Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne (https://www.trojaner-board.de/128866-exp-cve-2012-4681-a-537-trojaner-laptop-hilfe-quarantaene.html)

Dr. Acula 30.12.2012 15:24
EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne
 
Hallo Trojaner Board Team
Ich habe Gestern beim Versuch des Einloggens in meinen battle.net Account eine nachricht bekommen , dass dieser aufgrund eines virus gesperrt worden sei.Der darauffolgende Virenscan (avira) ergab , dass sich ein Trojaner namens "EXP/CVE-2012-4681.A.537" auf meinem PC befindet , den ich sofort in Quarantäne verschob. Meine Suche nach einer Lösung führte mich auf diese Seite , auf der dieses Problem schon einmal behandelt werden sollte allerdings wieder fallen gelassen wurde :

http://www.trojaner-board.de/123479-...1-anderem.html

Mein Avira Scan spuckte folgendes Ergebnis aus:



Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 30. Dezember 2012 05:05

Es wird nach 4632222 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ***

Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 22:51:26
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 18.05.2012 23:14:48
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 19:52:07
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 20:50:09
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 15:42:21
VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 15:42:22
VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 15:42:22
VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 15:42:22
VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 15:42:40
VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 15:42:41
VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 15:42:41
VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 17:01:44
VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 17:13:31
VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 17:32:29
VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 17:43:14
VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 18:24:46
VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 18:25:15
VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 19:02:27
VBASE021.VDF : 7.11.53.35 126976 Bytes 08.12.2012 19:02:56
VBASE022.VDF : 7.11.53.55 225792 Bytes 09.12.2012 19:02:25
VBASE023.VDF : 7.11.53.93 157184 Bytes 10.12.2012 19:02:48
VBASE024.VDF : 7.11.53.169 153088 Bytes 12.12.2012 19:02:50
VBASE025.VDF : 7.11.53.237 152064 Bytes 14.12.2012 19:24:17
VBASE026.VDF : 7.11.54.23 149504 Bytes 17.12.2012 19:24:59
VBASE027.VDF : 7.11.54.67 130048 Bytes 18.12.2012 19:24:22
VBASE028.VDF : 7.11.54.153 292352 Bytes 21.12.2012 20:35:26
VBASE029.VDF : 7.11.55.1 300032 Bytes 28.12.2012 20:36:17
VBASE030.VDF : 7.11.55.2 2048 Bytes 28.12.2012 20:36:18
VBASE031.VDF : 7.11.55.36 56320 Bytes 29.12.2012 20:36:19
Engineversion : 8.2.10.224
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 20:27:34
AESCRIPT.DLL : 8.1.4.78 467323 Bytes 20.12.2012 20:35:36
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 19:23:36
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 19:53:17
AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 22:50:57
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 20:35:36
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 22:50:46
AEHEUR.DLL : 8.1.4.168 5628280 Bytes 20.12.2012 20:35:36
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 21:48:56
AEGEN.DLL : 8.1.6.12 434549 Bytes 13.12.2012 19:23:35
AEEXP.DLL : 8.3.0.4 184692 Bytes 20.12.2012 20:35:36
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 20:27:33
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 19:23:34
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 22:50:44
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 22:51:26
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 22:51:26
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 14.08.2012 20:35:00
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 14.08.2012 20:34:52
RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 22:51:25

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Sonntag, 30. Dezember 2012 05:05

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_135.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_135.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '158' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'steam.exe' - '174' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2-ui.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcadeMovieService.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'PmmUpdate.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'c2c_service.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '11' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2822' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
C:\Program Files (x86)\Steam\SteamApps\common\terraria\dotNetFx40_Full_x86_x64.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\***\AppData\Local\Temp\jar_cache6883640204752278133.tmp
[0] Archivtyp: ZIP
--> dyedProduce/daubsFiz.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Themod.FA
--> dyedProduce/jaggyEme.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RF
--> dyedProduce/skag.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dermit.GW
--> dyedProduce/stringCompare.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Karamel.CA
--> dyedProduce/suintTermly.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Themod.FB
--> dyedProduce/vary.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A.537
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert

Beginne mit der Desinfektion:
C:\Users\***\AppData\Local\Temp\jar_cache6883640204752278133.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A.537
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57a2ec43.qua' verschoben!


Ende des Suchlaufs: Sonntag, 30. Dezember 2012 14:25
Benötigte Zeit: 8:43:35 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

64620 Verzeichnisse wurden überprüft
1640339 Dateien wurden geprüft
6 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1640333 Dateien ohne Befall
17291 Archive wurden durchsucht
1 Warnungen
1 Hinweise
942221 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden


Nun weiß ich allerdings nicht, was ich weiterhin tun muss um diesen Störenfried komplett von meinem Computer zu entfernen.
Ich bedanke mich für jede Art von Hilfe.

cosinus 30.12.2012 18:21
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Dr. Acula 30.12.2012 21:59
Hallo Cosinus danke für die rasche Antwort.
Ich habe bisher keine weiteren virenscans gemacht , da mir nicht bewusst war, das verschiedene ergebnisse herauskommen würden.Dies werde ich sofort nachholen. Allerdings wäre es hilfreich zu wissen welches der auf dieser seite empfohlenen Virenprogramme in diesem Fall am zweckdienlichsten wären.

cosinus 30.12.2012 23:18
Zitat:
Dies werde ich sofort nachholen.
Hast du meinen Beitrag nicht komplett gelesen?!

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Malwarebytes Anti-Rootkit http://img.trojaner-board.de/malware...otkit/logo.png

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Dr. Acula 30.12.2012 23:56
Der Scan ergab , dass ich keine Viren hätte.Dis wiederspricht allerdings dem Ergebnis Aviras
Log:

Code:
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.30.10

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
*** :: *** [administrator]

30.12.2012 23:54:25
mbar-log-2012-12-30 (23-54-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30790
Time elapsed: 14 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus 30.12.2012 23:57
1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Dr. Acula 31.12.2012 01:02
Dies war das Ergebnis des aswMBR Scans:

Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-31 00:25:21
-----------------------------
00:25:21.059    OS Version: Windows x64 6.1.7600
00:25:21.060    Number of processors: 4 586 0x2505
00:25:21.061    ComputerName: ***  UserName:
00:25:26.098    Initialize success
00:25:37.914    AVAST engine defs: 12123001
00:25:41.318    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:25:41.321    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
00:25:41.337    Disk 0 MBR read successfully
00:25:41.341    Disk 0 MBR scan
00:25:41.369    Disk 0 Windows 7 default MBR code
00:25:41.391    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        14336 MB offset 2048
00:25:41.414    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 29362176
00:25:41.433    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      462502 MB offset 29566976
00:25:41.539    Disk 0 scanning C:\Windows\system32\drivers
00:26:25.360    Service scanning
00:27:21.633    Modules scanning
00:27:21.644    Disk 0 trace - called modules:
00:27:21.686    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:27:22.044    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fda060]
00:27:22.056    3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fed050]
00:27:27.426    AVAST engine scan C:\Windows
00:27:32.125    AVAST engine scan C:\Windows\system32
00:33:30.642    AVAST engine scan C:\Windows\system32\drivers
00:33:44.987    AVAST engine scan C:\Users\Milan Libischer
00:47:34.667    AVAST engine scan C:\ProgramData
00:57:33.726    Scan finished successfully
01:00:24.996    Disk 0 MBR has been saved successfully to "C:\Users\Milan Libischer\Documents\MBR.dat"
01:00:25.001    The log file has been saved successfully to "C:\Users\Milan Libischer\Documents\aswMBR 31.12.2012.txt"
Das Ergebnis des tdsskiller scans:


