F469A3C2AD36}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E0FDA7CC-FA10-407F-97CC-9CA1E101C181}" = lport=9999 | protocol=6 | dir=in | app=c:\program files\sony\vaio care\vcagent.exe | 
"{E4425786-8787-4022-B443-368FE10E40B1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E6A92D03-B137-4C8E-82AE-A19BD821A481}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FA44A6B5-FC17-4E5A-BCAC-D8E06C3C0750}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FBC2CAB8-7B65-40A3-8762-9AA1FADE8BE1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02008C47-649D-4151-BE15-29FF78DBD1FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe | 
"{0224A574-4717-48D4-B5FD-BF2FCD9C5EF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chainsawwarrior\cwsteampc.exe | 
"{04F8793C-AF62-4B8C-8452-D13AB273535B}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{07083557-CEF9-4515-AA61-217578126BA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cinders\cinders.exe | 
"{0A6D06E8-4909-438D-BC45-503BC49178EF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{0BF70633-85F9-4C96-A9F6-E4AC583740B7}" = protocol=6 | dir=out | app=system | 
"{0C16132A-2B4E-4ADA-A973-6947893ACF18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sokobond\sokobond.exe | 
"{0CE3D085-4BD3-4612-90E4-1AC31243942F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chainsawwarrior\cwsteampc.exe | 
"{0E9B3FC2-7B98-4FBF-8CC9-258547E0D2E1}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\pdf professional 8\bin\gpdfdirect.exe | 
"{0ED87E37-53C6-41EA-9DF1-383BDCD81C15}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gunpoint\gunpoint.exe | 
"{10325DB3-E8DE-414A-9F11-510CCD3C3002}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | 
"{114010BC-697E-453B-A3C0-4CC0BFF92A04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe | 
"{11AAFFFB-76A8-43BC-BB7C-A2FC97DD2928}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{1310E7E9-AC9A-4355-A0AF-9D6278BACBBC}" = protocol=6 | dir=in | app=c:\users\XXX YYY\appdata\roaming\processmaker-2_5_0\mysql\bin\mysqld.exe | 
"{160EFD61-51F8-47A5-9911-6ABB7EF0A444}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mars war logs\marswarlogs.exe | 
"{19BF4201-7638-41BF-BBF7-0ED1039FA25D}" = protocol=17 | dir=in | app=c:\users\XXX YYY\appdata\roaming\processmaker-2_5_0\apache\bin\httpd.exe | 
"{1A2B8A77-C5BC-4ED7-9E30-D73E7E79986D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{1A7ADA1F-3EE6-4889-949F-D5A7DC934B3F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1C7F41E3-E8A3-42C0-85F0-1C1086F474AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe | 
"{20028CC3-77EA-4E80-8D42-21468DB951BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bejeweled 2 deluxe\winbej2.exe | 
"{2147848A-E363-4D2A-87FC-0A44B68C638C}" = protocol=17 | dir=in | app=c:\users\XXX YYY\appdata\roaming\processmaker-2_5_0\mysql\bin\mysqld.exe | 
"{224F2E49-9050-4D82-B08D-3CC48B847300}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe | 
"{229B80CC-B97D-4F71-912E-9D019F140E0B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{2455EE32-CF35-44D1-8593-B72FD53D51B7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{269D2C47-496C-48D2-9C2B-18461296BE7E}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{26CDA42C-A90C-4B9C-B047-49981B910D87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\insaniquarium deluxe\insaniquarium.exe | 
"{289A7D37-4A91-4445-B0B3-CF0C391C15CD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe | 
"{291094B8-7CF8-4FBC-A4B5-8940A9C611DB}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{295490EF-2FF1-4074-B6B7-D516CE36BF86}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{2A0C8770-DD61-4CAD-B537-305DF3B1D1C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{2ACA3EE9-31A3-4FFF-9714-FFD1226967BF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe | 
"{2B2A4120-7DFA-4BAF-AB6C-297167C4530D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe | 
"{2CC6D04D-3935-4D65-90B5-AE63BFF4BB52}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{2CDCCD0D-04C4-4ADE-827B-B4FCBA09B2D7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | 
"{320388BF-A223-46F1-9514-78BBC2B95233}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{32096324-DB3C-47DD-8499-BBBEFFDAABBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chainsawwarrior\cwsteam.exe | 
"{32950067-100A-4FCF-84F5-8D628F41B822}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\pdf professional 8\bin\gaaihodoc.exe | 
"{338B56DE-6DF1-4B34-830C-AEFEC1EADC39}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2293\agent.exe | 
"{37534F4C-33EC-4B82-9CBC-6C9C573FFCF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deathskidmarks\deathskidmarks.exe | 
"{39F615DE-1A28-4A1F-AD4A-E6A00F392B6C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{3A315B74-B76B-480B-92A6-B4A43F67B5B9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{3BB2BF63-CD42-41F2-8867-C40FA0E7E5A9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2293\agent.exe | 
"{3CD0D160-B8FF-40F0-9F87-CF048FAEF1D7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe | 
"{3ED2E9D0-3D9A-4074-9A89-B13B18ED10FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monster loves you!\monsterlovesyou.exe | 
"{401486E7-905F-4E32-BEE4-1E18BDAE6565}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{411D4B47-9890-4F70-A5EB-5B39C429CDD1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead mans draw\deadmansdraw.exe | 
"{4445547F-BA73-4C9B-8DCA-2ED4E72B1A35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psyhigh\psyhigh.exe | 
"{478FA93C-EDAD-49C4-8A7F-3852287C8D00}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe | 
"{48FA7DF2-7871-42C7-A03F-D05D5A811C26}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicatorcom.exe | 
"{497538E6-1305-4EE5-AB2D-50AA4DB8C4D6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{49D1877B-905F-47CB-BB5A-B4F45427AA73}" = protocol=6 | dir=in | app=c:\users\XXX YYY\appdata\roaming\processmaker-2_5_0\apache\bin\httpd.exe | 
"{49EFD2C9-C4AA-4C20-B9AF-C75A17A9C162}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4A3CCADF-3F07-4885-BCB1-16FD19D3A42B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4A8A2AA4-10E7-4CCD-9141-87A54462DE92}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{4A9B0620-A229-4E8B-AB10-F2E5478F6F98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkestdungeon\_windows\darkest.exe | 
"{4D2EAE32-63CA-4489-AA93-65478A7FB1C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4D8DF0A5-FDF4-4ECC-BBF1-5D19FBA7DF89}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe | 
"{4F465210-4E0D-44FD-A944-F24E84B7F06B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{5175858A-6BC5-45ED-9C8A-79643F24E959}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{533C2862-1013-474F-B493-98D85B0C49A6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{57BDA756-2DB9-4E9D-87F0-596C9D0DD9AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solforge\solforge.exe | 
"{58839502-EBCA-4B3D-A691-2206D4BB4F05}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkestdungeon\_windows\darkest.exe | 
"{58FA5AB6-48A4-49E3-878B-9C5985330E80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solforge\solforge.exe | 
"{5928E315-08E5-43F2-B55D-00365490E7FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\papersplease\papersplease.exe | 
"{59309D35-D85F-447D-B0DA-E3493F81ED8B}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\pdf professional 8\pdfrouter.exe | 
"{5A0DD736-797B-4B5E-B322-91F4F89004FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\7 grand steps 01\7 grand steps.exe | 
"{5A1FEC78-AA3A-4283-907C-F3BC7B0CDF6F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{5AB883A1-96DE-4C71-B0B0-49D7D3CB18ED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5B236954-6935-41A6-84CC-4F5CB6621064}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{5B27FCE7-ECBC-4CE5-9DA2-047E5D6F01E9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | 
"{5B558A15-953C-493B-BBEA-7DDBFE424F5A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 
"{5EE5D99C-3D59-409B-9509-6FF497D86267}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{630248D2-E4E0-4421-A202-26B1A7699489}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{64C5A639-5D4F-4D26-81F3-0A4EB19F3D89}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe | 
"{65A08817-4103-4D3C-8311-71DAE0CF213B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | 
"{67D23936-1A77-4C36-9DBB-B46F6B7D7C05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bejeweled 2 deluxe\winbej2.exe | 
"{688A2778-AFB4-4A6A-BCB9-5AAE76DEF090}" = protocol=6 | dir=in | app=c:\users\XXX YYY\appdata\roaming\dropbox\bin\dropbox.exe | 
"{696456D4-0D9F-487B-A0E8-3A23836C3178}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{69F0C99F-D208-4400-93E6-D5C6871A8E7A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{6A5DD0A5-EB80-4C60-AB5B-0A347BD05F3D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | 
"{6A6107D1-364A-4DF9-BFF9-27838231BEA5}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\pdf professional 8\bin\gpdfdirect.exe | 
"{6C82EC69-9BB7-45FE-823C-D0A693389C5A}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{6D7836A3-CA5E-4C34-B7C6-3E3E2DF084D5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6D864A8F-0CAF-4B16-8A67-34DB655B658A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{6DCEB033-F3C0-4E46-867F-CC5DCA36D0F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\choiceofthedeathless\choiceofthedeathless.exe | 
"{6DE989A7-7ADD-4776-84EB-FA933DC78F15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7151DC97-90B9-4F85-8CA2-EB1EA01BD444}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\papersplease\papersplease.exe | 
"{7265972C-A4C8-4C6E-8CF2-E0D11D3FBC79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gunpoint\gunpoint.exe | 
"{7295C924-92C2-4A8B-9AA6-B2DE8D4A3AF7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{72B7A49E-3AFE-4608-958F-D2488DC899CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\insaniquarium deluxe\insaniquarium.exe | 
"{736DA503-3391-4C5E-A7D6-86E1FADA14C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kentuckyroutezero\kentuckyroutezero.exe | 
"{776A0C4E-2607-47E3-AF18-0B0DCEB470C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe | 
"{777A6642-8DB9-49C0-949D-1546CC03DFF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | 
"{77A8D97B-8193-4648-9D2E-ABCC60564B02}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe | 
"{788DCA7D-C401-4E0D-B17A-B0B7222D4503}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{7A6D00BA-872C-4D1D-BB63-DD29252F2086}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{7C651631-F54E-4DDF-BB36-AAFD5CACC604}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{7D778E56-1FDA-4712-9C91-0923E016A783}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe | 
"{7DE4CDA4-6558-4ADC-81DB-44419076A2C2}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{7F93FF39-CC7A-4744-9740-60A53B3397D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thebridge\the bridge.exe | 
"{806D5682-328F-4189-B5B4-CF2A8087944C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{82ACF05B-F714-4A44-A601-1827240DB4C5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{85493BBA-85F2-4076-84F3-71D2A0267304}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{89C8AB0E-54D4-4C73-AE63-EEB2C5B847AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{89D1AA9A-2973-4B7C-BA55-B307469244CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle quest\puzzle quest.exe | 
"{8B4B5CCA-3251-49F4-9C48-6D9227C0BEA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thievesgambitcurseoftheblackcat\thievesgambitcurseoftheblackcat.exe | 
"{8C3C68C8-22D2-467A-A3FB-8D4F055328C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{8CC1C7F7-16B0-4752-B7FA-3C653B5E6195}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{8D665BB6-FC39-4290-80FD-AFC24A3F3C09}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe | 
"{8DA63AC2-E9D3-44DF-A0AB-FBE6FD35A79B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe | 
"{8E17DCE8-4394-4FF8-A3A0-22A0F1B463C2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe | 
"{9072C1F6-F110-4523-867B-7F0299B4D0C2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{913506BF-061F-496E-863A-F00F64B474FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pixel piracy\pixelpiracy.exe | 
"{968F7C19-4F50-46C2-8AA8-257A5F1F13AC}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\pdf professional 8\pdfrouter.exe | 
"{9757B46A-F09C-43BD-A90C-DCC91AADD60B}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{977FA20B-58AF-4357-819D-1181F02CD1F3}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\pdf professional 8\pdfpro8hook.exe | 