Code:
01:03:53.0288 1416  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:03:53.0416 1416  ============================================================
01:03:53.0416 1416  Current date / time: 2012/12/31 01:03:53.0416
01:03:53.0416 1416  SystemInfo:
01:03:53.0416 1416 
01:03:53.0416 1416  OS Version: 6.1.7600 ServicePack: 0.0
01:03:53.0416 1416  Product type: Workstation
01:03:53.0416 1416  ComputerName: ***
01:03:53.0417 1416  UserName: ***
01:03:53.0417 1416  Windows directory: C:\Windows
01:03:53.0417 1416  System windows directory: C:\Windows
01:03:53.0417 1416  Running under WOW64
01:03:53.0417 1416  Processor architecture: Intel x64
01:03:53.0417 1416  Number of processors: 4
01:03:53.0417 1416  Page size: 0x1000
01:03:53.0417 1416  Boot type: Normal boot
01:03:53.0417 1416  ============================================================
01:03:53.0911 1416  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:03:53.0915 1416  ============================================================
01:03:53.0915 1416  \Device\Harddisk0\DR0:
01:03:53.0932 1416  MBR partitions:
01:03:53.0932 1416  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
01:03:53.0932 1416  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x38753000
01:03:53.0932 1416  ============================================================
01:03:53.0968 1416  C: <-> \Device\Harddisk0\DR0\Partition2
01:03:53.0968 1416  ============================================================
01:03:53.0968 1416  Initialize success
01:03:53.0968 1416  ============================================================
01:04:23.0446 3904  ============================================================
01:04:23.0446 3904  Scan started
01:04:23.0446 3904  Mode: Manual; SigCheck; TDLFS;
01:04:23.0446 3904  ============================================================
01:04:24.0329 3904  ================ Scan system memory ========================
01:04:24.0329 3904  System memory - ok
01:04:24.0329 3904  ================ Scan services =============================
01:04:24.0593 3904  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
01:04:24.0753 3904  1394ohci - ok
01:04:24.0803 3904  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
01:04:24.0822 3904  ACPI - ok
01:04:24.0872 3904  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi        C:\Windows\system32\DRIVERS\acpipmi.sys
01:04:24.0997 3904  AcpiPmi - ok
01:04:25.0130 3904  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:04:25.0141 3904  AdobeARMservice - ok
01:04:25.0375 3904  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:04:25.0394 3904  AdobeFlashPlayerUpdateSvc - ok
01:04:25.0488 3904  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
01:04:25.0523 3904  adp94xx - ok
01:04:25.0544 3904  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
01:04:25.0560 3904  adpahci - ok
01:04:25.0565 3904  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
01:04:25.0578 3904  adpu320 - ok
01:04:25.0624 3904  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
01:04:25.0771 3904  AeLookupSvc - ok
01:04:25.0859 3904  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD            C:\Windows\system32\drivers\afd.sys
01:04:25.0917 3904  AFD - ok
01:04:26.0008 3904  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
01:04:26.0020 3904  agp440 - ok
01:04:26.0055 3904  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
01:04:26.0078 3904  ALG - ok
01:04:26.0129 3904  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
01:04:26.0142 3904  aliide - ok
01:04:26.0179 3904  [ 671D9DCA48DA807780D8409C18ED0AE0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
01:04:26.0226 3904  AMD External Events Utility - ok
01:04:26.0238 3904  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
01:04:26.0249 3904  amdide - ok
01:04:26.0276 3904  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
01:04:26.0305 3904  AmdK8 - ok
01:04:26.0447 3904  [ D3E6B2E1394D93FE9DB0BA24814B0D8F ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
01:04:26.0636 3904  amdkmdag - ok
01:04:26.0673 3904  [ CC4D915D786D3DA973B2EA9B95D59A29 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
01:04:26.0697 3904  amdkmdap - ok
01:04:26.0731 3904  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
01:04:26.0771 3904  AmdPPM - ok
01:04:26.0816 3904  [ 7A4B413614C055935567CF88A9734D38 ] amdsata        C:\Windows\system32\DRIVERS\amdsata.sys
01:04:26.0827 3904  amdsata - ok
01:04:26.0862 3904  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
01:04:26.0877 3904  amdsbs - ok
01:04:26.0899 3904  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata        C:\Windows\system32\DRIVERS\amdxata.sys
01:04:26.0909 3904  amdxata - ok
01:04:26.0938 3904  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor        C:\Windows\system32\drivers\AmUStor.SYS
01:04:27.0002 3904  AmUStor - ok
01:04:27.0152 3904  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
01:04:27.0180 3904  AntiVirSchedulerService - ok
01:04:27.0213 3904  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
01:04:27.0222 3904  AntiVirService - ok
01:04:27.0266 3904  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID          C:\Windows\system32\drivers\appid.sys
01:04:27.0319 3904  AppID - ok
01:04:27.0377 3904  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:04:27.0426 3904  AppIDSvc - ok
01:04:27.0445 3904  [ D065BE66822847B7F127D1F90158376E ] Appinfo        C:\Windows\System32\appinfo.dll
01:04:27.0481 3904  Appinfo - ok
01:04:27.0510 3904  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
01:04:27.0521 3904  arc - ok
01:04:27.0532 3904  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
01:04:27.0543 3904  arcsas - ok
01:04:27.0726 3904  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:04:27.0776 3904  aspnet_state - ok
01:04:27.0828 3904  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:04:27.0890 3904  AsyncMac - ok
01:04:27.0932 3904  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\DRIVERS\atapi.sys
01:04:27.0942 3904  atapi - ok
01:04:28.0040 3904  [ 931884F5F2D7E6973366782690BF1754 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
01:04:28.0099 3904  athr - ok
01:04:28.0162 3904  [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
01:04:28.0201 3904  AtiHdmiService - ok
01:04:28.0290 3904  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
01:04:28.0305 3904  atksgt - ok
01:04:28.0349 3904  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:04:28.0412 3904  AudioEndpointBuilder - ok
01:04:28.0424 3904  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
01:04:28.0466 3904  AudioSrv - ok
01:04:28.0559 3904  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
01:04:28.0568 3904  avgntflt - ok
01:04:28.0619 3904  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
01:04:28.0629 3904  avipbb - ok
01:04:28.0646 3904  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
01:04:28.0656 3904  avkmgr - ok
01:04:28.0703 3904  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:04:28.0777 3904  AxInstSV - ok
01:04:28.0833 3904  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
01:04:28.0878 3904  b06bdrv - ok
01:04:28.0924 3904  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
01:04:28.0955 3904  b57nd60a - ok
01:04:28.0993 3904  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
01:04:29.0015 3904  BDESVC - ok
01:04:29.0034 3904  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:04:29.0077 3904  Beep - ok
01:04:29.0121 3904  [ 4992C609A6315671463E30F6512BC022 ] BFE            C:\Windows\System32\bfe.dll
01:04:29.0173 3904  BFE - ok
01:04:29.0215 3904  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
01:04:29.0272 3904  BITS - ok
01:04:29.0295 3904  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
01:04:29.0321 3904  blbdrive - ok
01:04:29.0390 3904  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:04:29.0432 3904  bowser - ok
01:04:29.0472 3904  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:04:29.0518 3904  BrFiltLo - ok
01:04:29.0550 3904  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:04:29.0568 3904  BrFiltUp - ok
01:04:29.0619 3904  [ 6B054C67AAA87843504E8E3C09102009 ] Browser        C:\Windows\System32\browser.dll
01:04:29.0660 3904  Browser - ok
01:04:29.0688 3904  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
01:04:29.0721 3904  Brserid - ok
01:04:29.0736 3904  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:04:29.0767 3904  BrSerWdm - ok
01:04:29.0793 3904  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:04:29.0826 3904  BrUsbMdm - ok
01:04:29.0845 3904  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:04:29.0873 3904  BrUsbSer - ok
01:04:29.0888 3904  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
01:04:29.0927 3904  BTHMODEM - ok
01:04:29.0949 3904  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
01:04:30.0003 3904  bthserv - ok
01:04:30.0036 3904  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:04:30.0072 3904  cdfs - ok
01:04:30.0089 3904  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
01:04:30.0113 3904  cdrom - ok
01:04:30.0147 3904  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc    C:\Windows\System32\certprop.dll
01:04:30.0192 3904  CertPropSvc - ok
01:04:30.0219 3904  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
01:04:30.0249 3904  circlass - ok
01:04:30.0273 3904  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
01:04:30.0289 3904  CLFS - ok
01:04:30.0339 3904  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:04:30.0358 3904  clr_optimization_v2.0.50727_32 - ok
01:04:30.0388 3904  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:04:30.0405 3904  clr_optimization_v2.0.50727_64 - ok
01:04:30.0550 3904  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:04:30.0602 3904  clr_optimization_v4.0.30319_32 - ok
01:04:30.0623 3904  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:04:30.0639 3904  clr_optimization_v4.0.30319_64 - ok
01:04:30.0667 3904  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:04:30.0695 3904  CmBatt - ok
01:04:30.0728 3904  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
01:04:30.0738 3904  cmdide - ok
01:04:30.0787 3904  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG            C:\Windows\system32\Drivers\cng.sys
01:04:30.0828 3904  CNG - ok
01:04:30.0862 3904  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
01:04:30.0874 3904  Compbatt - ok
01:04:30.0879 3904  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
01:04:30.0903 3904  CompositeBus - ok
01:04:30.0915 3904  COMSysApp - ok
01:04:30.0933 3904  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
01:04:30.0944 3904  crcdisk - ok
01:04:31.0002 3904  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:04:31.0037 3904  CryptSvc - ok
01:04:31.0154 3904  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:04:31.0178 3904  cvhsvc - ok
01:04:31.0362 3904  DAUpdaterSvc - ok
01:04:31.0418 3904  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:04:31.0476 3904  DcomLaunch - ok
01:04:31.0507 3904  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
01:04:31.0558 3904  defragsvc - ok
01:04:31.0616 3904  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:04:31.0672 3904  DfsC - ok
01:04:31.0709 3904  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:04:31.0778 3904  Dhcp - ok
01:04:31.0809 3904  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
01:04:31.0847 3904  discache - ok
01:04:31.0871 3904  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
01:04:31.0882 3904  Disk - ok
01:04:31.0931 3904  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:04:31.0959 3904  Dnscache - ok
01:04:31.0982 3904  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc        C:\Windows\System32\dot3svc.dll
01:04:32.0034 3904  dot3svc - ok
01:04:32.0043 3904  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS            C:\Windows\system32\dps.dll
01:04:32.0086 3904  DPS - ok
01:04:32.0107 3904  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
01:04:32.0120 3904  drmkaud - ok
01:04:32.0182 3904  [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService  C:\Program Files (x86)\Launch Manager\dsiwmis.exe
01:04:32.0195 3904  DsiWMIService - ok
01:04:32.0230 3904  [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
01:04:32.0258 3904  DXGKrnl - ok
01:04:32.0287 3904  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
01:04:32.0338 3904  EapHost - ok
01:04:32.0440 3904  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
01:04:32.0547 3904  ebdrv - ok
01:04:32.0614 3904  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS            C:\Windows\System32\lsass.exe
01:04:32.0639 3904  EFS - ok
01:04:32.0708 3904  [ 3D69FAE60EDE442E004611A4EE4DB44C ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
01:04:32.0747 3904  ehRecvr - ok
01:04:32.0772 3904  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
01:04:32.0789 3904  ehSched - ok
01:04:32.0850 3904  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
01:04:32.0877 3904  elxstor - ok
01:04:32.0955 3904  [ 4791D9FDD38A125C1C1E311610E5A159 ] ePowerSvc      C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
01:04:32.0982 3904  ePowerSvc - ok
01:04:33.0000 3904  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
01:04:33.0028 3904  ErrDev - ok
01:04:33.0076 3904  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
01:04:33.0127 3904  EventSystem - ok
01:04:33.0220 3904  [ 8ADACFFAD67394C711698EA074CE3BAB ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
01:04:33.0285 3904  ewusbnet - ok
01:04:33.0312 3904  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
01:04:33.0364 3904  exfat - ok
01:04:33.0372 3904  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
01:04:33.0419 3904  fastfat - ok
01:04:33.0469 3904  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax            C:\Windows\system32\fxssvc.exe
01:04:33.0504 3904  Fax - ok
01:04:33.0530 3904  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
01:04:33.0556 3904  fdc - ok
01:04:33.0588 3904  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
01:04:33.0636 3904  fdPHost - ok
01:04:33.0672 3904  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:04:33.0709 3904  FDResPub - ok
01:04:33.0730 3904  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:04:33.0741 3904  FileInfo - ok
01:04:33.0771 3904  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
01:04:33.0807 3904  Filetrace - ok
01:04:33.0823 3904  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:04:33.0836 3904  flpydisk - ok
01:04:33.0843 3904  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:04:33.0857 3904  FltMgr - ok
01:04:33.0906 3904  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache      C:\Windows\system32\FntCache.dll
01:04:33.0967 3904  FontCache - ok
01:04:34.0000 3904  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:04:34.0008 3904  FontCache3.0.0.0 - ok
01:04:34.0026 3904  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
01:04:34.0037 3904  FsDepends - ok
01:04:34.0084 3904  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:04:34.0094 3904  Fs_Rec - ok
01:04:34.0139 3904  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:04:34.0155 3904  fvevol - ok
01:04:34.0190 3904  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
01:04:34.0202 3904  gagp30kx - ok
01:04:34.0244 3904  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc          C:\Windows\System32\gpsvc.dll
01:04:34.0282 3904  gpsvc - ok
01:04:34.0342 3904  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
01:04:34.0349 3904  GREGService - ok
01:04:34.0445 3904  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:04:34.0457 3904  gupdate - ok
01:04:34.0529 3904  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:04:34.0538 3904  gupdatem - ok
01:04:34.0599 3904  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi        C:\Windows\system32\DRIVERS\hamachi.sys
01:04:34.0608 3904  hamachi - ok
01:04:34.0839 3904  [ A5963114373834D78782013BC803043E ] Hamachi2Svc    C:\Users\Milan Libischer\Downloads\hamachi-2.exe
01:04:34.0896 3904  Hamachi2Svc - ok
01:04:34.0940 3904  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:04:34.0962 3904  hcw85cir - ok
01:04:34.0995 3904  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:04:35.0030 3904  HdAudAddService - ok
01:04:35.0043 3904  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
01:04:35.0069 3904  HDAudBus - ok
01:04:35.0105 3904  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64        C:\Windows\system32\DRIVERS\HECIx64.sys
01:04:35.0114 3904  HECIx64 - ok
01:04:35.0150 3904  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
01:04:35.0168 3904  HidBatt - ok
01:04:35.0185 3904  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
01:04:35.0223 3904  HidBth - ok
01:04:35.0250 3904  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
01:04:35.0279 3904  HidIr - ok
01:04:35.0297 3904  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
01:04:35.0344 3904  hidserv - ok
01:04:35.0371 3904  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
01:04:35.0396 3904  HidUsb - ok
01:04:35.0494 3904  [ D61F8E72032BDC43157F2B8AEA32B529 ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
01:04:35.0503 3904  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
01:04:35.0503 3904  HiPatchService - detected UnsignedFile.Multi.Generic (1)
01:04:35.0541 3904  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:04:35.0588 3904  hkmsvc - ok
01:04:35.0612 3904  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:04:35.0636 3904  HomeGroupListener - ok
01:04:35.0667 3904  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:04:35.0687 3904  HomeGroupProvider - ok
01:04:35.0735 3904  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
01:04:35.0747 3904  HpSAMD - ok
01:04:35.0798 3904  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:04:35.0848 3904  HTTP - ok
01:04:35.0951 3904  [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
01:04:35.0984 3904  hwdatacard - ok
01:04:36.0040 3904  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:04:36.0052 3904  hwpolicy - ok
01:04:36.0126 3904  [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
01:04:36.0161 3904  hwusbdev - ok
01:04:36.0169 3904  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
01:04:36.0183 3904  i8042prt - ok
01:04:36.0227 3904  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
01:04:36.0242 3904  iaStor - ok
01:04:36.0278 3904  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV        C:\Windows\system32\DRIVERS\iaStorV.sys
01:04:36.0295 3904  iaStorV - ok
01:04:36.0351 3904  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:04:36.0377 3904  idsvc - ok
01:04:36.0424 3904  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
01:04:36.0435 3904  iirsp - ok
01:04:36.0477 3904  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
01:04:36.0530 3904  IKEEXT - ok
01:04:36.0584 3904  [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd          C:\Windows\system32\DRIVERS\Impcd.sys
01:04:36.0605 3904  Impcd - ok
01:04:36.0721 3904  [ A0EAB13A78CC5FB960EC76E3D6408DA3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:04:36.0773 3904  IntcAzAudAddService - ok
01:04:36.0809 3904  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
01:04:36.0819 3904  intelide - ok
01:04:37.0028 3904  [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
01:04:37.0323 3904  intelkmd - ok
01:04:37.0359 3904  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:04:37.0379 3904  intelppm - ok
01:04:37.0466 3904  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
01:04:37.0518 3904  IPBusEnum - ok
01:04:37.0546 3904  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:04:37.0583 3904  IpFilterDriver - ok
01:04:37.0626 3904  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:04:37.0690 3904  iphlpsvc - ok
01:04:37.0703 3904  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV        C:\Windows\system32\DRIVERS\IPMIDrv.sys
01:04:37.0734 3904  IPMIDRV - ok
01:04:37.0744 3904  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
01:04:37.0795 3904  IPNAT - ok
01:04:37.0813 3904  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:04:37.0829 3904  IRENUM - ok
01:04:37.0846 3904  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
01:04:37.0857 3904  isapnp - ok
01:04:37.0880 3904  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
01:04:37.0892 3904  iScsiPrt - ok
01:04:37.0915 3904  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
01:04:37.0926 3904  kbdclass - ok
01:04:37.0943 3904  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
01:04:37.0968 3904  kbdhid - ok
01:04:37.0979 3904  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
01:04:37.0990 3904  KeyIso - ok
01:04:38.0026 3904  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:04:38.0037 3904  KSecDD - ok
01:04:38.0064 3904  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
01:04:38.0076 3904  KSecPkg - ok
01:04:38.0099 3904  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
01:04:38.0146 3904  ksthunk - ok
01:04:38.0175 3904  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
01:04:38.0228 3904  KtmRm - ok
01:04:38.0270 3904  [ 32980B4E711D2EF7128C44DC2CF85706 ] L1C            C:\Windows\system32\DRIVERS\L1C62x64.sys
01:04:38.0279 3904  L1C - ok
01:04:38.0320 3904  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
01:04:38.0348 3904  LanmanServer - ok
01:04:38.0381 3904  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:04:38.0429 3904  LanmanWorkstation - ok
01:04:38.0524 3904  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
01:04:38.0533 3904  lirsgt - ok
01:04:38.0590 3904  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:04:38.0652 3904  lltdio - ok
01:04:38.0740 3904  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
01:04:38.0807 3904  lltdsvc - ok
01:04:38.0845 3904  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
01:04:38.0879 3904  lmhosts - ok
01:04:38.0977 3904  [ 23D990150D56B670A62B21B9ABDD45EE ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
01:04:38.0989 3904  LMS - ok
01:04:39.0037 3904  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
01:04:39.0048 3904  LSI_FC - ok
01:04:39.0066 3904  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
01:04:39.0077 3904  LSI_SAS - ok
01:04:39.0081 3904  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:04:39.0092 3904  LSI_SAS2 - ok
01:04:39.0132 3904  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:04:39.0144 3904  LSI_SCSI - ok
01:04:39.0169 3904  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
01:04:39.0206 3904  luafv - ok
01:04:39.0244 3904  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
01:04:39.0271 3904  Mcx2Svc - ok
01:04:39.0289 3904  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
01:04:39.0300 3904  megasas - ok
01:04:39.0352 3904  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
01:04:39.0368 3904  MegaSR - ok
01:04:39.0399 3904  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
01:04:39.0450 3904  MMCSS - ok
01:04:39.0478 3904  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
01:04:39.0524 3904  Modem - ok
01:04:39.0558 3904  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
01:04:39.0584 3904  monitor - ok
01:04:39.0588 3904  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:04:39.0599 3904  mouclass - ok
01:04:39.0658 3904  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:04:39.0670 3904  mouhid - ok
01:04:39.0674 3904  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:04:39.0686 3904  mountmgr - ok
01:04:39.0827 3904  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:04:39.0847 3904  MozillaMaintenance - ok
01:04:39.0889 3904  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
01:04:39.0903 3904  mpio - ok
01:04:39.0938 3904  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:04:39.0981 3904  mpsdrv - ok
01:04:40.0021 3904  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:04:40.0082 3904  MpsSvc - ok
01:04:40.0102 3904  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:04:40.0145 3904  MRxDAV - ok
01:04:40.0186 3904  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:04:40.0221 3904  mrxsmb - ok
01:04:40.0292 3904  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:04:40.0317 3904  mrxsmb10 - ok
01:04:40.0331 3904  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:04:40.0353 3904  mrxsmb20 - ok
01:04:40.0387 3904  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
01:04:40.0398 3904  msahci - ok
01:04:40.0420 3904  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm          C:\Windows\system32\DRIVERS\msdsm.sys
01:04:40.0432 3904  msdsm - ok
01:04:40.0450 3904  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
01:04:40.0513 3904  MSDTC - ok
01:04:40.0557 3904  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:04:40.0599 3904  Msfs - ok
01:04:40.0609 3904  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
01:04:40.0643 3904  mshidkmdf - ok
01:04:40.0647 3904  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
01:04:40.0659 3904  msisadrv - ok
01:04:40.0682 3904  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
01:04:40.0735 3904  MSiSCSI - ok
01:04:40.0738 3904  msiserver - ok
01:04:40.0770 3904  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
01:04:40.0803 3904  MSKSSRV - ok
01:04:40.0816 3904  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:04:40.0862 3904  MSPCLOCK - ok
01:04:40.0865 3904  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
01:04:40.0910 3904  MSPQM - ok
01:04:40.0929 3904  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
01:04:40.0946 3904  MsRPC - ok
01:04:40.0952 3904  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
01:04:40.0963 3904  mssmbios - ok
01:04:40.0974 3904  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
01:04:41.0025 3904  MSTEE - ok
01:04:41.0050 3904  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
01:04:41.0077 3904  MTConfig - ok
01:04:41.0093 3904  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
01:04:41.0103 3904  Mup - ok
01:04:41.0131 3904  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
01:04:41.0138 3904  mwlPSDFilter - ok
01:04:41.0145 3904  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ    C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
01:04:41.0152 3904  mwlPSDNServ - ok
01:04:41.0165 3904  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk    C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
01:04:41.0172 3904  mwlPSDVDisk - ok
01:04:41.0221 3904  [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
01:04:41.0235 3904  MWLService - ok
01:04:41.0278 3904  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
01:04:41.0319 3904  napagent - ok
01:04:41.0361 3904  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
01:04:41.0393 3904  NativeWifiP - ok
01:04:41.0423 3904  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:04:41.0450 3904  NDIS - ok
01:04:41.0479 3904  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
01:04:41.0529 3904  NdisCap - ok
01:04:41.0564 3904  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:04:41.0612 3904  NdisTapi - ok
01:04:41.0625 3904  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
01:04:41.0668 3904  Ndisuio - ok
01:04:41.0673 3904  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
01:04:41.0709 3904  NdisWan - ok
01:04:41.0724 3904  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
01:04:41.0760 3904  NDProxy - ok
01:04:41.0772 3904  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
01:04:41.0827 3904  NetBIOS - ok
01:04:41.0835 3904  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
01:04:41.0879 3904  NetBT - ok
01:04:41.0890 3904  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
01:04:41.0900 3904  Netlogon - ok
01:04:41.0929 3904  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
01:04:41.0978 3904  Netman - ok
01:04:42.0015 3904  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:04:42.0026 3904  NetMsmqActivator - ok
01:04:42.0030 3904  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:04:42.0040 3904  NetPipeActivator - ok
01:04:42.0069 3904  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
01:04:42.0125 3904  netprofm - ok
01:04:42.0130 3904  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:04:42.0140 3904  NetTcpActivator - ok
01:04:42.0144 3904  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:04:42.0154 3904  NetTcpPortSharing - ok
01:04:42.0196 3904  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
01:04:42.0206 3904  nfrd960 - ok
01:04:42.0258 3904  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:04:42.0302 3904  NlaSvc - ok
01:04:42.0403 3904  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
01:04:42.0471 3904  NOBU - ok
01:04:42.0487 3904  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:04:42.0533 3904  Npfs - ok
01:04:42.0547 3904  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
01:04:42.0598 3904  nsi - ok
01:04:42.0611 3904  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:04:42.0673 3904  nsiproxy - ok
01:04:42.0715 3904  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:04:42.0775 3904  Ntfs - ok
01:04:42.0824 3904  [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
01:04:42.0835 3904  NTI IScheduleSvc - ok
01:04:42.0857 3904  [ 28C59F594044CBF8598B18C927097091 ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
01:04:42.0866 3904  NTIBackupSvc - ok
01:04:42.0891 3904  [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr        C:\Windows\system32\drivers\NTIDrvr.sys
01:04:42.0899 3904  NTIDrvr - ok
01:04:42.0920 3904  [ B8D903B2894FF9AFBD99CA51C35590D7 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
01:04:42.0970 3904  NTISchedulerSvc - ok
01:04:42.0998 3904  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
01:04:43.0052 3904  Null - ok
01:04:43.0082 3904  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
01:04:43.0096 3904  nvraid - ok
01:04:43.0103 3904  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
01:04:43.0115 3904  nvstor - ok
01:04:43.0138 3904  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
01:04:43.0150 3904  nv_agp - ok
01:04:43.0159 3904  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
01:04:43.0183 3904  ohci1394 - ok
01:04:43.0231 3904  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:04:43.0243 3904  ose - ok
01:04:43.0435 3904  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:04:43.0594 3904  osppsvc - ok
01:04:43.0643 3904  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:04:43.0665 3904  p2pimsvc - ok
01:04:43.0685 3904  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:04:43.0701 3904  p2psvc - ok
01:04:43.0727 3904  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
01:04:43.0739 3904  Parport - ok
01:04:43.0787 3904  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
01:04:43.0798 3904  partmgr - ok
01:04:43.0821 3904  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:04:43.0844 3904  PcaSvc - ok
01:04:43.0864 3904  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci            C:\Windows\system32\DRIVERS\pci.sys
01:04:43.0876 3904  pci - ok
01:04:43.0898 3904  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
01:04:43.0909 3904  pciide - ok
01:04:43.0924 3904  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
01:04:43.0936 3904  pcmcia - ok
01:04:43.0940 3904  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
01:04:43.0950 3904  pcw - ok
01:04:43.0979 3904  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:04:44.0037 3904  PEAUTH - ok
01:04:44.0117 3904  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
01:04:44.0139 3904  PerfHost - ok
01:04:44.0185 3904  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla            C:\Windows\system32\pla.dll
01:04:44.0259 3904  pla - ok
01:04:44.0331 3904  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:04:44.0362 3904  PlugPlay - ok
01:04:44.0374 3904  PnkBstrA - ok
01:04:44.0402 3904  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
01:04:44.0431 3904  PNRPAutoReg - ok
01:04:44.0454 3904  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
01:04:44.0471 3904  PNRPsvc - ok
01:04:44.0554 3904  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
01:04:44.0632 3904  PolicyAgent - ok
01:04:44.0659 3904  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
01:04:44.0705 3904  Power - ok
01:04:44.0746 3904  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:04:44.0791 3904  PptpMiniport - ok
01:04:44.0814 3904  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
01:04:44.0838 3904  Processor - ok
01:04:44.0873 3904  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc        C:\Windows\system32\profsvc.dll
01:04:44.0913 3904  ProfSvc - ok
01:04:44.0923 3904  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:04:44.0934 3904  ProtectedStorage - ok
01:04:44.0966 3904  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:04:45.0006 3904  Psched - ok
01:04:45.0074 3904  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
01:04:45.0114 3904  ql2300 - ok
01:04:45.0119 3904  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
01:04:45.0131 3904  ql40xx - ok
01:04:45.0163 3904  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
01:04:45.0185 3904  QWAVE - ok
01:04:45.0215 3904  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:04:45.0251 3904  QWAVEdrv - ok
01:04:45.0264 3904  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:04:45.0325 3904  RasAcd - ok
01:04:45.0362 3904  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
01:04:45.0398 3904  RasAgileVpn - ok
01:04:45.0420 3904  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
01:04:45.0478 3904  RasAuto - ok
01:04:45.0510 3904  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
01:04:45.0560 3904  Rasl2tp - ok
01:04:45.0566 3904  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
01:04:45.0626 3904  RasMan - ok
01:04:45.0643 3904  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:04:45.0693 3904  RasPppoe - ok
01:04:45.0697 3904  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
01:04:45.0743 3904  RasSstp - ok
01:04:45.0762 3904  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
01:04:45.0807 3904  rdbss - ok
01:04:45.0835 3904  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
01:04:45.0850 3904  rdpbus - ok
01:04:45.0861 3904  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:04:45.0895 3904  RDPCDD - ok
01:04:45.0900 3904  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:04:45.0945 3904  RDPENCDD - ok
01:04:45.0951 3904  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:04:45.0989 3904  RDPREFMP - ok
01:04:46.0042 3904  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
01:04:46.0071 3904  RDPWD - ok
01:04:46.0099 3904  [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:04:46.0113 3904  rdyboost - ok
01:04:46.0142 3904  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:04:46.0180 3904  RemoteAccess - ok
01:04:46.0206 3904  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:04:46.0258 3904  RemoteRegistry - ok
01:04:46.0290 3904  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo      C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
01:04:46.0300 3904  RichVideo ( UnsignedFile.Multi.Generic ) - warning
01:04:46.0300 3904  RichVideo - detected UnsignedFile.Multi.Generic (1)
01:04:46.0340 3904  [ 77B3B747EB2413072B8E4306018D0C9B ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
01:04:46.0390 3904  RMCAST - ok
01:04:46.0427 3904  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:04:46.0468 3904  RpcEptMapper - ok
01:04:46.0486 3904  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
01:04:46.0498 3904  RpcLocator - ok
01:04:46.0515 3904  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs          C:\Windows\system32\rpcss.dll
01:04:46.0556 3904  RpcSs - ok
01:04:46.0577 3904  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:04:46.0617 3904  rspndr - ok
01:04:46.0634 3904  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs          C:\Windows\system32\lsass.exe
01:04:46.0644 3904  SamSs - ok
01:04:46.0664 3904  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
01:04:46.0674 3904  sbp2port - ok
01:04:46.0709 3904  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:04:46.0755 3904  SCardSvr - ok
01:04:46.0769 3904  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:04:46.0816 3904  scfilter - ok
01:04:46.0860 3904  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
01:04:46.0885 3904  Schedule - ok
01:04:46.0912 3904  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc    C:\Windows\System32\certprop.dll
01:04:46.0948 3904  SCPolicySvc - ok
01:04:46.0970 3904  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:04:46.0998 3904  SDRSVC - ok
01:04:47.0021 3904  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:04:47.0058 3904  secdrv - ok
01:04:47.0073 3904  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
01:04:47.0117 3904  seclogon - ok
01:04:47.0135 3904  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
01:04:47.0171 3904  SENS - ok
01:04:47.0214 3904  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:04:47.0242 3904  SensrSvc - ok
01:04:47.0267 3904  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
01:04:47.0280 3904  Serenum - ok
01:04:47.0327 3904  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
01:04:47.0363 3904  Serial - ok
01:04:47.0399 3904  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
01:04:47.0445 3904  sermouse - ok
01:04:47.0482 3904  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
01:04:47.0521 3904  SessionEnv - ok
01:04:47.0540 3904  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
01:04:47.0563 3904  sffdisk - ok
01:04:47.0576 3904  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
01:04:47.0601 3904  sffp_mmc - ok
01:04:47.0622 3904  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
01:04:47.0650 3904  sffp_sd - ok
01:04:47.0670 3904  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
01:04:47.0680 3904  sfloppy - ok
01:04:47.0743 3904  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs          C:\Windows\system32\DRIVERS\Sftfslh.sys
01:04:47.0767 3904  Sftfs - ok
01:04:47.0861 3904  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:04:47.0881 3904  sftlist - ok
01:04:47.0900 3904  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay        C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:04:47.0912 3904  Sftplay - ok
01:04:47.0932 3904  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:04:47.0942 3904  Sftredir - ok
01:04:47.0958 3904  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
01:04:47.0966 3904  Sftvol - ok
01:04:48.0018 3904  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:04:48.0029 3904  sftvsa - ok
01:04:48.0060 3904  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:04:48.0110 3904  SharedAccess - ok
01:04:48.0136 3904  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:04:48.0164 3904  ShellHWDetection - ok
01:04:48.0202 3904  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:04:48.0212 3904  SiSRaid2 - ok
01:04:48.0228 3904  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
01:04:48.0240 3904  SiSRaid4 - ok
01:04:48.0471 3904  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
01:04:48.0587 3904  Skype C2C Service - ok
01:04:48.0724 3904  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
01:04:48.0741 3904  SkypeUpdate - ok
01:04:48.0786 3904  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
01:04:48.0824 3904  Smb - ok
01:04:48.0860 3904  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:04:48.0880 3904  SNMPTRAP - ok
01:04:48.0900 3904  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
01:04:48.0912 3904  spldr - ok
01:04:48.0939 3904  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler        C:\Windows\System32\spoolsv.exe
01:04:48.0967 3904  Spooler - ok
01:04:49.0050 3904  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
01:04:49.0160 3904  sppsvc - ok
01:04:49.0172 3904  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
01:04:49.0208 3904  sppuinotify - ok
01:04:49.0261 3904  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv            C:\Windows\system32\DRIVERS\srv.sys
01:04:49.0315 3904  srv - ok
01:04:49.0323 3904  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:04:49.0362 3904  srv2 - ok
01:04:49.0376 3904  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:04:49.0391 3904  srvnet - ok
01:04:49.0424 3904  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
01:04:49.0484 3904  SSDPSRV - ok
01:04:49.0490 3904  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
01:04:49.0528 3904  SstpSvc - ok
01:04:49.0601 3904  Steam Client Service - ok
01:04:49.0638 3904  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
01:04:49.0648 3904  stexstor - ok
01:04:49.0686 3904  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
01:04:49.0712 3904  stisvc - ok
01:04:49.0729 3904  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
01:04:49.0740 3904  swenum - ok
01:04:49.0766 3904  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
01:04:49.0814 3904  swprv - ok
01:04:49.0858 3904  [ CE9B5A79AEE330BC7E88C0441E5727BB ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
01:04:49.0871 3904  SynTP - ok
01:04:49.0915 3904  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain        C:\Windows\system32\sysmain.dll
01:04:49.0963 3904  SysMain - ok
01:04:49.0983 3904  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:04:50.0010 3904  TabletInputService - ok
01:04:50.0036 3904  tandpl - ok
01:04:50.0042 3904  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv        C:\Windows\System32\tapisrv.dll
01:04:50.0092 3904  TapiSrv - ok
01:04:50.0110 3904  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
01:04:50.0147 3904  TBS - ok
01:04:50.0246 3904  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
01:04:50.0296 3904  Tcpip - ok
01:04:50.0325 3904  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:04:50.0363 3904  TCPIP6 - ok
01:04:50.0392 3904  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:04:50.0429 3904  tcpipreg - ok
01:04:50.0449 3904  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:04:50.0469 3904  TDPIPE - ok
01:04:50.0526 3904  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
01:04:50.0557 3904  TDTCP - ok
01:04:50.0611 3904  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
01:04:50.0664 3904  tdx - ok
01:04:50.0669 3904  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
01:04:50.0680 3904  TermDD - ok
01:04:50.0720 3904  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService    C:\Windows\System32\termsrv.dll
01:04:50.0774 3904  TermService - ok
01:04:50.0832 3904  [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk      C:\Windows\System32\Drivers\TFsExDisk.sys
01:04:50.0841 3904  TFsExDisk - ok
01:04:50.0873 3904  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
01:04:50.0896 3904  Themes - ok
01:04:50.0910 3904  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
01:04:50.0945 3904  THREADORDER - ok
01:04:50.0967 3904  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
01:04:51.0008 3904  TrkWks - ok
01:04:51.0057 3904  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:04:51.0094 3904  TrustedInstaller - ok
01:04:51.0127 3904  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:04:51.0181 3904  tssecsrv - ok
01:04:51.0213 3904  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:04:51.0265 3904  tunnel - ok
01:04:51.0305 3904  [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
01:04:51.0313 3904  TurboB - ok
01:04:51.0356 3904  [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
01:04:51.0366 3904  TurboBoost - ok
01:04:51.0398 3904  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
01:04:51.0411 3904  uagp35 - ok
01:04:51.0435 3904  [ 40079B0B801C5432BA435B5AD61CE6E3 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
01:04:51.0444 3904  UBHelper - ok
01:04:51.0460 3904  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:04:51.0515 3904  udfs - ok
01:04:51.0535 3904  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
01:04:51.0550 3904  UI0Detect - ok
01:04:51.0574 3904  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
01:04:51.0585 3904  uliagpkx - ok
01:04:51.0604 3904  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
01:04:51.0627 3904  umbus - ok
01:04:51.0661 3904  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
01:04:51.0673 3904  UmPass - ok
01:04:51.0802 3904  [ CBDEE152D73200EE49031A26310B9D3E ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
01:04:51.0861 3904  UNS - ok
01:04:51.0916 3904  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
01:04:51.0927 3904  Updater Service - ok
01:04:51.0960 3904  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
01:04:52.0010 3904  upnphost - ok
01:04:52.0104 3904  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
01:04:52.0127 3904  usbaudio - ok
01:04:52.0172 3904  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
01:04:52.0207 3904  usbccgp - ok
01:04:52.0233 3904  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
01:04:52.0249 3904  usbcir - ok
01:04:52.0253 3904  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
01:04:52.0283 3904  usbehci - ok
01:04:52.0290 3904  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:04:52.0319 3904  usbhub - ok
01:04:52.0353 3904  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
01:04:52.0365 3904  usbohci - ok
01:04:52.0413 3904  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:04:52.0439 3904  usbprint - ok
01:04:52.0503 3904  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
01:04:52.0518 3904  usbscan - ok
01:04:52.0549 3904  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:04:52.0563 3904  USBSTOR - ok
01:04:52.0573 3904  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
01:04:52.0586 3904  usbuhci - ok
01:04:52.0617 3904  [ D501E12614B00A3252073101D6A1A74B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
01:04:52.0633 3904  usbvideo - ok
01:04:52.0656 3904  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
01:04:52.0692 3904  UxSms - ok
01:04:52.0712 3904  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
01:04:52.0722 3904  VaultSvc - ok
01:04:52.0725 3904  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
01:04:52.0736 3904  vdrvroot - ok
01:04:52.0765 3904  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds            C:\Windows\System32\vds.exe
01:04:52.0784 3904  vds - ok
01:04:52.0810 3904  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
01:04:52.0824 3904  vga - ok
01:04:52.0840 3904  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
01:04:52.0881 3904  VgaSave - ok
01:04:52.0938 3904  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp          C:\Windows\system32\DRIVERS\vhdmp.sys
01:04:52.0953 3904  vhdmp - ok
01:04:52.0973 3904  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
01:04:52.0982 3904  viaide - ok
01:04:52.0989 3904  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
01:04:53.0000 3904  volmgr - ok
01:04:53.0015 3904  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
01:04:53.0030 3904  volmgrx - ok
01:04:53.0075 3904  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
01:04:53.0092 3904  volsnap - ok
01:04:53.0151 3904  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
01:04:53.0163 3904  vsmraid - ok
01:04:53.0212 3904  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS            C:\Windows\system32\vssvc.exe
01:04:53.0260 3904  VSS - ok
01:04:53.0272 3904  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
01:04:53.0286 3904  vwifibus - ok
01:04:53.0290 3904  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
01:04:53.0318 3904  vwififlt - ok
01:04:53.0347 3904  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
01:04:53.0409 3904  W32Time - ok
01:04:53.0452 3904  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
01:04:53.0464 3904  WacomPen - ok
01:04:53.0498 3904  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:04:53.0540 3904  WANARP - ok
01:04:53.0556 3904  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:04:53.0591 3904  Wanarpv6 - ok
01:04:53.0670 3904  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
01:04:53.0704 3904  WatAdminSvc - ok
01:04:53.0766 3904  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
01:04:53.0811 3904  wbengine - ok
01:04:53.0826 3904  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:04:53.0846 3904  WbioSrvc - ok
01:04:53.0858 3904  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
01:04:53.0879 3904  wcncsvc - ok
01:04:53.0883 3904  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:04:53.0902 3904  WcsPlugInService - ok
01:04:53.0923 3904  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
01:04:53.0933 3904  Wd - ok
01:04:53.0963 3904  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:04:53.0984 3904  Wdf01000 - ok
01:04:54.0026 3904  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:04:54.0056 3904  WdiServiceHost - ok
01:04:54.0060 3904  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
01:04:54.0078 3904  WdiSystemHost - ok
01:04:54.0091 3904  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient      C:\Windows\System32\webclnt.dll
01:04:54.0124 3904  WebClient - ok
01:04:54.0142 3904  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:04:54.0186 3904  Wecsvc - ok
01:04:54.0207 3904  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
01:04:54.0250 3904  wercplsupport - ok
01:04:54.0266 3904  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:04:54.0311 3904  WerSvc - ok
01:04:54.0328 3904  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:04:54.0361 3904  WfpLwf - ok
01:04:54.0405 3904  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:04:54.0415 3904  WIMMount - ok
01:04:54.0439 3904  WinDefend - ok
01:04:54.0451 3904  WinHttpAutoProxySvc - ok
01:04:54.0496 3904  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
01:04:54.0614 3904  Winmgmt - ok
01:04:54.0671 3904  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM          C:\Windows\system32\WsmSvc.dll
01:04:54.0758 3904  WinRM - ok
01:04:54.0827 3904  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
01:04:54.0841 3904  WinUsb - ok
01:04:54.0876 3904  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
01:04:54.0907 3904  Wlansvc - ok
01:04:55.0097 3904  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc        c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:04:55.0150 3904  wlidsvc - ok
01:04:55.0173 3904  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
01:04:55.0183 3904  WmiAcpi - ok
01:04:55.0212 3904  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:04:55.0241 3904  wmiApSrv - ok
01:04:55.0274 3904  WMPNetworkSvc - ok
01:04:55.0302 3904  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:04:55.0313 3904  WPCSvc - ok
01:04:55.0332 3904  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:04:55.0355 3904  WPDBusEnum - ok
01:04:55.0381 3904  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
01:04:55.0427 3904  ws2ifsl - ok
01:04:55.0432 3904  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
01:04:55.0461 3904  wscsvc - ok
01:04:55.0465 3904  WSearch - ok
01:04:55.0556 3904  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:04:55.0614 3904  wuauserv - ok
01:04:55.0628 3904  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:04:55.0665 3904  WudfPf - ok
01:04:55.0708 3904  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:04:55.0758 3904  WUDFRd - ok
01:04:55.0778 3904  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
01:04:55.0825 3904  wudfsvc - ok
01:04:55.0846 3904  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
01:04:55.0880 3904  WwanSvc - ok
01:04:55.0973 3904  X6va009 - ok
01:04:56.0030 3904  [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc          C:\Windows\system32\DRIVERS\xnacc.sys
01:04:56.0059 3904  xnacc - ok
01:04:56.0150 3904  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
01:04:56.0191 3904  xusb21 - ok
01:04:56.0211 3904  ================ Scan global ===============================
01:04:56.0239 3904  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:04:56.0289 3904  [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
01:04:56.0297 3904  [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
01:04:56.0327 3904  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:04:56.0369 3904  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:04:56.0372 3904  [Global] - ok
01:04:56.0373 3904  ================ Scan MBR ==================================
01:04:56.0389 3904  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:04:56.0915 3904  \Device\Harddisk0\DR0 - ok
01:04:56.0916 3904  ================ Scan VBR ==================================
01:04:56.0921 3904  [ 267ABCA3B0218DC5CB5D61E7A305659C ] \Device\Harddisk0\DR0\Partition1
01:04:56.0923 3904  \Device\Harddisk0\DR0\Partition1 - ok
01:04:56.0963 3904  [ BBF91395D69A0AF591FF1AF178662701 ] \Device\Harddisk0\DR0\Partition2
01:04:56.0965 3904  \Device\Harddisk0\DR0\Partition2 - ok
01:04:56.0965 3904  ============================================================
01:04:56.0965 3904  Scan finished
01:04:56.0965 3904  ============================================================
01:04:56.0980 1148  Detected object count: 2
01:04:56.0980 1148  Actual detected object count: 2
01:06:54.0936 1148  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe - copied to quarantine
01:06:54.0937 1148  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
01:06:54.0967 1148  C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe - copied to quarantine
01:06:54.0967 1148  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