"{985F9F31-5913-4E91-A778-9D314D1F3188}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\valiant hearts\valiant hearts.exe | 
"{994BEFE9-0A80-42FD-B7C1-6484172F7D38}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{994E93E3-39A3-4004-A1D2-74C41AB85F67}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{9C69083C-0501-4873-A5F0-BD5F8CDBE73F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mars war logs\marswarlogs.exe | 
"{9CCD6EB9-0019-468F-9D48-3F66EFC4669C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bad hotel\badhotel.exe | 
"{9D877398-DB23-40FC-8A18-C3709CC919EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chainsawwarrior\cwsteam.exe | 
"{9EEC4112-1187-4651-8112-D9DAC637EC67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle quest\puzzle quest.exe | 
"{9F93060D-385E-48F3-A430-301B3B1DD80A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\papersplease\papersplease.exe | 
"{A06AA6FB-6BD9-4A90-9884-68F5C1241D98}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A18E1C9C-C369-4D33-962F-8149DC929237}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{A37D8CD3-0F82-4DAF-9B65-3118722B402E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5BAB6BE-C710-4E59-9C3A-E2FA8B030EC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chainsawwarrior\cwsteampc.exe | 
"{A927A942-8B95-4204-B471-CC22F99E261B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{A95A81E8-1B16-42CA-98D8-D4A30069E7F3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe | 
"{AA98799D-0FE1-48B5-BA8B-F095D6B8F932}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{AB61A989-B108-4172-BDE6-1A53FBF0A0C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thirty_flights_of_loving\tfol.exe | 
"{ABE43271-C567-4B3B-AD91-05CA157FB254}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead mans draw\deadmansdraw.exe | 
"{AC4810FD-A4CB-435F-AE7F-C70CE3A3FDEA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe | 
"{ADCD9574-A3BB-41F4-A5C3-F15A39E37B13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gods will be watching\gwbw.exe | 
"{ADFE0088-E7A9-485F-BF0E-0A4E49D77EAC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe | 
"{AE2E2113-FC68-4121-B266-4B8C1BD7DFD8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{AFB873B0-98C9-4B50-ACEA-818C3915BBE8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{AFB9F416-C22D-4AC1-9792-CC08E5A50C6B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 
"{B1E9DC40-2AE6-410C-A7E4-472DA712CEA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kentuckyroutezero\kentuckyroutezero.exe | 
"{B2B8CF8D-0D86-41FC-9EB6-6CAAD02E218F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | 
"{B31B28DF-0DB7-419B-910C-5839657A0788}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thievesgambitcurseoftheblackcat\thievesgambitcurseoftheblackcat.exe | 
"{B3F76875-4675-49BE-BF8B-7F8F1FE65C61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{B43DFF8E-D85E-4FC3-BC1F-D86F533DAE6D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{B6778EB7-E0FD-4430-A169-2E2E28A011A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cinders\cinders.exe | 
"{B87B5401-A081-4179-BC86-12F0E91B4879}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\pdf professional 8\bin\gaaihodoc.exe | 
"{BA17F4DA-5B9D-4168-806F-429BC315E016}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BAF8A419-8FA4-426D-ABA5-43200D0D8E8F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{BB2E37E6-F95D-4ECD-B3A6-76B4B3103C93}" = protocol=17 | dir=in | app=c:\users\XXX YYY\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BBBBC9B9-DB6C-47F9-9B4F-0D90F22EAF7A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe | 
"{BE32B3AF-4089-49B2-94FD-A2C4FA8E8D74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE6CC741-50E4-4DA0-B92D-92D3B58F9CD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{BF34B154-B45B-445F-8C5D-4583A9963FEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gods will be watching\gwbw.exe | 
"{BFE764E3-861F-441A-9A94-B7E9DEDAB0CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe | 
"{C0034611-D367-4541-BF8C-5837231C7E59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monster loves you!\monsterlovesyou.exe | 
"{C175F619-7418-4344-95A4-FE74F735CBC9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{C17CA9E8-B134-4B54-8A3D-CC0E69679E8A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3526\agent.exe | 
"{C2130A43-640A-42E3-9120-7DB74A8CD1C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{C2C75672-63A0-4433-84D1-55B2C9FC45D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe | 
"{C53FE17B-7C00-4089-9614-9A22ABA04258}" = dir=in | app=c:\program files (x86)\audials\audials 10\audials.exe | 
"{C648378E-BB72-4D0A-BFFB-B0BC6F2907AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\valiant hearts\valiant hearts.exe | 
"{C8A264EB-517C-46EC-B652-A4199CD67A34}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\pdf professional 8\pdfpro8hook.exe | 
"{C8BCFE36-8939-4386-8439-57CD050480AC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | 
"{C8C8F3F9-002C-4AE4-A041-6B40E58410AB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{C8D4A43C-1E26-464C-B0FF-057054BECE4E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{CA2675A9-0B2D-4136-954E-E0A473509FDE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{CB7DF63E-8EFF-448A-B6BC-CD2D629B4284}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{CC2BCD2E-C9D4-41C9-B268-1AA62EE4C9C4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{CE95BD6D-16AC-4063-BF8C-09C89DD0BBB6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{D16605B5-0AFC-4C75-9DF7-23FA864E50DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\choiceofthedeathless\choiceofthedeathless.exe | 
"{D320729E-534F-42AA-A42A-E61AC051C436}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sokobond\sokobond.exe | 
"{D4E11A18-2900-4404-9032-5FECEA775B25}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe | 
"{D50F3439-5402-4502-8290-EBE7563FB420}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\7 grand steps 01\7 grand steps.exe | 
"{D5506D8C-AD9A-4601-8014-0030E5D4543D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D641E5C4-1700-4C35-BB1A-306C3BAB5BC5}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{D8AAFEE6-1597-4AAC-AE4B-8588238131E4}" = dir=in | app=c:\users\XXX YYY\appdata\local\microsoft\skydrive\skydrive.exe | 
"{D9036449-3238-4C51-A128-716A34737085}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\coj gunslinger\cojgunslinger.exe | 
"{D9C1BF69-B35A-4B19-872D-3AF4682F2907}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pixel piracy\pixelpiracy.exe | 
"{DB51673B-05C4-4F7F-8B68-15E7B308025E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{DBC55C1E-E0B6-41FA-A074-8DD35CF0D343}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chainsawwarrior\cwsteam1.2a.exe | 
"{DBEB6B5F-A7D1-4644-AF01-05F013B63736}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DBF84447-E69D-4C8E-BDB6-7F9F9DE37932}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DDA7D390-04DC-4B8C-BDD3-A455938E44A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe | 
"{DDB9D844-7317-4E96-A1B8-78262BA403CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thebridge\the bridge.exe | 
"{DE69B345-949F-47D6-9382-300C1DFBDBC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E14058B7-CFB4-46AE-9AEE-CBE7D775628D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chainsawwarrior\cwsteampc.exe | 
"{E145C576-F932-4B8A-9C27-CAD74796F655}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{E29A7063-5DD8-43A3-B887-C9B90AEE1E5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psyhigh\psyhigh.exe | 
"{E37B7EF4-AFDE-4FA7-A366-09FAA452BB62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe | 
"{E3D8BC56-AA0C-4347-A7CE-AC4E65C8A409}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe | 
"{E4D643EF-8C39-4654-8CAA-F50F44804874}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\luftrausers\bin\luftrausers.exe | 
"{E53539E5-3FF8-44AB-8E7F-42E5B36E889C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe | 
"{E7F3A7F5-EB92-4D96-9D0D-2B46A5ED5EF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chainsawwarrior\cwsteam1.2a.exe | 
"{E8639517-ACC3-435A-AEE1-B84F5B8D7C8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8FA622B-6490-42DB-A1F9-9F760961C37C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{ECA61226-C8EC-4F61-A478-37A2A92D448F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{ECA77D72-5928-49EE-9418-9DC9AF3A9A46}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F176D770-0F15-416C-BECF-0B74B9C5CF6C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chuzzle deluxe\chuzzle.exe | 
"{F201D8BE-C56B-42B1-8EA4-8545C34B0B83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thirty_flights_of_loving\tfol.exe | 
"{F2218791-0F27-4224-9FB6-A69F23D2A97B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{F2F696B5-723B-497E-B9C9-F968660F2CC2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe | 
"{F3C09EA6-CAD4-4C9D-A81E-698B455802C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\coj gunslinger\cojgunslinger.exe | 
"{F41BC041-62E3-43BE-8AFF-A48D2F6FD9FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chuzzle deluxe\chuzzle.exe | 
"{F4639785-E7C7-4BFD-9326-49A1C98D0541}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2293\agent.exe | 
"{F5392D4E-B5EA-434B-B194-549A5DD5F28C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deathskidmarks\deathskidmarks.exe | 
"{F659472E-5192-4F43-BA85-DD7B9D991F0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\luftrausers\bin\luftrausers.exe | 
"{F6F861EC-D738-45D3-9160-7DA21636A4E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bad hotel\badhotel.exe | 
"{F717BB1A-76E6-44DD-8371-68063E5FB41C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3526\agent.exe | 
"{F88DDCBD-1C32-4CB6-BE97-8B755B0ADDC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F8980643-C42C-4E19-AE8E-B013147CFB14}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{FA37396B-A15B-4CD8-8FD2-0D3D407E282F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{FB250DF9-47FE-4F80-A217-028759EC197B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2293\agent.exe | 
"{FCD88F62-B7D6-4509-882F-C2B9A2DFB843}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\papersplease\papersplease.exe | 
"{FF41C6E5-4AEF-4A9B-B054-69D24A07FA8D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe | 
"{FFD325A6-6E9C-4A4C-BB16-DB5BBDEA4C44}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{41E2BC74-E6A8-458B-BF2D-77999F849E9C}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe | 
"TCP Query User{7306D5E0-4038-4711-ABC0-ED77928EECCC}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{7D8A0A29-7A26-44C7-94F3-BB7B5F8B0702}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"TCP Query User{7E0A3558-D051-4C63-9B4D-5F1E25B12B9A}C:\users\XXX YYY\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe" = protocol=6 | dir=in | app=c:\users\XXX YYY\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe | 
"TCP Query User{93DCFAB4-2EAB-406F-9BC4-1E54F4AD1E3B}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"TCP Query User{99019B52-1BB4-4FF3-AF89-C65658D03EC7}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe | 
"TCP Query User{9D26D9CD-E748-402A-BF1A-7AD11A06A15E}C:\users\XXX YYY\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\XXX YYY\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{A2D0B27B-1622-437D-B6FB-67F66E338FDC}C:\users\XXX YYY\appdata\local\temp\keygen.exe" = protocol=6 | dir=in | app=c:\users\XXX YYY\appdata\local\temp\keygen.exe | 
"TCP Query User{B62A04FC-8BF7-488F-9389-76DE581F8ADD}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{E1415188-21C3-4923-A617-04D237609E70}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{F250CFED-67B1-4329-A096-F2D45A06EF99}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"UDP Query User{0C4BE49E-9563-4FBD-AD7A-67106C6EF1BC}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{16847C87-2931-4C2D-868D-EB9E4D56B3C4}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"UDP Query User{2A81068D-663F-446A-8047-8B0A42A50B1E}C:\users\XXX YYY\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe" = protocol=17 | dir=in | app=c:\users\XXX YYY\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe | 
"UDP Query User{3B3C3F1A-1775-4224-80FE-313EDD3F3786}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"UDP Query User{6712700A-2688-45C0-BF78-E6CF784ABCF1}C:\users\XXX YYY\appdata\local\temp\keygen.exe" = protocol=17 | dir=in | app=c:\users\XXX YYY\appdata\local\temp\keygen.exe | 
"UDP Query User{67B25918-80FE-428A-82A9-C6EE51ECE401}C:\users\XXX YYY\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\XXX YYY\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{79C0A985-B13D-42BC-9EB9-AB02983F41D2}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{9E18685F-B363-4A46-BBA9-9B3487290BD1}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe | 