cosinus 31.12.2012 13:54
Zitat:
User select action: Quarantine
Du solltest doch nur skippen!
Hast du es nur in die Q kopiert oder auch vom Ursprungsort löschen lassen?

Dr. Acula 31.12.2012 14:09
Nur in Quarantäne.Ich war mir bei beiden Programmmen nicht bewusst was sie waren und erstmal in die Quarantäne verschoben.

cosinus 31.12.2012 14:26
Zitat:
nicht bewusst was sie waren und erstmal in die Quarantäne verschoben.
Genau das solltest du doch nicht machen!

Dr. Acula 31.12.2012 14:39
Sollte ich die beiden Programme nun wieder aus der Quarantäne entfernen(fals möglich)?

cosinus 31.12.2012 14:42
Wenn du die beiden bemängelten Dateien mit dem TDSS-Killer wirklich in die Q verschoben hast kannst du das nicht mehr so einfach rückgängig machen da dieses Tool keine keine vernünftige Q-Verwaltung hat! Genau deswegen steht extra dick und fett in blauer Schrift ja auch mein Warnhinweis in der Anleitung!

Dr. Acula 31.12.2012 14:44
Ok
DIe Dateien waren allerdings eh Dateien die ich gelöscht hätte wenn ich gewusst hätte dass sie sich noch auf meinem PC befinden.Oder ist das Problem allgemein, dass dateien in Quarantäne sind.

cosinus 31.12.2012 14:45
Nein egal, lass es jetzt erstmal so

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Dr. Acula 31.12.2012 15:35
Der ComboFix Scan ergab folgenden Log:(weder Updates noch die installation der wiederherstellungskonsole wurden Vorgeschlagen)

[CODE]
Combofix Logfile:
Code:
ComboFix 12-12-31.01 - *** 31.12.2012  14:59:21.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3764.2337 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\FullRemove.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-11-28 bis 2012-12-31  ))))))))))))))))))))))))))))))
.
.
2012-12-31 14:16 . 2012-12-31 14:16        --------        d-----w-        c:\users\Henry\AppData\Local\temp
2012-12-31 14:16 . 2012-12-31 14:16        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-12-31 14:16 . 2012-12-31 14:16        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2012-12-31 00:06 . 2012-12-31 00:06        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-12-30 22:39 . 2012-12-30 22:39        --------        d-----w-        c:\programdata\Malwarebytes
2012-12-22 02:01 . 2012-12-16 16:52        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-22 02:01 . 2012-12-16 14:25        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-22 02:01 . 2012-12-16 14:40        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-22 02:01 . 2012-12-16 14:25        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-13 19:40 . 2012-10-27 05:36        1197568        ----a-w-        c:\windows\system32\wininet.dll
2012-12-13 19:39 . 2012-09-06 17:38        295792        ----a-w-        c:\windows\system32\drivers\volsnap.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 19:54 . 2012-10-12 23:10        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 19:54 . 2012-01-10 17:38        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 17:39 . 2012-11-14 17:39        477168        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-11-14 17:39 . 2011-01-12 18:49        473072        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-10-04 16:45 . 2012-12-13 19:40        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-16 1521352]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-16 23:46        1521352        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-16 1521352]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40        120176        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_BD9CE8D9AF03ACAD7E09EEFF0A24603C"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-05 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2011-02-17 124136]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-14 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-16 1573576]
"LogMeIn Hamachi Ui"="c:\users\***\Downloads\hamachi-2-ui.exe" [2012-12-10 2254768]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 246224]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-07-15 16392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-20 1255736]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-20 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-15 822304]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\users\***\Downloads\hamachi-2.exe [2012-12-10 2465712]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-06-05 10326784]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 19:54]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-22 17:57]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-22 17:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\***AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42        137584        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-22 10081312]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-22 877600]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-05 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-05 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-05 413208]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-15 496160]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: Interfaces\{2D71057B-DD2C-4205-8B27-D7D2BFFC34A0}: NameServer = 212.23.97.2 212.23.97.3
TCP: Interfaces\{34CB7274-4F0C-45A7-8161-AA3E60EB34A9}: NameServer = 212.23.115.148 212.23.97.2
TCP: Interfaces\{D16F0FEC-D0CB-455A-9A49-4A10B4725A60}: NameServer = 212.23.115.148 212.23.97.2
TCP: Interfaces\{EB7E679A-68AF-4B4D-A068-E43F3587A635}: NameServer = 212.23.115.148 212.23.97.3
FF - ProfilePath - c:\users\Milan Libischer\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=66B73BE4-3A8F-4023-857F-21BFBE8E1DEC&apn_ptnrs=U3&apn_sauid=4C454B66-CE86-474C-81A2-F866ECCF8141&apn_dtid=OSJ000YYDE&&q=
FF - ExtSQL: 2012-11-14 18:39; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-14 18:50; toolbar@ask.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\extensions\toolbar@ask.com
FF - ExtSQL: 2012-11-28 19:05; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BattlEye A2 Free - c:\program files (x86)\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\Bohemia Interactive\ArmABattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1470259330-3820463359-1782755890-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:41,a8,7b,a0,36,6e,a3,d4,63,68,d1,f6,7c,3b,2a,c6,30,50,68,5c,f6,ae,ce,
  54,8f,37,f1,06,eb,38,3a,04,b2,6d,c6,c2,11,db,db,c7,15,f6,9e,f0,53,cd,dc,57,\
"??"=hex:01,3a,42,c4,61,50,a3,f9,f7,2f,61,ee,cd,cc,6e,5a
.
[HKEY_USERS\S-1-5-21-1470259330-3820463359-1782755890-1001\Software\SecuROM\License information*]
"datasecu"=hex:5b,36,e2,32,25,aa,82,9d,c4,f4,ec,0a,72,8a,2a,cc,11,6e,06,a8,63,
  ce,36,53,d5,e2,c8,35,78,01,ce,2e,e2,89,ff,77,16,3d,1b,99,e5,42,46,6f,1e,88,\
"rkeysecu"=hex:ca,ba,be,a8,b9,06,d4,bd,b9,8e,e0,e6,8f,55,ed,d9
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-31  15:33:22
ComboFix-quarantined-files.txt  2012-12-31 14:33
.
Vor Suchlauf: 14 Verzeichnis(se), 16.630.263.808 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 17.350.733.824 Bytes frei
.
- - End Of File - - C0387955C7244D9F81D1042C23920321
--- --- ---

cosinus 31.12.2012 15:40
Es gibt nicht immer was zum updaten und die Wiederherstellungskonsole unter Win7 schon garnicht, nur für XP!

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Dr. Acula 31.12.2012 15:50
Ok hier ist das Ergebnis des adw Cleaner Scans
Code:
# AdwCleaner v2.104 - Datei am 31/12/2012 um 15:46:11 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\searchplugins\Conduit.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\***\AppData\Local\APN
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\Conduit
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\ConduitEngine
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Users\***\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.17153

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\prefs.js

Gefunden : user_pref("CT2857573..clientLogIsEnabled", false);
Gefunden : user_pref("CT2857573..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2857573..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2857573.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2857573.CT2857573", "CT2857573");
Gefunden : user_pref("CT2857573.CurrentServerDate", "16-1-2011");
Gefunden : user_pref("CT2857573.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2857573.DialogsGetterLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gefunden : user_pref("CT2857573.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Gefunden : user_pref("CT2857573.EnableClickToSearchBox", false);
Gefunden : user_pref("CT2857573.EnableSearchHistory", false);
Gefunden : user_pref("CT2857573.EnableSearchSuggest", false);
Gefunden : user_pref("CT2857573.ExternalComponentPollDate129356796739506287", "Sat Jan 15 2011 22:37:16 GMT+010[...]
Gefunden : user_pref("CT2857573.FirstServerDate", "16-1-2011");
Gefunden : user_pref("CT2857573.FirstTime", true);
Gefunden : user_pref("CT2857573.FirstTimeFF3", true);
Gefunden : user_pref("CT2857573.FixPageNotFoundErrors", false);
Gefunden : user_pref("CT2857573.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2857573.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2857573.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2857573.Initialize", true);
Gefunden : user_pref("CT2857573.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2857573.InstallationAndCookieDataSentCount", 1);
Gefunden : user_pref("CT2857573.InstalledDate", "Sat Jan 15 2011 22:39:51 GMT+0100");
Gefunden : user_pref("CT2857573.IsGrouping", false);
Gefunden : user_pref("CT2857573.IsMulticommunity", false);
Gefunden : user_pref("CT2857573.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2857573.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2857573.LanguagePackLastCheckTime", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gefunden : user_pref("CT2857573.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2857573.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2857573.LastLogin_3.3.0.19", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gefunden : user_pref("CT2857573.LatestVersion", "3.2.5.2");
Gefunden : user_pref("CT2857573.Locale", "en");
Gefunden : user_pref("CT2857573.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2857573.MCDetectTooltipShow", false);
Gefunden : user_pref("CT2857573.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2857573.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2857573.SavedHomepage", "resource:/browserconfig.properties");
Gefunden : user_pref("CT2857573.SearchBackToDefaultEngine", false);
Gefunden : user_pref("CT2857573.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2857573.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gefunden : user_pref("CT2857573.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2857573.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2857573.SearchInNewTabLastCheckTime", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gefunden : user_pref("CT2857573.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2857573.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2857573.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2857573.ServiceMapLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gefunden : user_pref("CT2857573.SettingsLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gefunden : user_pref("CT2857573.SettingsLastUpdate", "1294239661");
Gefunden : user_pref("CT2857573.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2857573.ThirdPartyComponentsLastCheck", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gefunden : user_pref("CT2857573.ThirdPartyComponentsLastUpdate", "1246790578");
Gefunden : user_pref("CT2857573.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2857573.UserID", "UN84613611397924847");
Gefunden : user_pref("CT2857573.WeatherNetwork", "");
Gefunden : user_pref("CT2857573.WeatherPollDate", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gefunden : user_pref("CT2857573.WeatherUnit", "C");
Gefunden : user_pref("CT2857573.alertChannelId", "1249595");
Gefunden : user_pref("CT2857573.approveUntrustedApps", true);
Gefunden : user_pref("CT2857573.components.1000234", false);
Gefunden : user_pref("CT2857573.globalFirstTimeInfoLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gefunden : user_pref("CT2857573.isAppTrackingManagerOn", false);
Gefunden : user_pref("CT2857573.myStuffEnabled", true);
Gefunden : user_pref("CT2857573.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2857573.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2857573.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2857573.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2857573.testingCtid", "");
Gefunden : user_pref("CT2857573.toolbarAppMetaDataLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gefunden : user_pref("CT2857573.toolbarContextMenuLastCheckTime", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gefunden : user_pref("CT2857573.usageEnabled", false);
Gefunden : user_pref("CT2857573.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249595/1245268/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249595/1245268/NL", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/NL", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2857573", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2857573",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2857573/CT2857573[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Gefunden : user_pref("CommunityToolbar.EngineOwner", "CT2857573");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "{b80f591e-fe9a-46cf-a13e-180377240586}");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.13");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", true);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857573");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{b80f591e-fe9a-46cf-a13e-180377240586}");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.13");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2857573,ConduitEngine");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2857573");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 23 2011 22:44:31 GMT+02[...]
Gefunden : user_pref("CommunityToolbar.alert.alertEnabled", true);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 19:57:35 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 19:57:10 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "72d8e15b-8871-4a30-a7ac-b054c36ded50");
Gefunden : user_pref("CommunityToolbar.globalUserId", "bf707c0a-45ee-4382-bed1-ba523243edfb");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2857573");
Gefunden : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 22 2011 17:51:52 GMT+0200");
Gefunden : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jun 26 2011 10:38:35 GMT+0200");
Gefunden : user_pref("ConduitEngine.FirstServerDate", "04/23/2011 23");
Gefunden : user_pref("ConduitEngine.FirstTime", true);
Gefunden : user_pref("ConduitEngine.FirstTimeFF3", true);
Gefunden : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gefunden : user_pref("ConduitEngine.Initialize", true);
Gefunden : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gefunden : user_pref("ConduitEngine.InstalledDate", "Sat Apr 23 2011 22:45:07 GMT+0200");
Gefunden : user_pref("ConduitEngine.IsMulticommunity", false);
Gefunden : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gefunden : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gefunden : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jun 28 2011 19:57:13 GMT+0200");
Gefunden : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 28 2011 22:08:36 GMT+0200");
Gefunden : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 28 2011 22:08:36 GMT+0200");
Gefunden : user_pref("ConduitEngine.UserID", "UN17702119484098755");
Gefunden : user_pref("ConduitEngine.engineLocale", "de");
Gefunden : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 28 2011 19:57:13 GMT+0200");
Gefunden : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 28 2011 20:08:36 GMT+0200");
Gefunden : user_pref("ConduitEngine.initDone", true);
Gefunden : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gefunden : user_pref("ConduitEngine.usagesFlag", 1);
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.defaultthis.engineName", "Elf 1.13 Customized Web Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&Sea[...]
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cx7ep7dy.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.42] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gefunden [l.45] : keyword = "ask.com",
Gefunden [l.48] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=66B73BE4-3A8F-4023-857F-21BFBE8E1DEC&apn_ptnrs=U3&apn_sauid=4C454B66-CE86-474C-81A2-F866ECCF8141&apn_dtid=OSJ000YYDE&q={searchTerms}",
Gefunden [l.49] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"

*************************

AdwCleaner[R1].txt - [18044 octets] - [31/12/2012 15:46:11]

########## EOF - C:\AdwCleaner[R1].txt - [18105 octets] ##########

Vielen Dank, dass sie sich die Zeit nehmen mir bei meinem Problem zu helfen.

cosinus 31.12.2012 15:52
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Dr. Acula 31.12.2012 16:11
der adw cleaner Log:

Code:
# AdwCleaner v2.104 - Datei am 31/12/2012 um 15:57:32 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Milan Libischer - MILAN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Henry\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\Local\APN
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\ConduitEngine
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.17153

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0pv78wgo.default\prefs.js

Gelöscht : user_pref("CT2857573..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2857573..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2857573..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2857573.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2857573.CT2857573", "CT2857573");
Gelöscht : user_pref("CT2857573.CurrentServerDate", "16-1-2011");
Gelöscht : user_pref("CT2857573.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2857573.DialogsGetterLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gelöscht : user_pref("CT2857573.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Gelöscht : user_pref("CT2857573.EnableClickToSearchBox", false);
Gelöscht : user_pref("CT2857573.EnableSearchHistory", false);
Gelöscht : user_pref("CT2857573.EnableSearchSuggest", false);
Gelöscht : user_pref("CT2857573.ExternalComponentPollDate129356796739506287", "Sat Jan 15 2011 22:37:16 GMT+010[...]
Gelöscht : user_pref("CT2857573.FirstServerDate", "16-1-2011");
Gelöscht : user_pref("CT2857573.FirstTime", true);
Gelöscht : user_pref("CT2857573.FirstTimeFF3", true);
Gelöscht : user_pref("CT2857573.FixPageNotFoundErrors", false);
Gelöscht : user_pref("CT2857573.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2857573.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2857573.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2857573.Initialize", true);
Gelöscht : user_pref("CT2857573.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2857573.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2857573.InstalledDate", "Sat Jan 15 2011 22:39:51 GMT+0100");
Gelöscht : user_pref("CT2857573.IsGrouping", false);
Gelöscht : user_pref("CT2857573.IsMulticommunity", false);
Gelöscht : user_pref("CT2857573.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2857573.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2857573.LanguagePackLastCheckTime", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gelöscht : user_pref("CT2857573.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2857573.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2857573.LastLogin_3.3.0.19", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gelöscht : user_pref("CT2857573.LatestVersion", "3.2.5.2");
Gelöscht : user_pref("CT2857573.Locale", "en");
Gelöscht : user_pref("CT2857573.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2857573.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT2857573.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2857573.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2857573.SavedHomepage", "resource:/browserconfig.properties");
Gelöscht : user_pref("CT2857573.SearchBackToDefaultEngine", false);
Gelöscht : user_pref("CT2857573.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2857573.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gelöscht : user_pref("CT2857573.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2857573.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2857573.SearchInNewTabLastCheckTime", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gelöscht : user_pref("CT2857573.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2857573.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2857573.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2857573.ServiceMapLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gelöscht : user_pref("CT2857573.SettingsLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gelöscht : user_pref("CT2857573.SettingsLastUpdate", "1294239661");
Gelöscht : user_pref("CT2857573.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2857573.ThirdPartyComponentsLastCheck", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gelöscht : user_pref("CT2857573.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2857573.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2857573.UserID", "UN84613611397924847");
Gelöscht : user_pref("CT2857573.WeatherNetwork", "");
Gelöscht : user_pref("CT2857573.WeatherPollDate", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gelöscht : user_pref("CT2857573.WeatherUnit", "C");
Gelöscht : user_pref("CT2857573.alertChannelId", "1249595");
Gelöscht : user_pref("CT2857573.approveUntrustedApps", true);
Gelöscht : user_pref("CT2857573.components.1000234", false);
Gelöscht : user_pref("CT2857573.globalFirstTimeInfoLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gelöscht : user_pref("CT2857573.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2857573.myStuffEnabled", true);
Gelöscht : user_pref("CT2857573.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2857573.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2857573.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2857573.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2857573.testingCtid", "");
Gelöscht : user_pref("CT2857573.toolbarAppMetaDataLastCheckTime", "Sat Jan 15 2011 22:37:15 GMT+0100");
Gelöscht : user_pref("CT2857573.toolbarContextMenuLastCheckTime", "Sat Jan 15 2011 22:37:16 GMT+0100");
Gelöscht : user_pref("CT2857573.usageEnabled", false);
Gelöscht : user_pref("CT2857573.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249595/1245268/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249595/1245268/NL", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/NL", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2857573", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2857573",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2857573/CT2857573[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "CT2857573");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{b80f591e-fe9a-46cf-a13e-180377240586}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.13");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857573");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{b80f591e-fe9a-46cf-a13e-180377240586}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.13");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2857573,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2857573");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 23 2011 22:44:31 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertEnabled", true);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 19:57:35 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 19:57:10 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "72d8e15b-8871-4a30-a7ac-b054c36ded50");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "bf707c0a-45ee-4382-bed1-ba523243edfb");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2857573");
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 22 2011 17:51:52 GMT+0200");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jun 26 2011 10:38:35 GMT+0200");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "04/23/2011 23");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Sat Apr 23 2011 22:45:07 GMT+0200");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jun 28 2011 19:57:13 GMT+0200");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 28 2011 22:08:36 GMT+0200");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 28 2011 22:08:36 GMT+0200");
Gelöscht : user_pref("ConduitEngine.UserID", "UN17702119484098755");
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 28 2011 19:57:13 GMT+0200");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 28 2011 20:08:36 GMT+0200");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("ConduitEngine.usagesFlag", 1);
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Elf 1.13 Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cx7ep7dy.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.42] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.45] : keyword = "ask.com",
Gelöscht [l.48] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=66[...]
Gelöscht [l.49] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]

*************************

AdwCleaner[R1].txt - [18167 octets] - [31/12/2012 15:46:11]
AdwCleaner[S1].txt - [17983 octets] - [31/12/2012 15:57:32]

########## EOF - C:\AdwCleaner[S1].txt - [18044 octets] ##########
OTL.Txt Editor

OTL Logfile:
Code:
OTL logfile created on: 31.12.2012 16:14:37 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 61,00% Memory free
7,35 Gb Paging File | 5,62 Gb Available in Paging File | 76,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,66 Gb Total Space | 16,14 Gb Free Space | 3,57% Space Free | Partition Type: NTFS
Drive D: | 6,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\***\Downloads\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Users\***\Downloads\hamachi-2.exe (LogMeIn Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (wlidsvc) -- c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (tandpl) -- C:\Windows\SysWOW64\drivers\tandpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\..\SearchScopes\{004D5A8F-B490-4D03-86EB-03F0DC281155}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=66B73BE4-3A8F-4023-857F-21BFBE8E1DEC&apn_sauid=4C454B66-CE86-474C-81A2-F866ECCF8141
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {b80f591e-fe9a-46cf-a13e-180377240586}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.06.22 18:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 15:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 15:38:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 15:38:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 15:38:38 | 000,000,000 | ---D | M]
 
[2011.01.06 11:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.12.31 15:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0pv78wgo.default\extensions
[2012.09.16 23:16:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0pv78wgo.default\extensions\ich@maltegoetz.de
[2012.11.14 18:33:13 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0pv78wgo.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.06.06 23:21:57 | 000,401,328 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0pv78wgo.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
[2012.12.11 20:17:20 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0pv78wgo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.05 15:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.05 15:38:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.05 15:38:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.05 15:38:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.18 16:06:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 11:36:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 16:06:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 16:06:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 16:06:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 16:06:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.12.31 15:16:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Users\***\Downloads\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001..\Run: [GoogleChromeAutoLaunch_BD9CE8D9AF03ACAD7E09EEFF0A24603C] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Milan Libischer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Milan Libischer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0949795D-1EC0-46D9-B261-471A5E971D89}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D71057B-DD2C-4205-8B27-D7D2BFFC34A0}: NameServer = 212.23.97.2 212.23.97.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34CB7274-4F0C-45A7-8161-AA3E60EB34A9}: NameServer = 212.23.115.148 212.23.97.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D16F0FEC-D0CB-455A-9A49-4A10B4725A60}: NameServer = 212.23.115.148 212.23.97.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E77964F0-289D-4C1C-A250-5D0B67FAD4F3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB7E679A-68AF-4B4D-A068-E43F3587A635}: NameServer = 212.23.115.148 212.23.97.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.31 16:11:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Milan Libischer\Desktop\OTL.exe
[2012.12.31 16:04:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.31 14:55:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.31 14:55:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.31 14:55:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.31 14:55:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.31 14:55:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.31 14:49:16 | 005,016,388 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.12.31 14:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.12.31 01:06:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.12.31 01:03:39 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Milan Libischer\Desktop\tdsskiller.exe
[2012.12.31 00:06:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Milan Libischer\Desktop\aswMBR.exe
[2012.12.30 23:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.30 23:37:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2012.12.29 18:52:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Giana Sisters - Twisted Dreams
[2012.12.22 03:01:11 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.22 03:01:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.22 03:01:08 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.22 03:01:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.13 20:41:27 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 20:41:27 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.13 20:40:53 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 20:40:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 20:40:51 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.12.13 20:40:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 20:40:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.12.13 20:40:50 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 20:40:50 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.13 20:40:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.12.13 20:40:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.12.13 20:40:47 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 20:40:47 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 20:40:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.12.13 20:40:46 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.12.13 20:40:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.12.13 20:40:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.12.13 20:40:22 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.13 20:40:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.13 20:40:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.13 20:40:21 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.13 20:40:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.13 20:40:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.13 20:40:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.13 20:40:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.13 20:40:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.13 20:40:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.13 20:40:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.13 20:40:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 20:40:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 20:40:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 20:40:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.13 20:40:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 20:40:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 20:40:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 20:40:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 20:40:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 20:40:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 20:40:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 20:40:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.08 02:00:32 | 000,000,000 | ---D | C] -- C:\Users\Milan Libischer\Documents\SavedGames
[2012.12.05 15:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.31 16:12:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.31 16:12:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.31 16:11:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.31 16:09:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.31 16:08:03 | 000,000,196 | ---- | M] () -- C:\Windows\wininit.ini
[2012.12.31 16:08:02 | 000,001,060 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.31 16:07:45 | 000,001,048 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2012.12.31 16:04:12 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.31 16:02:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.31 16:02:18 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.31 15:45:40 | 000,551,997 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.12.31 15:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.31 15:16:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.31 14:49:30 | 005,016,388 | R--- | M] (Swearware) -- C:\Users\Milan Libischer\Desktop\ComboFix.exe
[2012.12.31 01:03:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2012.12.31 01:00:25 | 000,000,512 | ---- | M] () -- C:\Users\***\Documents\MBR.dat
[2012.12.31 00:07:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.12.30 15:32:46 | 000,013,851 | ---- | M] () -- C:\Users\***\Documents\Trojaner.rtf
[2012.12.23 13:52:03 | 000,000,290 | ---- | M] () -- C:\Users\***\Documents\steam 2.rtf
[2012.12.22 15:02:45 | 000,291,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 17:52:02 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:40:45 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.11 20:54:08 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 20:54:08 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.09 19:36:29 | 000,000,217 | ---- | M] () -- C:\Users\Milan Libischer\Documents\saints row key.rtf
[2012.12.06 21:37:18 | 001,645,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.06 21:37:18 | 000,708,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.06 21:37:18 | 000,662,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.06 21:37:18 | 000,153,816 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.06 21:37:18 | 000,126,004 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.31 16:07:55 | 000,000,196 | ---- | C] () -- C:\Windows\wininit.ini
[2012.12.31 15:45:39 | 000,551,997 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.12.31 14:55:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.31 14:55:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.31 14:55:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.31 14:55:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.31 14:55:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.31 01:00:24 | 000,000,512 | ---- | C] () -- C:\Users\***\Documents\MBR.dat
[2012.12.30 15:32:46 | 000,013,851 | ---- | C] () -- C:\Users\***\Documents\Trojaner.rtf
[2012.12.23 13:52:03 | 000,000,290 | ---- | C] () -- C:\Users\***\Documents\steam 2.rtf
[2012.12.09 19:36:29 | 000,000,217 | ---- | C] () -- C:\Users\***\Documents\saints row key.rtf
[2012.11.06 20:36:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.28 22:24:59 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.08.28 22:24:59 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012.08.28 18:55:40 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2012.08.28 18:55:40 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2012.06.29 21:13:51 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.12 21:59:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.10.11 18:13:08 | 000,000,103 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2011.10.11 18:08:50 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.07.19 18:02:52 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.19 18:02:51 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.07.19 18:02:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.16 14:02:44 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.06.07 12:29:19 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2011.01.12 20:32:03 | 001,623,860 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.06 11:18:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.01.05 22:31:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.05 22:27:35 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---

Dr. Acula 31.12.2012 16:38
OTL.Txt Editor

OTL Logfile:
Code:
OTL logfile created on: 31.12.2012 16:14:37 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 61,00% Memory free
7,35 Gb Paging File | 5,62 Gb Available in Paging File | 76,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,66 Gb Total Space | 16,14 Gb Free Space | 3,57% Space Free | Partition Type: NTFS
Drive D: | 6,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\***\Downloads\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Users\***\Downloads\hamachi-2.exe (LogMeIn Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (wlidsvc) -- c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (tandpl) -- C:\Windows\SysWOW64\drivers\tandpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\..\SearchScopes\{004D5A8F-B490-4D03-86EB-03F0DC281155}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=66B73BE4-3A8F-4023-857F-21BFBE8E1DEC&apn_sauid=4C454B66-CE86-474C-81A2-F866ECCF8141
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {b80f591e-fe9a-46cf-a13e-180377240586}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.06.22 18:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 15:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 15:38:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 15:38:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 15:38:38 | 000,000,000 | ---D | M]
 
[2011.01.06 11:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.12.31 15:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0pv78wgo.default\extensions
[2012.09.16 23:16:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0pv78wgo.default\extensions\ich@maltegoetz.de
[2012.11.14 18:33:13 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0pv78wgo.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.06.06 23:21:57 | 000,401,328 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0pv78wgo.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
[2012.12.11 20:17:20 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0pv78wgo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.05 15:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.05 15:38:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.05 15:38:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.05 15:38:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.18 16:06:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 11:36:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 16:06:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 16:06:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 16:06:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 16:06:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.12.31 15:16:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Users\***\Downloads\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001..\Run: [GoogleChromeAutoLaunch_BD9CE8D9AF03ACAD7E09EEFF0A24603C] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Milan Libischer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Milan Libischer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0949795D-1EC0-46D9-B261-471A5E971D89}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D71057B-DD2C-4205-8B27-D7D2BFFC34A0}: NameServer = 212.23.97.2 212.23.97.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34CB7274-4F0C-45A7-8161-AA3E60EB34A9}: NameServer = 212.23.115.148 212.23.97.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D16F0FEC-D0CB-455A-9A49-4A10B4725A60}: NameServer = 212.23.115.148 212.23.97.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E77964F0-289D-4C1C-A250-5D0B67FAD4F3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB7E679A-68AF-4B4D-A068-E43F3587A635}: NameServer = 212.23.115.148 212.23.97.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.31 16:11:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Milan Libischer\Desktop\OTL.exe
[2012.12.31 16:04:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.31 14:55:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.31 14:55:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.31 14:55:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.31 14:55:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.31 14:55:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.31 14:49:16 | 005,016,388 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.12.31 14:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.12.31 01:06:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.12.31 01:03:39 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Milan Libischer\Desktop\tdsskiller.exe
[2012.12.31 00:06:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Milan Libischer\Desktop\aswMBR.exe
[2012.12.30 23:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.30 23:37:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2012.12.29 18:52:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Giana Sisters - Twisted Dreams
[2012.12.22 03:01:11 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.22 03:01:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.22 03:01:08 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.22 03:01:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.13 20:41:27 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 20:41:27 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.13 20:40:53 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 20:40:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 20:40:51 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.12.13 20:40:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 20:40:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.12.13 20:40:50 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 20:40:50 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.13 20:40:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.12.13 20:40:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.12.13 20:40:47 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 20:40:47 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 20:40:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.12.13 20:40:46 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.12.13 20:40:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.12.13 20:40:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.12.13 20:40:22 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.13 20:40:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.13 20:40:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.13 20:40:21 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.13 20:40:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.13 20:40:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.13 20:40:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.13 20:40:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.13 20:40:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.13 20:40:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.13 20:40:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.13 20:40:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 20:40:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 20:40:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 20:40:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.13 20:40:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 20:40:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 20:40:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 20:40:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 20:40:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 20:40:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 20:40:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 20:40:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 20:40:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 20:40:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 20:40:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.08 02:00:32 | 000,000,000 | ---D | C] -- C:\Users\Milan Libischer\Documents\SavedGames
[2012.12.05 15:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.31 16:12:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.31 16:12:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.31 16:11:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.31 16:09:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.31 16:08:03 | 000,000,196 | ---- | M] () -- C:\Windows\wininit.ini
[2012.12.31 16:08:02 | 000,001,060 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.31 16:07:45 | 000,001,048 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2012.12.31 16:04:12 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.31 16:02:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.31 16:02:18 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.31 15:45:40 | 000,551,997 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.12.31 15:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.31 15:16:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.31 14:49:30 | 005,016,388 | R--- | M] (Swearware) -- C:\Users\Milan Libischer\Desktop\ComboFix.exe
[2012.12.31 01:03:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2012.12.31 01:00:25 | 000,000,512 | ---- | M] () -- C:\Users\***\Documents\MBR.dat
[2012.12.31 00:07:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.12.30 15:32:46 | 000,013,851 | ---- | M] () -- C:\Users\***\Documents\Trojaner.rtf
[2012.12.23 13:52:03 | 000,000,290 | ---- | M] () -- C:\Users\***\Documents\steam 2.rtf
[2012.12.22 15:02:45 | 000,291,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 17:52:02 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:40:45 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.11 20:54:08 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 20:54:08 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.09 19:36:29 | 000,000,217 | ---- | M] () -- C:\Users\Milan Libischer\Documents\saints row key.rtf
[2012.12.06 21:37:18 | 001,645,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.06 21:37:18 | 000,708,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.06 21:37:18 | 000,662,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.06 21:37:18 | 000,153,816 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.06 21:37:18 | 000,126,004 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.31 16:07:55 | 000,000,196 | ---- | C] () -- C:\Windows\wininit.ini
[2012.12.31 15:45:39 | 000,551,997 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.12.31 14:55:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.31 14:55:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.31 14:55:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.31 14:55:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.31 14:55:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.31 01:00:24 | 000,000,512 | ---- | C] () -- C:\Users\***\Documents\MBR.dat
[2012.12.30 15:32:46 | 000,013,851 | ---- | C] () -- C:\Users\***\Documents\Trojaner.rtf
[2012.12.23 13:52:03 | 000,000,290 | ---- | C] () -- C:\Users\***\Documents\steam 2.rtf
[2012.12.09 19:36:29 | 000,000,217 | ---- | C] () -- C:\Users\***\Documents\saints row key.rtf
[2012.11.06 20:36:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.28 22:24:59 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.08.28 22:24:59 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012.08.28 18:55:40 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2012.08.28 18:55:40 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2012.06.29 21:13:51 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.12 21:59:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.10.11 18:13:08 | 000,000,103 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2011.10.11 18:08:50 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.07.19 18:02:52 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.19 18:02:51 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.07.19 18:02:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.16 14:02:44 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.06.07 12:29:19 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2011.01.12 20:32:03 | 001,623,860 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.06 11:18:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.01.05 22:31:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.05 22:27:35 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---

[/CODE]

cosinus 31.12.2012 16:41

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
IE - HKU\S-1-5-21-1470259330-3820463359-1782755890-1001\..\SearchScopes\{004D5A8F-B490-4D03-86EB-03F0DC281155}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=66B73BE4-3A8F-4023-857F-21BFBE8E1DEC&apn_sauid=4C454B66-CE86-474C-81A2-F866ECCF8141
:Files
C:\Users\***\Documents\MBR.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Dr. Acula 31.12.2012 16:48
ODL Extras:

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 31.12.2012 16:14:37 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 61,00% Memory free
7,35 Gb Paging File | 5,62 Gb Available in Paging File | 76,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,66 Gb Total Space | 16,14 Gb Free Space | 3,57% Space Free | Partition Type: NTFS
Drive D: | 6,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MILAN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00219C77-CDFF-4958-AB65-07D4D6B8D4D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0612B72D-D15E-43B9-98AC-AB9A61EB2478}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2706B315-5FC2-46F6-9E57-3F237C4A4FAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29847072-5AC2-4C3A-99B8-14AD57739C76}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{37D4057E-423D-485A-8942-4A2B28453B64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3C9C60E8-5399-47DA-B9E0-D5892D4B6415}" = rport=138 | protocol=17 | dir=out | app=system |
"{4A3F5E21-7218-43FC-91AC-C7CBC647CDEA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4E2AC35E-6F65-414F-B499-8755242E4198}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4ECA6461-F6ED-48ED-8486-66E16DB5396B}" = lport=139 | protocol=6 | dir=in | app=system |
"{51CDE418-6119-4C9A-8F7D-83B3E8E534C4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60E6DA7B-C1F0-418E-88AA-E317E1591D3B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{610F5019-73B1-4C14-9E32-F76D62D5003C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72B8AE2D-E5E1-4DC0-BA4E-2CAA5BF6EDDD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7827CBEF-DA45-422C-9752-D5CAAD2ABD8C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DF45EE0-7C07-4BAE-B8D2-F7FAA45274AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84E4F62C-E24A-4569-B9A5-6D1E5AF116B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85742EFA-0031-44BD-950E-71299F6067B6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8645DF43-251C-4CCC-A6DB-D116E20094EE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{88F28F36-AB03-4503-8E5D-371103F4C72E}" = lport=138 | protocol=17 | dir=in | app=system |
"{8B030657-AAE2-4D00-B974-DA0ABE026341}" = rport=139 | protocol=6 | dir=out | app=system |
"{91CE65C8-DAEC-4E83-8373-54C9BC140EFF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{98705D5F-84E3-4589-BD83-D626499F0ED1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A67FD48-C280-460C-8794-429769FB67AB}" = rport=137 | protocol=17 | dir=out | app=system |
"{9C5FFE0F-B8A0-444A-8F63-19A3F112FB19}" = rport=445 | protocol=6 | dir=out | app=system |
"{A72001C9-8542-47CB-A84A-7357AEC88F89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF83C414-D09A-4F5C-9033-E60EFB938802}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B13401E3-0381-4763-A888-08006FA5A334}" = lport=137 | protocol=17 | dir=in | app=system |
"{B4AF57A6-FDE6-4703-9607-1DE8B7C4BD3E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BD8C3D21-6233-4791-8E3A-038C0BC2CAD3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C33438C5-747C-4731-9ADC-5FD6304384B3}" = lport=445 | protocol=6 | dir=in | app=system |
"{C5DB66D7-7CE7-435B-A09D-EC1AC5667E59}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E6A8600D-7E6D-4314-AC41-1049CA4DAA09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ECCEC716-97CD-4479-AA81-3BA8D0DDCFD2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F67E5E71-57BA-42F3-9DCE-E299C0E93067}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FCBF86-F973-4EFA-9669-9A1C0C2DBE9B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{013B054C-0008-4742-9F42-525AD3023851}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{01CC91DA-1674-45A0-AC45-62B483801E82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm |
"{024C6435-2786-4D16-9BBA-E23384FCEDEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{02D94065-C399-4E8E-AEA4-53FBF4C46636}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"{036E8F57-D734-4002-AF26-E4A960FFBD15}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{04331F39-2B63-4169-AF4C-49DDE750F841}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\ricochet\hl.exe |
"{05AA8C51-51F3-4EF6-A4FE-A443ADAB0C87}" = protocol=6 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe |
"{06048B72-B2F9-41C2-B932-EC23AD275224}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe |
"{072E42B3-DF66-4152-85A6-75C3EC5077E7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0857C88A-2070-4BB7-8DF7-B69A558475C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{0B6154BF-B5CF-42DC-A560-F615C8B1AA3C}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{0B732288-0DC1-45B2-AAA3-95746A6D7A60}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{0C58B7B0-5C07-4060-90C8-ABFADBE34A1C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{0CA5BE8C-3CF9-4A3C-8FAF-9EA4656ED477}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{0CC0F92B-1C6B-452E-A6E9-4B82D246B83D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{0DD0EC60-9714-43CB-91BF-4038632D1C75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{0E70321A-6091-4F02-9C8F-4F7A648CCC12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"{0F68AE2A-AAF7-4723-942C-D36DFFD9F307}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{11C1A4A2-3B51-4DEA-AF31-DE28635CB037}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{13289F0D-56B1-4F90-A512-5D4015764606}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{1375BD19-D076-4747-AE8A-FD9CD0BBF00A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{13DCA445-B566-4122-ADA1-BF6C03F2AE86}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{14673CBE-6016-4AB6-8715-73D133073688}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{167DC079-0E49-48B9-B679-198C2D8E4EB6}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"{17105CA1-383C-4A6D-8F50-667C304E04A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{1729D3E2-4AB8-4727-9D89-6B684747C7D1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{17D458CB-3FC8-47E2-81F2-5D3F1B681EA7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1884D974-5132-4863-BBB9-DF3DAF401368}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{18961737-73B6-4B3E-8BB5-C102EE33B6B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe |
"{19D0A320-8402-41EE-BF88-988F51DD769B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"{1B4D1FC4-B83A-47B7-B335-590CD71B0F4E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B6B45CD-2C1D-41A3-B918-43357F90ADB5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{1BF30761-CEDD-401C-ACA0-AE4CC4AC6403}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{1C208A1A-C477-4567-85CB-CA5CCCD9E738}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic adventure dx\sonic adventure dx.exe |
"{1C48BA48-D583-423A-993E-B92A90F119D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{1CE64341-E1B9-4350-A60D-E745FCAAA266}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe |
"{1DDAF628-7B4B-4AAF-B9F6-C6972F365006}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1EDEF0B2-8358-45EC-A664-C4AE55E88C58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe |
"{1F582AC9-B0A9-4FB2-8559-99C47D6EE4A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{1F6DFCE8-B0D7-45D1-A052-7A5D1C20CA83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{1FD90CA7-CEE3-4F89-A68E-58E3A833D9BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space channel 5 part 2\config.exe |
"{21FDF634-BE67-4A2B-8C01-A5A6926B6EAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm |
"{24841FAB-21EE-4EE5-A914-8FE3521AFA1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thebaconing\thebaconing.exe |
"{255BA1B2-7F31-4C81-A004-EEC7866E048A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2600685C-C68D-4B67-AC05-873EB84118EB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{2694F505-4518-49B9-8623-B6036031FF9A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{2741BA39-8985-48BA-AF81-EBD4428F11BC}" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"{2777EE86-E934-49CD-93A5-AC2F46DCF5EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{2796BC96-A899-4168-AAA5-AC3D2EFA77EE}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"{281F99EA-958B-4DE9-8FAE-B107D2CD27A3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2875A8B7-3FCA-4BEF-B211-90097D6CA259}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{287AA762-A4CB-4C2D-A29C-C20653A9B70E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{290A915F-C65C-4B0C-A021-FDBC5FCA8D38}" = protocol=58 | dir=in | app=system |
"{29BF8038-0D05-49C0-885F-5D43BB6E57A3}" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"{29CFBFA6-D0C9-4D1F-BCCA-DC1A79A0A62F}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2AC1E624-C75F-474B-972A-300D6D4A7EDF}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{2B9F86FB-C534-4804-97EB-DBC6CBBAA0C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{2BEF8B3B-7CBD-4932-8ACB-721CFB4B05A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{2C46ADED-D020-4863-B682-D8C6D930D6E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii\twoworlds2_dx10.exe |
"{2D4F6F6F-309C-48EC-B9E3-BF834E1F93BE}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{2EB8844D-CEF1-4AAD-948A-6829F0D7CC25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
"{31CA986E-B5B7-40E1-9049-15EC1682ABD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{32482A82-8110-463D-BBE5-27F976E1CDD1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{32F069FE-49F6-413B-856F-86A6603F21DC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{335875A7-6E41-46FD-9AC3-56BAB94FAD36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"{36F83066-3FB7-4315-A70C-A7C3CD533CAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\ricochet\hl.exe |
"{397A418C-1345-4704-A5B2-D09D428C3083}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{3CAC9BB4-E8BD-4748-8346-A26BD9117EA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{3F1BD345-3C21-47C4-B31E-8DA47C6A9130}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{401288BC-14E8-4655-B5F5-D2284981CDD5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\botanicula\botanicula.exe |
"{41DA4C71-BE9C-4B21-9F3F-F61C6B6B9CC3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{423B5B4D-64FF-48FC-BA7C-A9F24AB1AECD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{426B0AFA-2E23-4EB7-BB3C-EE24BBABFA94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{4529395D-CEA6-497D-9D5B-B60F97D4733D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{4581706A-75B4-456B-9B82-84EB64206719}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{45B2F397-1AE5-4B7A-BEBB-D96B61E4F014}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe |
"{45E076BB-F336-4AEA-9703-41D3040E476F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{461F07C5-FC8B-4FA0-B07A-624A6F005968}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
"{463602F7-17C8-4858-978C-0F4A3FFCD8EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{476D6ECE-85D2-46F3-827E-DC71B889F481}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe |
"{47BF9B8F-3CE9-4E62-8F2A-2D204D4132C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garrysmod\hl2.exe |
"{49508BF8-0C49-4EE6-A917-81AD5E9C1E49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{4AA117EF-34B2-4AFF-9A7D-8D8F1EB8DF52}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4B4D11C4-DB3B-49B4-A79C-17A1D6E53D1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4DD2AF95-83CA-4C2E-ADD8-4C152EEEB90F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space channel 5 part 2\config.exe |
"{4DF197D7-AA1F-4966-BC05-D8A6ED3C9398}" = protocol=6 | dir=in | app=c:\users\milan libischer\downloads\starcraft_2_eu_de-de.exe |
"{4E0A4130-6847-4D01-9CB9-954FF81F0D5A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{4E0F2050-E267-439B-B02D-485C64BCB37B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{4E82F7F3-94E6-4C3E-B9BE-C25476E06081}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{4FB4BEEF-715C-4307-A027-75AC7014D798}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{51C30358-C325-4187-BFBF-05CA7ECBEE6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{52F7193D-BFB0-42CE-83B6-BF79801E2A21}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{54472E90-D9B7-475C-A695-6DAE862C081F}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{54BB3E9F-B222-4DA3-8EA4-1AA17F61A055}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{54E0CF21-8432-4F66-A88D-C70686A04CAD}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{55D36B35-422D-4E31-89B1-B765F2C550D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{5734F768-673F-4F29-BB71-C1DD102E1A57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{579CA0E8-D896-4660-A67A-81C44C0CE1A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{58367A3E-FD3F-4F2B-89A8-C3FF2A806AF1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{5ACDB089-50E5-4A4C-80BE-01FA907437F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe |
"{5B0F644B-3221-40C5-A8C7-B0571B233031}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{5B55A85A-B3A2-465C-B3DA-CD3563BC89E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thebaconing\thebaconing.exe |
"{5B602EE7-8973-4D48-842D-CB7B05D4079F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{5B9821D3-F980-4B82-A5B4-1BBE054247BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{5DF771B5-9ABB-4553-B3A6-0C941D0B1483}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{62D86941-CB41-4792-B542-2C75CB74FDE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\team fortress 2 meet the spy\smp.exe |
"{6356A6BF-E26A-4497-8E4C-D1FE9CB59400}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah\hellyeah.exe |
"{651623D7-E626-4885-80D0-7024B42E8EC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garrysmod\hl2.exe |
"{6620B9A5-12CF-4D02-97E0-44489A13C1F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe |
"{66308FA0-38C2-4C98-A4C8-E1C9A588DA22}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\streetfighteriv\streetfighteriv.exe |
"{67C6B6F4-46F9-4DC3-A60F-CC7C007F3287}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{682CCBD2-7DBF-4BDA-B55E-7D8A26775AFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe |
"{691139F1-2426-460B-BF28-3AA86B20D75D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"{69E8624C-54BE-4690-948E-9EAC5AFE50B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{6A524D14-4D83-4CCE-BB7C-126B45FB6858}" = protocol=6 | dir=in | app=c:\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe |
"{6A57B68E-4921-4814-ACA5-D451185BFC86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6B0AB46A-A48D-4A7A-A28D-D37797B32EFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@dayz\expansion\beta\arma2oa.exe |
"{6B951EA0-1931-4962-8ACA-62AD24DA2B9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6D11CD7F-CBE0-467B-97A7-6FB5F8BEEF5A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6D541F8B-8A28-4456-91F3-391FAB7951E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe |
"{6DF39EB7-0ED5-43A8-8FBD-14950EEF7086}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{6F5B1E2A-1249-45EA-9ED6-54913AF9B517}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{71759870-7D6C-4909-9A48-B7CB672E5AB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{722D4790-9246-4E01-8710-AF8D17F4A27E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{72FF432D-2FA2-4F82-B8C9-78AFB62FBDCE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{749C1B40-5C0A-4A3B-8FDD-3F299EE04CFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\botanicula\botanicula.exe |
"{752BFC1B-946D-4BE5-AD26-A89E50C95913}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{75CA1DEC-F3BF-4D62-BF05-D49082E2AA24}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{78A22BB8-D483-4B28-8C3D-8A99FAEC8055}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{78ADDD1C-53C4-460A-A33C-48B9DA101624}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{78EFA4A1-8E45-41B8-B5AB-DE1EBA7E2DE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crazy taxi\config.exe |
"{797F8B2F-EA35-421A-8B0E-D7B578413B9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe |
"{79FCA8EE-47E0-41AA-BB97-782942DBA913}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{7C1D2DA4-1845-4708-9C22-C336AF669DC7}" = protocol=17 | dir=in | app=c:\users\milan libischer\appdata\roaming\dropbox\bin\dropbox.exe |
"{7D6870AA-68BA-4D2E-ADB1-5B42FA8F254F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{7E16A3D1-CA74-40B1-A6AF-E8A1816AEBE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
"{7E88176D-AAFD-430A-B5A0-E3AB5D15FDCD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe |
"{7FD7B8BF-A915-4259-A808-F2AEFDFB51C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{807818EA-AC9C-40CF-8CEF-8F2427DFDF70}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{813854D3-8498-4464-8D70-6D14F6C7F521}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{8147D551-0E74-4D33-9E6E-8F9258BD2C04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{81E31909-9EDE-4F73-AA29-30F77F3A67BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crazy taxi\crazy taxi.exe |
"{8287A5CC-046C-41C1-BB85-E64C3277374B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |
"{8287D6BC-8BDB-4E95-ADE5-110F9FE91E67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{8386BD82-853A-412C-B970-023FC606C7E0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{83ED6EF1-3466-48F0-856C-33CAFF380BC9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{85B4EE94-6AC9-4914-82DD-E9733DF68644}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{87309149-2061-4F85-A97F-14B225F54AE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{88891246-1A3D-40E3-B9C3-EC2BED568824}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{897A2D66-C8E8-44F4-B70D-648DE82A21A3}" = protocol=17 | dir=in | app=c:\users\milan libischer\appdata\roaming\dropbox\bin\dropbox.exe |
"{8B1D7397-4BB1-427E-9ABE-18921A0BC882}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{8B25BBA2-ECD5-43EC-8CCA-83355DD7EF64}" = protocol=6 | dir=out | app=system |
"{8B8499FC-1D30-42BB-9A64-33AD7E20BBF0}" = protocol=17 | dir=in | app=c:\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe |
"{8C807E00-E15F-4F50-BA9C-827F12C15E6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{8D1D4ED4-593F-4BE9-9596-48A58C6B4246}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{8D473FA4-2133-42C8-A00C-7F841EC7C4CC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EE7018F-739A-4ACB-BD28-A82E17814DB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FFEBFA0-3612-493E-88E1-5FF7A2E14A57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{905C6400-2B2D-41E7-BBD3-57E340730AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\faerie solitaire\faeriesolitaire.exe |
"{907AA42A-5D3E-4186-AA2F-6BFF370CD11C}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{91561701-0386-426F-858C-85C0279FC862}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe |
"{9159B6F9-9C06-4FF5-A7CD-74F0385796AD}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"{92A04CC4-5A8B-4799-A040-93CBE6E475A6}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{92E1F2B3-4803-4C4D-8127-970E9F2D9CB7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"{959520EB-1A12-44A0-8D04-8954AC74D572}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe |
"{978AC6A2-767B-4A12-873E-126FE9977CD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{984FE88A-3B79-40BB-A3B6-C365880FB998}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9932D605-16BA-4D89-BB3B-73BD6A539417}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{9959F327-B9C9-4834-967A-4ED04761DF5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crazy taxi\config.exe |
"{9C7D03EC-DC8F-463D-82AE-CC1731A42F35}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9D2E3A59-32DB-4A2C-966D-E782D4823979}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe |
"{9D2F5422-C429-4EA2-AFEC-AAC5BCC57B08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic adventure dx\sonic adventure dx.exe |
"{9DA0D7AE-1B1A-4E25-B8DB-9601950C3F2A}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
"{9DA561FF-1122-4F13-AF44-CF6DC030B2F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe |
"{9E4E3453-A30C-43A5-B161-53ABF2060B62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{9F00B544-6B5B-493E-8219-C93E39F06ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{9F4B4619-407D-47B0-93DE-F0E360B1787C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic adventure dx\config.exe |
"{9FB07982-4BEE-434D-B1A7-C6945E3B6213}" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"{9FE6C901-2E49-4BC3-93D6-B6F53958C3E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{A3422640-08C3-4B6F-95EA-A09ACF31C07C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A3536EF4-FBA6-42C3-80B7-5F6A50072FCF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{A3E5F54B-98A7-4C19-BEE4-8E980FF3A514}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{A41CC0F5-E975-4C2B-9A25-324BE26EFCB9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{A486D849-2EA8-4971-B8C4-76B9756C5B88}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{A4ED2A7A-0060-4EEB-8288-7BD19D5C81FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah\hellyeah.exe |
"{A5661FE0-8378-4573-9235-750B765AF173}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe |
"{A5773540-E29A-43DC-9C8A-D047662A169C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{A5CF23D7-293A-4EB5-A562-D1EA992EF734}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{A7442B83-EBC1-42DA-ACDD-8C05767E2B5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2 meet the spy\smp.exe |
"{A9D8FA05-F704-4CBB-A082-BE25F5A3CDE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{AADD53C9-F441-4F16-8239-55A5794AD1A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe |
"{ABF7C789-5C6E-4926-A963-3A3F6FE7D03A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space channel 5 part 2\space channel 5 part 2.exe |
"{AC2F6FE5-AB08-4CE8-A9FA-9B9226F8376D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{ACCB324B-D0D8-463D-94ED-8FFF61291706}" = protocol=6 | dir=in | app=c:\users\milan libischer\appdata\roaming\dropbox\bin\dropbox.exe |
"{ACEC0508-C185-4B13-97BA-52A436406123}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{ACF5D9D7-4FC4-4FE1-94BA-065CC324F5D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{AE7B2B4C-03D5-4EE3-ADA2-2A276E3CED5E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{AF452EEA-5F7B-4FE3-89D0-435B0EF0FD0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{AF805F69-600E-4F07-8391-3635C0BEB1F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{AFBD197A-3D59-46DB-A47C-308AA67C50DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crazy taxi\crazy taxi.exe |
"{AFCA4E35-852D-437B-B1FE-14538E436F83}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B15D4EFB-CFCD-4509-83C9-9F6430748C05}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{B2BA4C44-1E2B-44D7-9DDA-98AFFE63C879}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B34CB43E-6495-4852-B9E1-FD75122761D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
"{B3E5D202-C98E-4645-BD09-5F89ED034AC0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{B40A9047-7202-4C0B-AB9B-3A046160E27C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{B458CFF6-D4B3-4C08-8D75-F67D79279C39}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\streetfighteriv\streetfighteriv.exe |
"{B4FD65B8-1F70-471A-AEB5-A072187DD4EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2 meet the spy\smp.exe |
"{B502025F-86D5-4B56-8466-7B72E97F53D9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{B55B4959-FD97-42E7-BC32-F5D7E2FA9CAC}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{B5EF3865-201B-4B02-A7CC-E0EDFEAE59C7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B6C29B41-9EA7-4AC4-BA6A-6702BB955E94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{B749F5AC-1D63-4D37-B396-4D0FBC4AC244}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe |
"{B85C8207-D0B7-444C-BB16-204A2096122D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space channel 5 part 2\space channel 5 part 2.exe |
"{B8D87113-7DC7-4500-8CA4-FDA9F7F5A56F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{B8FAA761-895A-4B38-925A-3D24E731F8DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tinyandbig\tinyandbig.exe |
"{B8FDC939-0E6E-43A6-BB10-B17FCFE02A16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{BA11CD07-2173-4569-A648-F575DEC152DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{BA9E15BC-DE79-4E83-885E-9F5FDDA5DB02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"{BC365850-9C10-4808-8315-F89402005994}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{BDBCBD4F-5B24-4C99-AD4F-B8486D4E4922}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{BDDF3C6A-967B-495B-95A9-43E4CE07ABE7}" = protocol=17 | dir=in | app=c:\users\milan libischer\downloads\starcraft_2_eu_de-de.exe |
"{BE926D29-4DD6-4EB9-A16F-2519DAE495EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@dayz\expansion\beta\arma2oa.exe |
"{BFC3BC5B-A8C3-4FA3-AE48-77AA5109A3A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{C02CBCDC-2719-4D56-A05E-31DBE51748A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe |
"{C0A10D06-D044-4EE9-B3B7-A53D0588F735}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C0BEB514-FA32-4F5E-9990-C9245D856538}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C0D0573D-02BB-4E2C-AD82-A7A452C0821B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{C23C1584-7D54-4313-82B6-C13BE7FF63AF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{C2843883-7A5E-48B5-9825-D4A5C5534DB0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C2E6215C-C27F-44E8-B23C-26162B0FA472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{C36B33B5-8B17-442E-931D-74623D6D93E9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C644B63A-425A-416C-A0AB-93D3741005CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{CB174ADB-DEF4-40B9-A257-179584445162}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CBE72325-9F1E-44FB-8105-7ACB3DCA70D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{CC3CF228-D71E-4A5B-973E-775924154C4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe |
"{CC4377A0-78AE-40F7-9779-A0127C43C89A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD21A7CC-D05E-42B3-AEDC-953DFFA84DE8}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"{CE3E982F-6ECF-4851-9931-ED3DC9998543}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{CE4C032C-9DA4-4A05-ACF4-30B00C4538F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\counter-strike source\hl2.exe |
"{CEC6783E-3E43-4327-9402-3B058A965EEA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{D05F1193-68CE-482C-BF08-4325C9680272}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{D0E56833-39E9-41B7-AD39-F99BD82A905D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{D1A85000-1F33-4AB2-AB10-1631303A8E3E}" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"{D41116EE-3842-4557-8BFB-2068F87FF050}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{D476B030-5385-4B4D-8507-A9436EC86F9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{D58208E5-D5C5-40B7-91FF-330A9AD1D1A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{D5F51353-ACAC-45F0-9F65-5E2377BC52DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"{D6FDD260-E096-44C1-9E20-268ABFBED640}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D844B76F-41D1-486B-8EB7-FEC4AEEED69B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{D989D078-C117-4B8D-A58C-053E50F1B783}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{D9DD370B-7C89-402A-A6E0-A3A80D65ED53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA7B949D-C17E-4EA8-9319-CF25CFCB8147}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{DADCD03E-202B-4F88-8397-FDAEE5995557}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
"{DADEE80D-118F-4B93-BE1A-F5E67D5B04A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{DC788193-6016-40C9-A784-506E184E7204}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DC7C6DDF-EF76-4C81-8CE4-EC3A05543FA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD03BAFF-50AC-4DF9-B1CF-8239AC2B9EC1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{DDC03897-3E52-4D99-B20D-1DE51B6313B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{DDF7B1AE-798C-4574-9A57-330018516E63}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garry's mod beta\hl2.exe |
"{DE34DC7E-3240-478E-B8B2-D24775F50AFE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{DEFE1156-D800-456F-AD61-929486F35777}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii\twoworlds2.exe |
"{DF162185-F450-4EA5-B6F0-95B35E1FCD40}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |
"{E0328C04-1D93-43CF-BEFB-422B37100651}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\team fortress 2 meet the spy\smp.exe |
"{E1082403-6F01-4945-B4FC-E48A97FD53EE}" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"{E226F4D4-7A07-46D9-80C2-5B0BC8F37399}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
"{E318C692-A779-476A-A3F3-6F549610A736}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{E32470BC-AFDC-46F8-9219-C82B161CCB5C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{E3AB3996-5CE4-4FD6-B55A-94ED16753150}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{E3DB90E7-CDE6-4558-AE03-9B7B2A6BD997}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{E490FDF3-4BCD-4D4A-971C-239549BA3C5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{E5BE2BC6-6CAF-448F-9E58-62CD57C6C3EF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{E6349B97-5B11-468F-9A44-DDEEB81A154E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{E7A7063E-1C74-4E3F-B386-4CECFA77BA83}" = protocol=17 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe |
"{E8574FF9-A709-4EEC-9183-EA9FF0D6B155}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{E875C842-310C-46CE-B4C7-28244E4D3ABD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii\twoworlds2.exe |
"{EA836C5E-8B20-4CAC-BD60-2C331A5D1AD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tinyandbig\tinyandbig.exe |
"{EA8E89CA-6CE8-413D-A880-3BC7F802F672}" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"{EAE8867C-301A-4D53-9632-DAB8845C1409}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{EB2603D1-EAA7-49FB-8731-E6D406C91910}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{EB5ECFDA-31CC-4469-9869-48C1A53CDDBE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{EBA2F84C-65BF-4D72-BEA4-218CD11462F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{EC3A8D28-A16C-4329-AE7A-8B1CC2693E0D}" = protocol=6 | dir=in | app=c:\users\milan libischer\appdata\roaming\dropbox\bin\dropbox.exe |
"{EC959CF4-0825-49E9-AC06-DF1A7780B6DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{ECF2B6D8-6824-48FB-87F7-B8A94AC40E5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garry's mod beta\hl2.exe |
"{ED510328-8DE8-42CC-997F-AE1250C436A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{EDE09A61-3D55-4375-BCB1-050731A61B40}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\counter-strike source\hl2.exe |
"{EE2D4E9E-CA32-4B9D-A487-247ABE28D024}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{EF75E125-30EE-4724-A689-5449C493A214}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{EF8D2500-DAE5-4BAF-A7E7-9C527F07BACC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EFD493E1-5C6E-4F3C-ABEB-EEECBF0DE39F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{F18E5340-59D5-4D61-A56D-2BF7ED596CB8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{F1B8DD5D-CB14-46F5-BCA4-EAA4156A2E16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{F33CA7AB-03D3-4371-A6E3-87D0303F07FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{F6297B34-2CDE-4A00-90C8-9FEBF2BC5D71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F71F7713-2893-4C77-BABB-26DBF7083E7F}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe |
"{F788A1DD-44AF-494C-BAB2-595B699ACF88}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
"{F8830A04-00D2-4D88-AFC7-A8FBAC5FF32B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic adventure dx\config.exe |
"{F9501B5D-0EC2-41AB-8991-9C99EF352637}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F992A234-618D-437C-97B0-636FD2D1CD18}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{FBAD330B-C845-428F-AACE-428DFF309577}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{FC01172B-929A-4200-B526-E4EB15FC346C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{FC8246B7-9620-4D95-8D5C-7AF4CFB57AAA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii\twoworlds2_dx10.exe |
"{FE311B61-2431-45F7-92B7-DD58C6978DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{FEB169B7-4B62-4DF5-814C-E88FF6C73D38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{FF152E44-9AAE-4B74-9799-31B008CD510C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\faerie solitaire\faeriesolitaire.exe |
"TCP Query User{0363FB12-3EB1-4C79-85BB-986EB6025B71}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"TCP Query User{086B261B-6498-49C2-9001-621675460A02}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{0BE35DE9-B185-4827-BB54-9122793C79C3}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{140AB2F8-C5D7-46E6-AF67-CD92C6F79AF6}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"TCP Query User{1689FEEF-63A7-408D-9028-E7D00F5852EF}C:\program files (x86)\steam\steamapps\serj561996\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\zombie panic! source\hl2.exe |
"TCP Query User{1B7E23F2-5825-4847-8BD9-F8665F139260}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{299739FA-0C78-4503-BEA9-05D2BF145F8A}C:\program files (x86)\steam\steamapps\serj561996\pirates, vikings, and knights ii\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\pirates, vikings, and knights ii\hl2.exe |
"TCP Query User{2AEFB3B5-9C69-4C15-A50A-55985C357F1F}C:\users\***\documents\xiii lol\system\xiii.exe" = protocol=6 | dir=in | app=c:\users\***\documents\xiii lol\system\xiii.exe |
"TCP Query User{37BE7CA4-ACFC-4C4C-8668-FD6D2AA5F325}C:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe |
"TCP Query User{41ACFDFF-059A-4001-881D-277B291C3B97}C:\users\***\saved games\dummes online gedöns\armagetron advanced\armagetronad.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\dummes online gedöns\armagetron advanced\armagetronad.exe |
"TCP Query User{429C05DC-D0B3-4BCF-83F3-C849BCB2BEFC}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{47FF59B4-4518-45C7-9519-BAFD880E78BE}C:\program files (x86)\steam\steamapps\serj561996\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\half-life 2 deathmatch\hl2.exe |
"TCP Query User{4B317318-F331-4BFC-A569-DEB672746F27}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\uplaybrowser.exe |
"TCP Query User{67857CAA-D189-4F43-AEF1-B36ED87414D9}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{69DA34B3-3B71-4E60-9E45-D413C0B4A9D8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{6BBDABA6-6BC1-48FA-832B-A6DF9E0D10D3}C:\program files (x86)\steam\steamapps\serj561996\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\day of defeat source\hl2.exe |
"TCP Query User{761190EA-B4FB-4741-AFB9-D1AEEBA1167B}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{7F96DE09-9C1A-4E99-ADB6-CDB690BE9074}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{8061A240-04F0-4B66-98FF-6425463DFB6F}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{81AD68D5-1829-4188-9264-B25D8780DE7F}C:\users\***\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\starcraft_2_eu_de-de.exe |
"TCP Query User{828EBE9C-4652-41C8-9D73-59504FACF2A2}C:\program files (x86)\steam\steamapps\serj561996\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\team fortress 2\hl2.exe |
"TCP Query User{8345E9CF-3375-4DD1-A905-11A8DFD94D04}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{85D129C6-0736-4092-B598-8B05F83799A1}C:\program files (x86)\xiii lol\system\xiiied.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xiii lol\system\xiiied.exe |
"TCP Query User{89B00CE7-025D-476E-BA11-D44A42E18BDA}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{8CCFCD9B-45AB-493A-8AC6-D38C23D43CF4}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"TCP Query User{8D1E158F-1F48-4FE4-9A28-53BCD1AD19BD}C:\program files (x86)\steam\steamapps\serj561996\garry's mod beta\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garry's mod beta\hl2.exe |
"TCP Query User{8D4FFC08-AA4E-4EA4-A223-62377E299351}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"TCP Query User{9125998F-8B9B-420E-A973-FF21FDB8F8C4}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"TCP Query User{9379D98F-F0B2-4E25-BECB-3E20E92FB1FE}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"TCP Query User{A3549AA6-84FD-4F9E-BD90-54887493573B}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{A544E5ED-C31D-45BC-9F58-BFCF9BE5A468}C:\program files (x86)\steam\steamapps\serj561996\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garrysmod\hl2.exe |
"TCP Query User{AC77D86F-3771-4D3C-ABD9-C3778F8CD23F}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{C0250A52-2622-4BE9-B98C-E83926BEA6B8}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{C06FFB10-B1CB-41ED-8024-1804E4C35E95}C:\program files (x86)\deep silver\nail'd\naild_x86.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\nail'd\naild_x86.exe |
"TCP Query User{C5B2C7F0-9A4A-4623-8879-942700366BBB}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe |
"TCP Query User{C93AB05C-E7F3-4D4C-B6C2-69E8C86F197E}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"TCP Query User{CA271501-91D7-4E4D-B52F-20727D5F0866}C:\program files (x86)\steam\steamapps\serj561996\synergy\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\synergy\hl2.exe |
"TCP Query User{CB69C7EF-7682-434A-9B52-59B5B812B23C}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@dayz\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@dayz\expansion\beta\arma2oa.exe |
"TCP Query User{CC4B0858-267A-490D-B1E1-94A8F69FE1C1}C:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe |
"TCP Query User{CCB1FCDD-21A5-4DD6-A8D0-BF5FCF7E34D8}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
"TCP Query User{D2395DC5-3478-45CC-970C-66800BF27050}C:\program files (x86)\steam\steamapps\serj561996\diprip warm up\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\diprip warm up\hl2.exe |
"TCP Query User{F5CCB0D1-DE83-4C69-9DE6-A8B5C9054CD3}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe |
"UDP Query User{00E38666-1900-44C7-B815-E85C99917D10}C:\program files (x86)\steam\steamapps\serj561996\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\team fortress 2\hl2.exe |
"UDP Query User{07869530-0FAF-410B-84D4-802A92BBEE01}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@dayz\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@dayz\expansion\beta\arma2oa.exe |
"UDP Query User{07CFF640-5446-48A4-8A38-59DA4756BA85}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{10813C7A-8764-4798-9C56-51292F4A20D0}C:\program files (x86)\steam\steamapps\serj561996\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\day of defeat source\hl2.exe |
"UDP Query User{16C7CB61-E3AF-4CF1-A7D2-0FEDB2DC12F2}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{1BD76309-E941-4E5A-BC71-FB4CED4483CB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{26EBE64E-0604-4097-8B20-F0B180444252}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{2AD1A8C9-3582-4C6F-8D31-3E3997E6DDF6}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{2C37369A-5C14-4421-B98C-65F489ACB2F6}C:\program files (x86)\steam\steamapps\serj561996\garry's mod beta\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garry's mod beta\hl2.exe |
"UDP Query User{2F3C94CC-FD26-45F2-96DF-6C7A12FC9AA6}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{33ABE7C3-1787-4C9C-AF91-D51561CE1752}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
"UDP Query User{3498A9B6-5F2A-4787-B250-A888854F1D6E}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe |
"UDP Query User{37688930-0692-4202-A910-1C3D6D361D62}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"UDP Query User{489D5AFA-9554-4FE6-B0B1-2D3B6B58ACCC}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"UDP Query User{4E2716F3-695C-45BD-AA13-058537D60486}C:\program files (x86)\steam\steamapps\serj561996\diprip warm up\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\diprip warm up\hl2.exe |
"UDP Query User{565E267B-C9D4-4FCF-8B0C-1B8FC930E5EE}C:\program files (x86)\steam\steamapps\serj561996\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\garrysmod\hl2.exe |
"UDP Query User{59AEF0D1-F6E4-497B-8B98-775EB0CB7B64}C:\users\milan libischer\saved games\dummes online gedöns\armagetron advanced\armagetronad.exe" = protocol=17 | dir=in | app=c:\users\milan libischer\saved games\dummes online gedöns\armagetron advanced\armagetronad.exe |
"UDP Query User{5DB740EB-7DE2-4FA4-B5C6-774EBF311AAD}C:\program files (x86)\steam\steamapps\serj561996\synergy\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\synergy\hl2.exe |
"UDP Query User{6276D4A4-770F-4901-BC72-66A9AA807A74}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{65E4BB3B-0D16-4939-9CD1-1D3E7DB70B19}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"UDP Query User{6856CFD1-962F-4693-9CF3-0D7E0D3E8737}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{6B56B895-71B3-4047-9978-30C0F7971E13}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe |
"UDP Query User{6BA09579-7121-4782-A361-5CC13655B5D0}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{6E424D22-A2EE-409D-BF0A-7673BB4671C1}C:\program files (x86)\xiii lol\system\xiiied.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xiii lol\system\xiiied.exe |
"UDP Query User{747FEDDC-0DE2-4EA1-966C-1651F1289975}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"UDP Query User{7C33E906-F275-4F81-96EB-40C38136C3BF}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{85A0793D-5554-4781-84DE-13185F8F9FE2}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{8DC67C4A-C63D-4771-8EC3-092CE6876845}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{A093A094-36DC-48E0-AC55-90C232CEBE60}C:\users\***\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\milan libischer\downloads\starcraft_2_eu_de-de.exe |
"UDP Query User{A0DC64C8-0087-4C06-AC56-0FB0CA294A32}C:\users\milan libischer\documents\xiii lol\system\xiii.exe" = protocol=17 | dir=in | app=c:\users\***\documents\xiii lol\system\xiii.exe |
"UDP Query User{AE5C7B5B-A016-4903-BBF7-80E1706C2BEE}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"UDP Query User{BD4F44AC-B252-4BB7-AC7D-C2532B808293}C:\program files (x86)\steam\steamapps\serj561996\pirates, vikings, and knights ii\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\pirates, vikings, and knights ii\hl2.exe |
"UDP Query User{BE2C9C3D-2C84-4FB4-8169-81241473D94D}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"UDP Query User{BED7233E-FC70-4AC1-8D0F-8A3218620525}C:\program files (x86)\steam\steamapps\serj561996\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\zombie panic! source\hl2.exe |
"UDP Query User{C01C2553-A7C7-411B-9973-721941F232D7}C:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrpr.exe |
"UDP Query User{C79A74BE-A9A4-45A2-BA3D-AEBFC7053366}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{C9FE71C3-AF5F-480E-B4CC-83AC2C199357}C:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe |
"UDP Query User{CF82C2CF-C23F-4B7B-8C7F-BF27DFD1D04E}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{D279A9E5-5629-41A4-984A-3AD5C3D75A98}C:\program files (x86)\deep silver\nail'd\naild_x86.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\nail'd\naild_x86.exe |
"UDP Query User{D332FDAF-06DF-4E58-9F40-1F68F412D603}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{DD6F1497-AE6F-4438-86D9-F7F8B6AA23A2}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\uplaybrowser.exe |
"UDP Query User{FBE05EB5-3FC4-42F7-AA7A-4EA4E0561B98}C:\program files (x86)\steam\steamapps\serj561996\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\serj561996\half-life 2 deathmatch\hl2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series" = Canon iP4900 series Printer Driver
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B36047D4-E932-C4B2-0DF2-94C8577468A9}" = ATI Catalyst Install Manager
"{DB80D7F6-DFF5-3B08-9CB4-2FD91DB6B0BC}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D26B11-2DCC-21E9-1CBE-1A84F29C5615}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7D3D90-24FC-B4F1-3188-B30DDEDA4930}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26FC7F7F-8CC0-BB65-7BD5-DE6B84397517}" = Catalyst Control Center Graphics Full Existing
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B673C6F-BDEA-48AE-AB59-7479BF04EF6E}" = Nail'd
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2FD186BB-0278-AE1C-5A6A-FEEDA2E628B2}" = CCC Help Korean
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C2060B5-40BB-5BF2-7D8C-5F50A45FE8FF}" = CCC Help Dutch
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4286A2D8-127A-D067-D03E-5B619E4BA39D}" = Catalyst Control Center Graphics Previews Vista
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5271E2B2-880F-5484-8972-D7F89CCEC3EF}" = CCC Help Chinese Standard
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{599ECF38-67E6-3D93-D41D-7D36AF54B5F7}" = Catalyst Control Center Localization All
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{66F9F80A-A9F6-FA9B-836A-4DF3AD89157C}" = CCC Help Japanese
"{67B2A8FD-0BF5-A71C-03C3-287AF5894FF6}" = CCC Help Finnish
"{6A81E096-41E9-2D35-53E1-E45677F14D73}" = CCC Help English
"{6D079713-D160-DB5E-74C8-36D037F687AD}" = Catalyst Control Center InstallProxy
"{6FD38C99-A371-F491-CB0A-D42DD467640E}" = Catalyst Control Center Core Implementation
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7225AFBA-5C8D-90EB-B768-8B10EC636757}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3A7453-BC40-A694-01EE-FCFCA728D882}" = CCC Help Polish
"{7BA3A243-7D3D-844E-B851-CA35D782FF9F}" = CCC Help Turkish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D3D44F5-C798-2D03-FC42-A5007C516AE6}" = CCC Help Chinese Traditional
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90C3A9F7-B751-718E-DBA1-4D81F82E9969}" = Catalyst Control Center Graphics Full New
"{93DCD69C-49D9-A710-BA7C-90C13DB491D3}" = Catalyst Control Center Graphics Light
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9DEC152C-A8EB-3048-A758-5136B5E46F49}" = CCC Help Thai
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0A7E755-8234-8E24-F246-B4A832E0E331}" = CCC Help Czech
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A4489FF3-B501-D9AB-7E48-34A092C2F423}" = CCC Help Italian
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0EC377-ECAF-7252-C2B7-BAD2FEF6FAC2}" = CCC Help Danish
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B40A2996-D76F-4D2A-D7DF-230B7DD63948}" = CCC Help Swedish
"{B5C44728-55D9-A94E-7951-B8AB8841E3AA}" = CCC Help Hungarian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C1940CF0-E2DD-11E0-BB25-B8AC6F97B88E}" = Google Earth
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C54DA176-5E55-EDEE-EEBF-9894DB61B8C1}" = CCC Help Russian
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1079D9F-7778-366C-AA9F-F3AC68EC8141}" = PX Profile Update
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09D4613-287C-74AB-3FF1-FA8B49BB049C}" = CCC Help German
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED34C5C7-715F-E278-7646-1152667B228D}" = CCC Help Portuguese
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6549C92-F6A2-78C6-4BEB-26D2966347EE}" = CCC Help Greek
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FAC2C91B-0953-94F6-AD56-8088C7AC280E}" = CCC Help Spanish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Armagetron Advanced" = Armagetron Advanced 0.2.8.3.1.gcc
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"BlueJ_is1" = BlueJ 3.0.5
"DivX Setup.divx.com" = DivX-Setup
"DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"I-Doser" = I-Doser Free
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"LastFM_is1" = Last.fm 1.5.4.27091
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Octodad" = Octodad
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 102840" = Shank 2
"Steam App 105400" = Fable III
"Steam App 105600" = Terraria
"Steam App 105800" = PixelJunk Eden
"Steam App 108710" = Alan Wake
"Steam App 111600" = Serious Sam Double D
"Steam App 113200" = The Binding Of Isaac
"Steam App 12210" = Grand Theft Auto IV
"Steam App 17300" = Crysis
"Steam App 18070" = The Baconing
"Steam App 201870" = Assassin's Creed Revelations
"Steam App 203810" = Dear Esther
"Steam App 205230" = Hell Yeah!
"Steam App 205910" = Tiny and Big: Grandpa's Leftovers
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 207610" = The Walking Dead
"Steam App 207690" = Botanicula
"Steam App 214790" = The Basement Collection
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 22650" = Alien Breed 2: Assault
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 33230" = Assassin's Creed II
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 38600" = Faerie Solitaire
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 4010" = Garry's Mod 13 Beta
"Steam App 40800" = Super Meat Boy
"Steam App 41020" = Serious Sam HD: The First Encounter Demo
"Steam App 42910" = Magicka
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 48000" = LIMBO
"Steam App 49600" = Beat Hazard
"Steam App 50650" = Darksiders II
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 60" = Ricochet
"Steam App 6120" = Shank
"Steam App 620" = Portal 2
"Steam App 65800" = Dungeon Defenders
"Steam App 6860" = Hitman: Blood Money
"Steam App 71230" = Crazy Taxi
"Steam App 71250" = Sonic Adventure DX
"Steam App 71260" = Space Channel 5: Part 2
"Steam App 72000" = Closure
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7520" = Two Worlds II
"Steam App 8190" = Just Cause 2
"Steam App 99900" = Spiral Knights
"TmNationsForever_is1" = TmNationsForever
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1470259330-3820463359-1782755890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.08.2012 13:58:21 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.08.2012 18:38:44 | Computer Name = Milan | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 23.08.2012 18:39:57 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.5.2.22875 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 13b0    Startzeit:
 01cd81801a0dbad8    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base22612\SC2.exe

Berichts-ID:
 75c81a3a-ed73-11e1-b02c-60eb69878056 
 
Error - 23.08.2012 19:38:48 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: steam.exe, Version: 1.0.1446.623,
 Zeitstempel: 0x5004ae1a  Name des fehlerhaften Moduls: steamclient.dll, Version:
1.48.51.6, Zeitstempel: 0x50356b2c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002cc646
ID
 des fehlerhaften Prozesses: 0xae0  Startzeit der fehlerhaften Anwendung: 0x01cd818828e09b9a
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Steam\steam.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Steam\steamclient.dll  Berichtskennung: af434091-ed7b-11e1-b02c-60eb69878056
 
Error - 24.08.2012 10:18:49 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.5.2.22875 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 15b4    Startzeit:
 01cd820345da6eca    Endzeit: 22    Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base22612\SC2.exe

Berichts-ID:
 9d832e4c-edf6-11e1-afb2-60eb69878056 
 
Error - 24.08.2012 12:17:33 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.5.2.22875 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 218    Startzeit:
01cd8213ec81740c    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base22612\SC2.exe

Berichts-ID:
 3404d117-ee07-11e1-afb2-60eb69878056 
 
Error - 24.08.2012 12:18:28 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.5.2.22875 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1b5c    Startzeit:
 01cd821406247b35    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base22612\SC2.exe

Berichts-ID:
 551d4946-ee07-11e1-afb2-60eb69878056 
 
Error - 26.08.2012 06:22:36 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: steam.exe, Version: 1.0.1446.623,
 Zeitstempel: 0x5004ae1a  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xeac  Startzeit der fehlerhaften Anwendung: 0x01cd8367c88ef19e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\steam.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: f4173622-ef67-11e1-ae76-60eb69878056
 
Error - 26.08.2012 12:08:55 | Computer Name = Milan | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 29.08.2012 11:57:43 | Computer Name = Milan | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 31.12.2012 09:03:57 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver
 Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 31.12.2012 09:04:30 | Computer Name = Milan | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LogMeIn Hamachi Tunneling Engine erreicht.
 
Error - 31.12.2012 09:04:30 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 31.12.2012 09:08:19 | Computer Name = *** | Source = bowser | ID = 8003
Description =
 
Error - 31.12.2012 09:55:08 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 31.12.2012 10:07:02 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 31.12.2012 10:13:20 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 31.12.2012 10:17:00 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 31.12.2012 11:02:39 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 31.12.2012 11:08:18 | Computer Name = *** | Source = bowser | ID = 8003
Description =
 
 
< End of report >
--- --- ---


Hier die ergebnisse nach dem neustart:

Code:
All processes killed
========== OTL ==========
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Registry key HKEY_USERS\S-1-5-21-1470259330-3820463359-1782755890-1001\Software\Microsoft\Internet Explorer\SearchScopes\{004D5A8F-B490-4D03-86EB-03F0DC281155}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{004D5A8F-B490-4D03-86EB-03F0DC281155}\ not found.
========== FILES ==========
C:\Users\***\Documents\MBR.dat moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 75 bytes
 
User: Henry
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294594808 bytes
->FireFox cache emptied: 42903886 bytes
->Flash cache emptied: 4139 bytes
 
User: ***
->Temp folder emptied: 99525 bytes
->Temporary Internet Files folder emptied: 6245133 bytes
->Java cache emptied: 717963 bytes
->FireFox cache emptied: 439045822 bytes
->Google Chrome cache emptied: 26059839 bytes
->Flash cache emptied: 57539 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 772,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 12312012_165218

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 02.01.2013 10:39
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Dr. Acula 02.01.2013 16:36
Ok vielen Dank
Hier ist der Log des maleware byte scans:

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.02.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
*** :: *** [Administrator]

02.01.2013 16:30:51
mbam-log-2013-01-02 (16-30-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 260092
Laufzeit: 4 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Wie soll ich eigentlich mit den Viren in Quarantäne verfahren?
Einfach löschen?

cosinus 02.01.2013 20:09
Was habt ihr alle immer nur mit der Quarantäne? :wtf:
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

Dr. Acula 02.01.2013 21:07
Hier noch der Log des eset scans:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=3883e4f200d45f4fb15a207856558085
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-02 08:01:53
# local_time=2013-01-02 09:01:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1799 16775165 100 98 82073 222580203 74831 0
# compatibility_mode=5893 16776574 100 94 62850272 108786763 0 0
# scanned=415201
# found=0
# cleaned=0
# scan_time=15621

cosinus 02.01.2013 21:10
Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Dr. Acula 02.01.2013 21:17
Vielen Dank für die Hilfe ich war wirklich verzweifelt.
Nein weitere Probleme habe ich glücklicherweise nicht.
Dieses Forum ist wirklich sehr super und ich werde ganz sicher spenden.

cosinus 02.01.2013 21:18
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen: Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19