"UDP Query User{A044C5B5-CE76-456F-BF94-4649B01F5D8E}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe | 
"UDP Query User{BD264D43-C7D1-4611-BD8D-908D0B0F683A}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe | 
"UDP Query User{E8F34B47-07BF-4E88-A684-FDE9BF790B96}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F841121-4DB6-4B31-839F-7F5AB3BB3423}" = Protector Suite 2009
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6619085B-A9D5-4DDD-800B-964903EAF546}" = Microsoft Lync Web App Plug-in
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}" = VAIO Care Recovery
"{72EF03F5-0507-4861-9A44-D99FD4C41418}" = Paint.NET v3.5.11
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.GuardService" = NVIDIA Guard Service 1.3
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi-Software
"{D9FFE40D-1A85-4541-992C-5EF505F391A4}" = VAIO Care
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF3293DE-FCAC-4742-91BF-AD0174143FC3}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"Canon UFR II Printer Driver" = Deinst. f. Druckertreiber UFR II
"NVIDIA Drivers" = NVIDIA Drivers
"O365HomePremRetail - de-de" = Microsoft Office 365 - de-de
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TOP" = TOP
"WinRAR archiver" = WinRAR 5.01 beta 1 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1" = Wondershare Dr.Fone for Android(Build 4.8.1.136)
"{1F4E59C0-EE31-47EE-BCC3-1A73C3F023BF}" = Qualcomm Gobi 2000 Package for Sony
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{30827CFE-8B67-9DF9-580F-78BAA616E50E}" = simfy
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41BF4A3B-D60A-4E92-883F-C88C8C157261}" = Fotogalerie
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{462A1E00-58EA-4D63-96F4-3EFAEC9A5BCA}" = Avira
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{636E94DA-99C0-448F-A931-3DAD83B4975F}" = SharpKeys
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66233218-CA57-4AB2-BA43-A97AA4635960}" = Windows Live Essentials
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" = 
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{70C91B91-61E8-4D06-86D6-A9DCC291983A}" = Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{87DABDEA-47A4-4182-AA7C-2C90DAAE3117}" = Photo Common
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{955E4722-1480-4198-A144-65FA5F4446DA}" = Windows Live Writer
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A781940-AC41-4D5E-8E1E-76A04B916FB9}" = Helium
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = 
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A951D5DA-4759-4C3B-9C36-C6BF30082A2F}" = Windows Live Writer Resources
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Deutsch
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{B23EE11C-66FA-4395-AB02-5F7103DC485C}" = Windows Live Messenger
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{bd538030-07d4-4999-a525-7fafa2483f56}" = Avira
"{C5711BC2-2E1C-4556-9922-02BF2865A5EE}" = iMindMap 6
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = 
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D928A4B7-126D-47B6-AD76-9848E51E1426}" = Audials
"{DB083AE1-3354-4AAD-BD44-5F2CC4B2ECE6}" = VTech Download Agent Library
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7232FE1-BC35-4229-8D76-D49941FE9929}" = Windows Live Mail
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FC071B45-4A5F-408F-92F8-4D9D693E866F}" = Windows Live UX Platform Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battle.net" = Battle.net
"DED9B6BE-2B04-4799-A88F-8BBF4D114AAF_is1" = TBBackup 2 (Freiversion)
"DivX Setup" = DivX-Setup
"FastStone Capture" = FastStone Capture 5.3
"Google Chrome" = Google Chrome
"Internet Manager" = Internet Manager
"julitecCRM_is1" = julitecCRM 7.5
"Long Live The Queen_is1" = Long Live The Queen (Demo) 1.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.4.1028
"MarketingTools" = VAIO Marketing Tools
"Mozilla Firefox 35.0.1 (x86 de)" = Mozilla Firefox 35.0.1 (x86 de)
"Mozilla Thunderbird 31.4.0 (x86 de)" = Mozilla Thunderbird 31.4.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"RaidCall" = RaidCall
"Razer Core" = Razer Core
"Simfy" = simfy
"Steam App 12500" = Puzzle Quest
"Steam App 1510" = Uplink
"Steam App 204240" = The Bridge
"Steam App 212680" = FTL: Faster Than Light
"Steam App 214700" = Thirty Flights of Loving
"Steam App 219150" = Hotline Miami
"Steam App 22000" = World of Goo
"Steam App 226740" = Monster Loves You!
"Steam App 231200" = Kentucky Route Zero
"Steam App 231720" = Bad Hotel
"Steam App 233150" = LUFTRAUSERS
"Steam App 238930" = 7 Grand Steps, Step 1: What Ancients Begat
"Steam App 239030" = Papers, Please
"Steam App 251710" = Chainsaw Warrior
"Steam App 260230" = Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™
"Steam App 262060" = Darkest Dungeon
"Steam App 262450" = Dead Man's Draw
"Steam App 264140" = Pixel Piracy
"Steam App 274290" = Gods Will Be Watching
"Steam App 290260" = Sokobond
"Steam App 293680" = Cinders
"Steam App 318310" = Choice of the Deathless
"Steam App 326150" = Death Skid Marks
"Steam App 328550" = Thieves' Gambit: Curse of the Black Cat
"Steam App 3300" = Bejeweled 2 Deluxe
"Steam App 3310" = Chuzzle Deluxe
"Steam App 3320" = Insaniquarium! Deluxe
"Steam App 339510" = Psy High
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 98200" = Frozen Synapse
"TeamViewer 9" = TeamViewer 9
"TreeSize Free_is1" = TreeSize Free V2.7
"VAIO Help and Support" = 
"VAIO screensaver" = VAIO screensaver
"VTechDownloadManager" = VTech Download Manager
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 2.22
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Dropbox" = Dropbox
"GoXXXeeting" = GoXXXeeting 6.0.0.1259
"OneDriveSetup.exe" = Microsoft OneDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.02.2015 11:05:02 | Computer Name = XXXYYY-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030,
 Zeitstempel: 0x5476d099  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007fe927eaa71
ID
 des fehlerhaften Prozesses: 0xf90  Startzeit der fehlerhaften Anwendung: 0x01d044b37be3b110
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Care\VCAgent.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 2fbe96c6-b136-11e4-8008-0024bed7ff33
 
Error - 10.02.2015 11:13:52 | Computer Name = XXXYYY-VAIO | Source = VmbService | ID = 0
Description = GetProcessOwner
 
Error - 10.02.2015 13:05:14 | Computer Name = XXXYYY-VAIO | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 10.02.2015 13:05:15 | Computer Name = XXXYYY-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030,
 Zeitstempel: 0x5476d099  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007fe942aaa71
ID
 des fehlerhaften Prozesses: 0xab0  Startzeit der fehlerhaften Anwendung: 0x01d04545f56955ba
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Care\VCAgent.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: fb4c71f3-b146-11e4-8937-0024bed7ff33
 
Error - 11.02.2015 10:25:24 | Computer Name = XXXYYY-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500,
 Zeitstempel: 0x54c1f9f3  Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500,
 Zeitstempel: 0x54c1f224  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001425  ID des fehlerhaften
 Prozesses: 0x1794  Startzeit der fehlerhaften Anwendung: 0x01d045dd26db1aa4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll  Berichtskennung:
 d0750001-b1f9-11e4-b649-0024bed7ff33
 
Error - 11.02.2015 10:26:41 | Computer Name = XXXYYY-VAIO | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 11.02.2015 10:26:41 | Computer Name = XXXYYY-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030,
 Zeitstempel: 0x5476d099  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007fe93fbaeb1
ID
 des fehlerhaften Prozesses: 0x17f4  Startzeit der fehlerhaften Anwendung: 0x01d045ddab418f50
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Care\VCAgent.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: febe3e5e-b1f9-11e4-b649-0024bed7ff33
 
Error - 11.02.2015 10:27:27 | Computer Name = XXXYYY-VAIO | Source = Avira Service Host | ID = 0
Description = Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException:
 Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.     bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription
 changeDescription)     bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32
 eventType, Int32 sessionId)
 
Error - 11.02.2015 10:50:11 | Computer Name = XXXYYY-VAIO | Source = Application Hang | ID = 1002
Description = Programm DeadMansDraw.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 168c    Startzeit:
 01d04609e9f8941f    Endzeit: 2773    Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Dead
 Mans Draw\DeadMansDraw.exe    Berichts-ID: 3ed509c4-b1fd-11e4-bd64-0024bed7ff33  
 
Error - 11.02.2015 11:06:06 | Computer Name = XXXYYY-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FRST64.exe, Version: 11.2.2015.1,
 Zeitstempel: 0x54db6942  Name des fehlerhaften Moduls: FRST64.exe, Version: 11.2.2015.1,
 Zeitstempel: 0x54db6942  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0000000000014c33
ID
 des fehlerhaften Prozesses: 0x1898  Startzeit der fehlerhaften Anwendung: 0x01d0460c161067db
Pfad
 der fehlerhaften Anwendung: C:\Users\XXX YYY\Desktop\FRST64.exe  Pfad des fehlerhaften
 Moduls: C:\Users\XXX YYY\Desktop\FRST64.exe  Berichtskennung: 805f71b4-b1ff-11e4-bd64-0024bed7ff33
 
[ ESRV_SVC Events ]
Error - 09.01.2015 05:26:38 | Computer Name = XXXYYY-VAIO | Source = ESRV_SVC | ID = 2
Description = 
 
Error - 09.01.2015 15:12:56 | Computer Name = XXXYYY-VAIO | Source = ESRV_SVC | ID = 2
Description = 
 
Error - 10.01.2015 05:18:59 | Computer Name = XXXYYY-VAIO | Source = ESRV_SVC | ID = 2
Description = 
 
Error - 18.01.2015 07:07:20 | Computer Name = XXXYYY-VAIO | Source = ESRV_SVC | ID = 2
Description = 
 
Error - 19.01.2015 05:18:30 | Computer Name = XXXYYY-VAIO | Source = ESRV_SVC | ID = 2
Description = 
 
Error - 19.01.2015 08:32:22 | Computer Name = XXXYYY-VAIO | Source = ESRV_SVC | ID = 2
Description = 
 
Error - 19.01.2015 09:17:08 | Computer Name = XXXYYY-VAIO | Source = ESRV_SVC | ID = 2
Description = 
 
Error - 26.01.2015 04:39:38 | Computer Name = XXXYYY-VAIO | Source = ESRV_SVC | ID = 2
Description = 
 
Error - 26.01.2015 08:54:29 | Computer Name = XXXYYY-VAIO | Source = ESRV_SVC | ID = 2
Description = 
 
Error - 28.01.2015 04:37:28 | Computer Name = XXXYYY-VAIO | Source = ESRV_SVC | ID = 2
Description = 
 
[ System Events ]
Error - 10.02.2015 11:21:19 | Computer Name = XXXYYY-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Boot Delay Start Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 10.02.2015 11:21:19 | Computer Name = XXXYYY-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PDFProFiltSrv" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%2
 
Error - 11.02.2015 05:26:54 | Computer Name = XXXYYY-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Internet Manager. OUC erreicht.
 
Error - 11.02.2015 05:26:54 | Computer Name = XXXYYY-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 11.02.2015 05:26:54 | Computer Name = XXXYYY-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Boot Delay Start Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 11.02.2015 05:26:54 | Computer Name = XXXYYY-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PDFProFiltSrv" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%2
 
Error - 11.02.2015 10:27:24 | Computer Name = XXXYYY-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Internet Manager. OUC erreicht.
 
Error - 11.02.2015 10:27:24 | Computer Name = XXXYYY-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 11.02.2015 10:27:24 | Computer Name = XXXYYY-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Boot Delay Start Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 11.02.2015 10:27:24 | Computer Name = XXXYYY-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PDFProFiltSrv" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%2
 
[ USER_ESRV_SVC Events ]
Error - 05.12.2014 06:33:57 | Computer Name = XXXYYY-VAIO | Source = USER_ESRV_SVC | ID = 2
Description = 
 
Error - 05.12.2014 06:33:57 | Computer Name = XXXYYY-VAIO | Source = USER_ESRV_SVC | ID = 2
Description = 
 
Error - 05.12.2014 06:33:57 | Computer Name = XXXYYY-VAIO | Source = USER_ESRV_SVC | ID = 2
Description = 
 
Error - 05.12.2014 06:33:57 | Computer Name = XXXYYY-VAIO | Source = USER_ESRV_SVC | ID = 2
Description = 
 
Error - 30.12.2014 09:58:22 | Computer Name = XXXYYY-VAIO | Source = USER_ESRV_SVC | ID = 2
Description = 
 
Error - 30.12.2014 09:58:22 | Computer Name = XXXYYY-VAIO | Source = USER_ESRV_SVC | ID = 2
Description = 
 
Error - 30.12.2014 09:58:22 | Computer Name = XXXYYY-VAIO | Source = USER_ESRV_SVC | ID = 2
Description = 
 
 
< End of report >

Warlord711 · 12.02.2015, 13:36

Ok, im Log erstmal nichts auffälliges. Dann lass uns mal mit ESET Scan schauen. Der dauert länger:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Warlord711 · 12.02.2015, 16:05

Ach und bitte nochmal FRST64.exe neu herunterladen, da es eine neue Version gibt.
FRST Updated sich zwar selbst, aber sicher ist sicher.

LarryPerkins · 12.02.2015, 16:12

Da bin ich wohl zu schnell auf Deinstall gegangen (die Option gibt's ja schon im Fenster).. scheinbar löscht der das logfile auch mit. Schade. Muss ich dann heute Abend oder morgen dann nochmal machen. Dauer waren 2,5h.

Warlord711 · 12.02.2015, 16:39

;(

Evtl im Papierkorb ?

LarryPerkins · 12.02.2015, 17:44

HA! Ich hab ihn.
Ich hab ein Desktop Recording Programm genommen und meinen Desktop aufgezeichnet, dann als es kam Frame für Frame vorgespult.

Im Anhang ist ein Bild des Programms das für den Bruchteil einer Sekunde aufgeht.
Sieht aus wie ein Foto-Drucker-irgendwas Programm was da irgendwas versucht.
Erkennst Du was das sein kann?

Anbei auch noch Bild der Drucker die ich installiert hab.

11.02.2015, 15:46	#21
Warlord711 /// TB-Ausbilder	Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste Versuch bitte nochmal nen Log zu erstellen (mit FRST) __________________ --> Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste

12.02.2015, 16:05	#27
Warlord711 /// TB-Ausbilder	Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste Ach und bitte nochmal FRST64.exe neu herunterladen, da es eine neue Version gibt. FRST Updated sich zwar selbst, aber sicher ist sicher. __________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie \| Spende \| Lob & Kritik

12.02.2015, 16:39	#29
Warlord711 /// TB-Ausbilder	Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste ;( Evtl im Papierkorb ? __________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie \| Spende \| Lob & Kritik

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste

Log-Analyse und Auswertung: Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste