Trojaner-Board - wssetup.exe eingefangen

OTL Logfile:

Code:

OTL logfile created on: 19.06.2013 15:42:59 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 50,76% Memory free

7,98 Gb Paging File | 5,66 Gb Available in Paging File | 70,89% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195,21 Gb Total Space | 97,32 Gb Free Space | 49,85% Space Free | Partition Type: NTFS

Drive D: | 400,86 Gb Total Space | 243,85 Gb Free Space | 60,83% Space Free | Partition Type: NTFS

Drive F: | 931,51 Gb Total Space | 433,38 Gb Free Space | 46,52% Space Free | Partition Type: NTFS

 

Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC -  File not found

PRC - C:\Users\Jan\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Windows\SysWOW64\jmdp\stij.exe ()

PRC - D:\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe (Binary Fortress Software)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Safari\Safari.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe (Apple Inc.)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files (x86)\EXPERTool\TBPANEL.exe (Gainward Co.)

PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\SysWOW64\jmdp\stij.exe ()

MOD - C:\Windows\SysWOW64\jmdp\lmrn.dll ()

MOD - C:\Windows\SysWOW64\jmdp\sqlite3.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe ()

MOD - C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll ()

MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\ASUSSERVICE.DLL ()

MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll ()

MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\AsSpindownTimeout.dll ()

MOD - C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ()

MOD - C:\Windows\SysWOW64\AsIO.dll ()

MOD - C:\Program Files (x86)\EXPERTool\TBManage.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (IBUpdaterService) -- C:\Windows\SysNative\dmwu.exe ()

SRV:64bit: - (Printer Control) -- C:\Windows\SysNative\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (DisplayFusionService) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)

SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (UHSfiltv) -- C:\Windows\SysNative\drivers\UHSfiltv.sys (Creative Technology Ltd.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)

DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)

DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)

DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)

DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw

IE - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 61 2C 5E 16 82 CC 01  [binary data]

IE - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}

IE - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.22 01:28:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.27 21:54:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.27 21:54:21 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2011.11.02 21:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions

[2012.12.14 00:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\7lo1gnue.default\extensions

[2011.12.22 23:51:56 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\7lo1gnue.default\extensions\ffxtlbr@Facemoods.com

[2012.12.14 00:16:19 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\7lo1gnue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2013.06.19 15:12:11 | 000,002,120 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\7lo1gnue.default\searchplugins\MyStart.xml

[2012.10.11 23:09:16 | 000,003,915 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\7lo1gnue.default\searchplugins\sweetim.xml

[2013.05.24 12:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2013.05.24 12:58:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011.12.22 23:51:56 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)

O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)

O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Download-Version\TrayServer_de.exe (MAGIX AG)

O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)

O4 - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)

O4 - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = D:\Xfire\Xfire.exe (Xfire Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\ICQ7.6\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\ICQ7.6\ICQ.exe (ICQ, LLC.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2404320335-3350039560-2802301541-1000\..Trusted Domains: sony.com ([]* in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BA3542D-D6F0-4CA1-A2A9-D97F66A1748B}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.06.16 23:45:52 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Holi2013

[2013.06.16 20:45:12 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{3217048B-1CB5-4222-8FD5-34EDC74F2184}

[2013.06.16 13:41:56 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\DCIM

[2013.06.16 01:27:37 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013.06.16 01:27:36 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013.06.12 23:52:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013.06.12 23:52:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013.06.12 23:52:22 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013.06.12 23:52:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013.06.12 23:52:22 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013.06.12 23:52:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013.06.12 23:52:22 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013.06.12 23:52:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013.06.12 23:52:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013.06.12 23:52:21 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013.06.12 23:52:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013.06.12 23:52:21 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013.06.12 23:52:20 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013.06.12 14:37:51 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013.06.12 14:37:51 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013.06.12 14:37:49 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll

[2013.06.12 14:37:49 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll

[2013.06.12 14:37:47 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013.06.12 14:37:32 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013.06.12 14:37:32 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe

[2013.06.12 14:37:32 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe

[2013.06.12 14:37:32 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2013.06.12 14:37:32 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll

[2013.06.12 14:37:32 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll

[2013.06.12 14:37:26 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013.06.12 14:37:26 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013.06.02 11:33:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp

[2013.06.02 11:33:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC

[2013.06.02 11:33:42 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll

[2013.06.02 11:33:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT

[2013.05.27 21:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2013.05.24 12:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.05.22 17:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2013.05.22 17:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2013.05.20 20:41:51 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013.05.20 20:41:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013.05.20 20:41:51 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013.05.20 20:41:50 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013.05.20 20:31:06 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2013.05.20 20:31:06 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2013.05.20 20:29:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll

[2013.05.20 18:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013.05.20 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013.05.20 18:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013.05.20 18:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[1 C:\Users\Jan\*.tmp files -> C:\Users\Jan\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.06.19 15:19:24 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.06.19 15:19:24 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.06.19 15:12:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.06.19 15:11:53 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys

[2013.06.18 23:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.06.16 23:52:10 | 000,430,087 | ---- | M] () -- C:\Users\Jan\Desktop\Untitled.camproj

[2013.06.16 21:39:26 | 000,001,447 | ---- | M] () -- C:\Users\Jan\Desktop\Unbenannt.png

[2013.06.16 13:40:32 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.06.16 13:40:32 | 000,656,044 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.06.16 13:40:32 | 000,616,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.06.16 13:40:32 | 000,130,676 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.06.16 13:40:32 | 000,106,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.06.12 23:22:39 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini

[2013.06.12 21:43:52 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2013.06.12 21:43:52 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2013.06.12 21:43:25 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2013.06.11 23:51:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.06.11 23:51:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013.05.25 22:52:46 | 000,428,330 | ---- | M] () -- C:\Users\Jan\Documents\seite2.jpg

[2013.05.25 22:52:32 | 000,320,675 | ---- | M] () -- C:\Users\Jan\Documents\seite1.jpg

[2013.05.21 15:31:12 | 001,447,728 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe

[2013.05.21 15:30:18 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll

[2013.05.21 11:38:28 | 000,418,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[1 C:\Users\Jan\*.tmp files -> C:\Users\Jan\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.06.16 22:15:01 | 000,430,087 | ---- | C] () -- C:\Users\Jan\Desktop\Untitled.camproj

[2013.06.16 21:39:26 | 000,001,447 | ---- | C] () -- C:\Users\Jan\Desktop\Unbenannt.png

[2013.06.02 11:33:42 | 001,447,728 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe

[2013.05.25 22:52:03 | 000,428,330 | ---- | C] () -- C:\Users\Jan\Documents\seite2.jpg

[2013.05.25 22:51:56 | 000,320,675 | ---- | C] () -- C:\Users\Jan\Documents\seite1.jpg

[2013.04.25 21:08:26 | 000,097,376 | ---- | C] () -- C:\Users\Jan\Video call snapshot 1.png

[2013.03.21 06:10:18 | 000,042,880 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2012.11.12 21:13:36 | 000,000,036 | ---- | C] () -- C:\Windows\nfsc_patch.ini

[2012.10.16 20:40:02 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012.08.22 19:23:14 | 000,151,046 | ---- | C] () -- C:\Users\Jan\IMG_0058.JPG

[2012.08.22 19:23:14 | 000,133,540 | ---- | C] () -- C:\Users\Jan\IMG_0059.JPG

[2012.07.06 18:22:16 | 000,206,848 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012.07.06 18:22:16 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2012.06.01 20:39:25 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll

[2012.01.29 21:44:08 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini

[2011.11.29 22:45:46 | 000,002,309 | ---- | C] () -- C:\Users\Jan\OpenOffice.odb

[2011.10.18 15:27:55 | 000,184,900 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011.10.08 21:39:05 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.10.08 21:39:04 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.10.03 16:57:00 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2011.10.03 16:56:59 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011.10.03 16:56:56 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2011.10.03 16:56:56 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2011.10.03 16:29:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011.10.03 16:28:59 | 000,023,026 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2011.07.20 12:11:54 | 000,000,200 | ---- | C] () -- C:\Windows\UHSConfig.ini

[2011.07.04 07:36:38 | 000,002,169 | ---- | C] () -- C:\Windows\FatWcfg.ini

[2011.07.04 07:36:38 | 000,000,388 | ---- | C] () -- C:\Windows\FatWMCcfg.ini

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 

< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 19.06.2013 15:42:59 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 50,76% Memory free

7,98 Gb Paging File | 5,66 Gb Available in Paging File | 70,89% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195,21 Gb Total Space | 97,32 Gb Free Space | 49,85% Space Free | Partition Type: NTFS

Drive D: | 400,86 Gb Total Space | 243,85 Gb Free Space | 60,83% Space Free | Partition Type: NTFS

Drive F: | 931,51 Gb Total Space | 433,38 Gb Free Space | 46,52% Space Free | Partition Type: NTFS

 

Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{019AA1B9-C91B-4850-9C9C-F7B0A6092311}" = lport=138 | protocol=17 | dir=in | app=system | 

"{1425E14A-4F01-4312-B219-88C29C0967C3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{1747D385-8E86-4B05-BBE1-29C33A1C619C}" = lport=137 | protocol=17 | dir=in | app=system | 

"{29DEEE1E-A68C-4F24-9A7C-8B8B3E005035}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{2D9E23B4-4E29-4916-A465-1C990675DFD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{3AFC199D-0220-4138-9412-C58767341487}" = rport=445 | protocol=6 | dir=out | app=system | 

"{538EC20A-12C6-40A6-A554-77C2D3205CA8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{59EEDA28-7CF3-4ADD-9CB7-68AEAE6B944B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{7CDF79D5-D7AA-4B23-8306-54215DB63E7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{89EEEE13-9CC1-4D89-BC31-AFD13582246B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{901BB465-C501-4838-AE39-E9349113C322}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{9D5E0EED-B343-4371-8621-5C70ABBBC1CF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{B29519E6-2344-4FEE-87B0-1F68E7FF9F7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B2BB9269-FF66-414D-9687-28FE61428CE6}" = rport=138 | protocol=17 | dir=out | app=system | 

"{C3E0451D-9F62-45AD-BEED-32E633D3147C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{C4C6875B-AF4F-4887-9061-DB8679AB00F5}" = lport=139 | protocol=6 | dir=in | app=system | 

"{C617F9CB-01EC-42EB-9650-C6F90A7FEE1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{CA21B6FE-F3B7-4433-9408-4D172AEB95F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{CB816914-5601-4604-B488-A3AC6A9E7B9C}" = lport=445 | protocol=6 | dir=in | app=system | 

"{D3B30F83-5AFD-4F99-BEA9-E4E84AAD5726}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E2688268-2BE4-494B-A442-3272C8C68C0E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E6CC1B80-F112-4A8D-9BE0-C3AC4A55755F}" = rport=137 | protocol=17 | dir=out | app=system | 

"{F884B278-1BC1-44EA-BAED-402A8B98479B}" = rport=139 | protocol=6 | dir=out | app=system | 

"{F9EACA16-6D01-4283-8F0A-22069A750B87}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00344790-558F-436B-82E9-BE7CDBE8CA88}" = protocol=6 | dir=in | app=d:\battleforge\bootstrapper.exe | 

"{01396FA1-5175-4A01-9552-80975C80B00E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 

"{023C00AC-2D66-4A84-8ACC-9555A5E0AF48}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 

"{097519A5-FCE5-4184-9FAF-768EE54BEEEE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 

"{1200A213-E968-46F0-8B66-F855940AA2D2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 

"{14765C47-5496-4586-838B-B1D7B001A6D9}" = protocol=6 | dir=in | app=c:\users\jan\appdata\roaming\dropbox\bin\dropbox.exe | 

"{169751D3-5CBD-4CED-AC4F-FCCBB79205E4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{19F93EA2-C122-4896-A8D0-18FDD9E7CD4C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{1BC466D9-CFB2-464F-BDDF-AE45A8EA963F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the binding of isaac\isaac.exe | 

"{1E539C97-50F5-46E0-8164-BE0009DC9694}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 

"{2121E3BC-6CCE-4B36-8B7E-10E2494355D1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\team fortress 2\hl2.exe | 

"{24CE3D88-3F40-44E0-B8F5-F51151BDDEC6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe | 

"{271F5580-F25E-49E0-BC56-421A6ABF32A2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 

"{29C651FC-1FBB-46AC-B12C-7651DB273160}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\titan quest\titan quest.exe | 

"{30484BB6-3009-4579-93CF-D2D56F066E3B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{373D846A-5656-4263-879C-45AA0A56713F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{376D308B-F8F2-4A68-BC97-EC95B39E6504}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe | 

"{3A01040C-3E96-4A9B-BD1C-F872AEC977A6}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 

"{3B0EA591-DF29-4264-9568-7B6B9A76A2FA}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{3C88E87E-53DB-4778-B535-548C1FB2A988}" = protocol=6 | dir=in | app=c:\users\jan\appdata\roaming\dropbox\bin\dropbox.exe | 

"{489E18E0-BBBD-4FB1-B356-B0B80E11D57C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{4FD0CFF8-7DB8-4253-ADA3-C0A5F5DB0818}" = protocol=17 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe | 

"{51A44716-018C-43DB-8F4E-A519731FA220}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 

"{52618B6A-3DC1-4B59-A874-796E454D6A19}" = dir=in | app=d:\itunes.exe | 

"{52620995-C246-47A9-BE67-65C4B88E5A66}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\titan quest\titan quest.exe | 

"{52AC8CC9-3285-4228-B123-6E69F5BCE96D}" = protocol=17 | dir=in | app=c:\users\jan\appdata\roaming\dropbox\bin\dropbox.exe | 

"{530A29C8-F4B7-4A20-9AED-ED0DBBD8BFC8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 

"{55882954-AF5E-4F2E-98BE-69B7D8DC8CD8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\titan quest immortal throne\tqit.exe | 

"{5AD1DD42-E181-4042-A3FE-47E178797486}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{5AD5ACF8-20EC-48BA-818D-3D3A5E84D43B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm | 

"{5B624302-EC3C-4218-B9A8-6FE53894DD74}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{5C2753E2-6AA1-470C-B0FB-0567FE5E4F77}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{5D36855B-4920-4A55-9793-2692E03FFADE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 

"{5E999CC9-DC81-4E19-AAE7-8841EA6E1FDA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 

"{5F16C214-1794-4717-A1E9-1352B313D26F}" = protocol=6 | dir=in | app=d:\icq7.6\icq.exe | 

"{5F7A5A33-084A-4791-A53B-D55BDDF1C820}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{5FB94E4B-06ED-49D6-B0BC-B6D5E0293485}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\titan quest immortal throne\help.htm | 

"{60CE7CE2-A399-4699-AE0F-DD272759AA36}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 

"{620DCCA8-75C6-468B-94E3-B83A775C6493}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{648D6471-9C7D-44C0-9231-7D602419559A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{66AA9769-4F82-4934-AF9C-CD9FB3AB7E20}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe | 

"{6A8F49A4-FAA7-4381-8D04-741E00C82B2B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe | 

"{6A926D30-170E-4681-8380-178AED3C7A70}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{6AEDC01F-5747-4332-ABC2-AE8A028AE087}" = protocol=17 | dir=in | app=d:\battleforge\battleforge.exe | 

"{6BC72FC2-3863-49BF-A3E1-FDD28183ED95}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\titan quest\help.htm | 

"{6C331285-6DE7-4B7E-BEE8-E863BE102804}" = protocol=6 | dir=in | app=d:\icq7.6\icq.exe | 

"{6F227723-7B34-40E3-AC4C-BB42E876A456}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 

"{725F5782-8EB9-4EA0-A0BC-5F173D4C800C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\team fortress 2\hl2.exe | 

"{75C2B467-36BD-407A-AC40-79494F731430}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{763485D9-529F-4710-9B95-88076A07AC91}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 

"{77C076E1-51FA-483D-A6B1-61470246CD10}" = protocol=6 | dir=in | app=d:\battleforge\battleforge.exe | 

"{7CF07239-8236-4484-8DDE-AA91C656E966}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{7DA7AEB7-B51C-4C81-B7F3-128A458C5FC8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 

"{7E8C0004-93AF-450A-BEF8-FBEFAFDCE3EA}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 

"{7ECF41E2-D054-4D31-9275-701E2B6E39EA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 

"{890B31EA-7590-41D1-8AA3-3FD3235F79D3}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 

"{8969C66F-D53E-4E62-9909-775BC9C8A703}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\command and conquer red alert 3\runme.exe | 

"{89738618-8838-4A1E-8650-A7BCB0EFA7FB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 

"{89AE563D-F439-4479-9CAB-6013FA7D6E53}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 

"{8A7BE008-8036-4226-8284-A327F8BA820F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 

"{8EACE31E-CCA4-4F8A-8C96-29C9E1FCAE81}" = protocol=6 | dir=in | app=d:\icq7.6\icq.exe | 

"{91C091A8-4481-4E59-A7F9-7D359D7B4F57}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{9C003CC8-808D-46E9-BE3F-78E2A4FF9082}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe | 

"{9C3EDD85-FF57-4987-87F8-63D6448FADC9}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2\arma2.exe | 

"{9DFED5B4-6BF5-4B7F-9282-08F5368FB297}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{9F2774F6-4482-45E3-AAE7-D721B81CC65F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{A34D7CCC-26F8-4458-8AA4-EDC0AF7EECEB}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 

"{A3CB4C68-73F4-4E5E-BED3-21675002E5C7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2\arma2.exe | 

"{A69C9B85-8BAD-4477-8A03-0CF9FCEBD6FA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\titan quest immortal throne\tqit.exe | 

"{A6D3130A-3BA3-4C78-B24A-A8EB101D0908}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{A9D616BB-E62D-4949-AF6A-4037A151A950}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{AB1FAB7F-9B4D-4AC0-83D2-EB4171A513E6}" = protocol=17 | dir=in | app=d:\icq7.6\icq.exe | 

"{B4AC11C9-8537-409C-B96C-59FBF8F18CDC}" = protocol=6 | dir=in | app=d:\hl.exe | 

"{B5116F16-A5AC-4148-A94B-920FEDBF7E51}" = protocol=17 | dir=in | app=d:\hl.exe | 

"{B6577BB1-7F6D-40D4-9504-A9D50BD76018}" = protocol=17 | dir=in | app=d:\icq7.6\icq.exe | 

"{BAEBCC11-DF52-4A2E-A136-2FC7383F2DEB}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 

"{BC06794B-AA58-4496-8BC2-AFC3FF1E1420}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{BDBA1FD4-4114-47A4-8AC1-4BA4D5445FDA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{BF9F067C-E665-4F8F-824B-BF5CCC6A4B82}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{BFD1B893-EAB7-4EA0-8145-BF4DF814E451}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 

"{BFFA2BB6-0AC0-4E00-8C89-82AF43CDB9CE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 

"{C168879F-817F-4CEB-8382-4D9E25566510}" = protocol=17 | dir=in | app=c:\users\jan\appdata\roaming\dropbox\bin\dropbox.exe | 

"{C20492AD-B8A0-408C-9239-C1045A706217}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe | 

"{C234D8F4-8923-4A6A-9425-DF482C682DA6}" = protocol=6 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe | 

"{C551FBCA-FDC1-4EC7-A0D1-CBD06866E743}" = protocol=6 | dir=in | app=d:\planetside2\planetside2.exe | 

"{C85336A4-B201-4A97-A93B-B73A3F24689C}" = protocol=17 | dir=in | app=d:\battleforge\bootstrapper.exe | 

"{CA5092D4-EE41-4B2D-9875-0A6E66029DD4}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 

"{CD3A3B0E-62E8-47D3-B263-6B2CB4B02476}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\titan quest\help.htm | 

"{CEEF8365-A74E-4CEF-81D1-E79FF879C273}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 

"{D139CFD0-952C-4DFE-A56F-10883CCC17A1}" = protocol=17 | dir=in | app=d:\icq7.6\icq.exe | 

"{D1C2CD9D-5A79-4482-8BCD-54CC53D7A3CB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 

"{D2734A70-9389-484B-AA04-338951108C30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{D48FF3B7-E6B6-4841-801D-97AAE444F8BE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\command and conquer red alert 3\runme.exe | 

"{D911614E-83F9-41D4-ACFA-0FC4F0D97EE4}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{DAE65F00-9DBF-4B4E-BD42-E2BD404C38F2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 

"{DC47C2F5-7F32-44CC-8C86-94A20E0AFE72}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{DCC2CD76-9AC7-40E3-9ABD-C55FA89190C2}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 

"{E2B2DD47-95DE-494A-A0FE-1984A7D45C58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 

"{E61EB1EE-8D5C-47D1-8BD8-271111E0E42B}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{E970A3B8-3124-4569-9659-F03F76A22661}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{E9C69D4A-39FC-449E-9322-ACF03E00C15A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\titan quest immortal throne\help.htm | 

"{EB2FB450-B542-4618-94C0-1234FB141EF9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 

"{EE0F7B25-DB70-4B2C-A9BA-293334D4A22E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 

"{F29566C1-4D50-4242-9D94-F74E133166D9}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{F5CA476B-283E-4054-AC6A-8A2F327A3D4A}" = protocol=17 | dir=in | app=d:\planetside2\planetside2.exe | 

"{F68A5C96-662D-46BD-845E-DFAC374CB46C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the binding of isaac\isaac.exe | 

"{FC47E1AB-2080-4E9E-8061-9231E71B6C78}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 

"{FF091E42-7A76-449B-B3A3-3A4E3002644B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm | 

"TCP Query User{158ED6FB-48FF-4C5F-8613-E1405D582F99}D:\battlefield 3\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe | 

"TCP Query User{1DCDA351-2DF0-4EE7-8892-B76C26BCEE09}D:\l4d\hl2.exe" = protocol=6 | dir=in | app=d:\l4d\hl2.exe | 

"TCP Query User{1E0EBA4D-840C-4C66-BB91-DCFCF0A2FD3D}D:\hl.exe" = protocol=6 | dir=in | app=d:\hl.exe | 

"TCP Query User{2FA55031-D82A-40DD-95A0-F25460B7CE75}D:\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\xfire\xfire.exe | 

"TCP Query User{3097434A-5685-4286-BDA1-A8FBC9AEDECD}D:\l4d\hl2.exe" = protocol=6 | dir=in | app=d:\l4d\hl2.exe | 

"TCP Query User{3A31C7B6-C2B7-4CFE-A5C4-83843ECA21D5}C:\users\jan\documents\ygo\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\jan\documents\ygo\ygopro_vs.exe | 

"TCP Query User{3D085349-34AC-494C-B9F7-C6FB72A310FF}D:\cs\hl.exe" = protocol=6 | dir=in | app=d:\cs\hl.exe | 

"TCP Query User{41F99CC0-8FAA-47EB-A6BD-CC429CE52AC4}D:\l4d\left4dead.exe" = protocol=6 | dir=in | app=d:\l4d\left4dead.exe | 

"TCP Query User{4784290E-C9DE-4280-8799-4075D9921B95}D:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 

"TCP Query User{5202A7B2-C9E4-48AE-B2CF-4A9F39478772}D:\steam\steamapps\jumpman_\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\jumpman_\team fortress 2\hl2.exe | 

"TCP Query User{58729259-EC97-4856-A1A0-DBDF9B5B99D6}D:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game" = protocol=6 | dir=in | app=d:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game | 

"TCP Query User{5B81C57D-BA54-48A9-9E36-D1D03C0B14F8}C:\users\jan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jan\appdata\roaming\spotify\spotify.exe | 

"TCP Query User{606FEEF8-6516-4780-86AA-9AAC7C377650}C:\users\jan\desktop\zwischenablage\lan zeug\wc3\war3.exe" = protocol=6 | dir=in | app=c:\users\jan\desktop\zwischenablage\lan zeug\wc3\war3.exe | 

"TCP Query User{73976142-05AD-4953-99B9-EDFCAA36CB5F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{7A803842-1B2C-4A1E-AFEC-219FF85A2DE2}D:\planetside2\planetside2.exe" = protocol=6 | dir=in | app=d:\planetside2\planetside2.exe | 

"TCP Query User{84E18753-0EBF-498D-8BB3-C83EE4AEFC45}C:\program files\ivisit\ivisit presenter.exe" = protocol=6 | dir=in | app=c:\program files\ivisit\ivisit presenter.exe | 

"TCP Query User{916E07DE-7F21-4C99-93E8-66EA481B390E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{9B877445-5CEB-4E91-85D2-AE0E2B6ACF07}D:\cs\hl.exe" = protocol=6 | dir=in | app=d:\cs\hl.exe | 

"TCP Query User{AC3721D7-DCDD-49B9-9864-044CB3575249}D:\l4d\left4dead.exe" = protocol=6 | dir=in | app=d:\l4d\left4dead.exe | 

"TCP Query User{B158509E-7E00-457C-9DF4-F25DFA8A4714}D:\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\xfire\xfire.exe | 

"TCP Query User{C4B972F2-FAA1-4500-A993-91F19CF1F683}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 

"TCP Query User{CC2EB899-1624-4E18-9E4C-8075014199FC}C:\users\jan\desktop\wc3\war3.exe" = protocol=6 | dir=in | app=c:\users\jan\desktop\wc3\war3.exe | 

"TCP Query User{DDD409C5-1CC6-4A0D-8034-3D916BCE7359}D:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game" = protocol=6 | dir=in | app=d:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game | 

"TCP Query User{ECA04E35-E49F-4F2B-B607-FE4D7305BE7A}C:\users\jan\desktop\wc3\war3.exe" = protocol=6 | dir=in | app=c:\users\jan\desktop\wc3\war3.exe | 

"UDP Query User{23922D36-6A57-4AA5-8367-A073C18FDE6F}D:\l4d\left4dead.exe" = protocol=17 | dir=in | app=d:\l4d\left4dead.exe | 

"UDP Query User{27A3BA63-DE9D-476F-AF62-683D75CB905A}D:\l4d\hl2.exe" = protocol=17 | dir=in | app=d:\l4d\hl2.exe | 

"UDP Query User{61FCDEBE-A288-47BB-A56D-03AB192F0F10}D:\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\xfire\xfire.exe | 

"UDP Query User{6F906327-A256-4DA1-87D6-D29EB1E0EB9E}D:\planetside2\planetside2.exe" = protocol=17 | dir=in | app=d:\planetside2\planetside2.exe | 

"UDP Query User{74BCB228-3DE2-47B7-A101-32D58680CC71}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 

"UDP Query User{7D710F99-9485-49D5-BE76-5187EF0FE149}D:\l4d\left4dead.exe" = protocol=17 | dir=in | app=d:\l4d\left4dead.exe | 

"UDP Query User{7DD7BF14-1110-4A69-9B05-5ADE2DCBFABD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{7E81C611-5146-4D42-AC04-EA329DD93E06}D:\battlefield 3\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe | 

"UDP Query User{7F20B372-4F00-4D0C-9837-E5AF7074B5E8}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{85F2EBA0-85C4-4749-B6CB-01B3324481A8}D:\l4d\hl2.exe" = protocol=17 | dir=in | app=d:\l4d\hl2.exe | 

"UDP Query User{9B7254C6-F463-4C6C-AEAC-9313D10EB947}D:\hl.exe" = protocol=17 | dir=in | app=d:\hl.exe | 

"UDP Query User{A32DF413-8338-43EB-84A5-2A27ADC19AD1}C:\users\jan\desktop\wc3\war3.exe" = protocol=17 | dir=in | app=c:\users\jan\desktop\wc3\war3.exe | 

"UDP Query User{AD7B4A9E-3BC3-46CD-9B70-B74108736102}D:\steam\steamapps\jumpman_\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\jumpman_\team fortress 2\hl2.exe | 

"UDP Query User{AF3A4279-008A-48B0-B208-BDCDA4D2646E}C:\users\jan\documents\ygo\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\jan\documents\ygo\ygopro_vs.exe | 

"UDP Query User{BD82DF9E-0533-4E92-8F96-1786D0FD9DF4}C:\users\jan\desktop\zwischenablage\lan zeug\wc3\war3.exe" = protocol=17 | dir=in | app=c:\users\jan\desktop\zwischenablage\lan zeug\wc3\war3.exe | 

"UDP Query User{C640EF40-DD83-4FE4-8C33-13148D8B9CA5}D:\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\xfire\xfire.exe | 

"UDP Query User{D1BCEA84-64CF-486B-AC68-4A25678CAE25}D:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game" = protocol=17 | dir=in | app=d:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game | 

"UDP Query User{DA4C55A7-DB75-4FE2-94E0-8D629EEB12AB}D:\cs\hl.exe" = protocol=17 | dir=in | app=d:\cs\hl.exe | 

"UDP Query User{DCE21957-2FB0-4DE5-AC94-6CCC0149DA76}D:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 

"UDP Query User{DFD17777-7C2C-4F52-A6EB-64A4C61215D2}D:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game" = protocol=17 | dir=in | app=d:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game | 

"UDP Query User{EAA8A1BB-96FE-4E58-AF15-88CA8E82791C}C:\users\jan\desktop\wc3\war3.exe" = protocol=17 | dir=in | app=c:\users\jan\desktop\wc3\war3.exe | 

"UDP Query User{F53A1ECB-CD57-4944-96D7-489F8F9DFEAF}C:\program files\ivisit\ivisit presenter.exe" = protocol=17 | dir=in | app=c:\program files\ivisit\ivisit presenter.exe | 

"UDP Query User{F67A55F2-FC72-48C5-BA20-BC598A899B19}D:\cs\hl.exe" = protocol=17 | dir=in | app=d:\cs\hl.exe | 

"UDP Query User{FE455315-3DE9-4918-BAF4-388F347DEA06}C:\users\jan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jan\appdata\roaming\spotify\spotify.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"JPEG Lossless Rotator_is1" = JPEG Lossless Rotator 9.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"WinRAR archiver" = WinRAR 4.20 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0590062B-1E79-4717-B1AC-45B6DCA43B36}" = GEAR driver installer

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22

"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater

"{2EB28256-1D66-49F1-AF66-691BF9A27C79}" = Camtasia Studio 8

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5

"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine

"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support

"{6635B372-E2C5-4C2F-97FB-D1766E017CEE}" = MAGIX Screenshare

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6

"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.5.0

"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends

"{92000C16-939B-44CA-802F-0D552019D7C8}" = Sound Blaster Tactic(3D)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch

"{B04D7083-F906-4369-9AA5-DFCC98A05CD9}" = MAGIX Video deluxe MX Download-Version

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime

"{BFD631C4-FBB5-4AC5-B807-9137B265628C}" = MAGIX Speed burnR (MSI)

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks

"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1

"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.4.1.0

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi

"5513-1208-7298-9440" = JDownloader 0.9

"7-Zip" = 7-Zip 9.22beta

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Audacity_is1" = Audacity 2.0.2

"Avidemux 2.5" = Avidemux 2.5 (32-bit)

"Avira AntiVir Desktop" = Avira Free Antivirus

"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 5.0

"Battlelog Web Plugins" = Battlelog Web Plugins

"BattlEye for A2" = BattlEye Uninstall

"BattlEye for OA" = BattlEye for OA Uninstall

"DAEMON Tools Lite" = DAEMON Tools Lite

"D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.4.0

"ESN Sonar-0.70.4" = ESN Sonar

"EXPERTool_is1" = EXPERTool 7.6

"facemoods" = Facemoods Toolbar

"Fraps" = Fraps (remove only)

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager

"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III

"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Full)

"Left 4 Dead" = Left 4 Dead

"LogMeIn Hamachi" = LogMeIn Hamachi

"MAGIX_MSI_Videodeluxe18" = MAGIX Video deluxe MX Download-Version

"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Origin" = Origin

"Picasa 3" = Picasa 3

"PunkBusterSvc" = PunkBuster Services

"Steam App 113200" = The Binding of Isaac

"Steam App 17480" = Command and Conquer: Red Alert 3

"Steam App 33910" = ARMA 2

"Steam App 33930" = ARMA 2: Operation Arrowhead

"Steam App 42680" = Call of Duty: Modern Warfare 3

"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer

"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server

"Steam App 42910" = Magicka

"Steam App 440" = Team Fortress 2

"Steam App 4550" = Titan Quest: Immortal Throne

"Steam App 91310" = Dead Island

"SysInfo" = Creative Systeminformationen

"TeamViewer 7" = TeamViewer 7

"VLC media player" = VLC media player 1.1.11

"WinLiveSuite" = Windows Live Essentials

"WNLT" = IB Updater Service

"Xfire" = Xfire (remove only)

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2404320335-3350039560-2802301541-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich

"Dropbox" = Dropbox

"SOE-C:/Users/Jan/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater

"SOE-D:/Planetside2" = gamelauncher-ps2-psg

"soe-PlanetSide 2 PSG" = PlanetSide 2

"Spotify" = Spotify

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 16.06.2013 09:09:44 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100

Description = ERROR: mDNSPlatformReadTCP - recv: 10053 

 

Error - 16.06.2013 09:09:44 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100

Description = 660: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

 

Error - 16.06.2013 09:09:44 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100

Description = ERROR: mDNSPlatformReadTCP - recv: 10053 

 

Error - 16.06.2013 09:09:44 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100

Description = 660: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

 

Error - 16.06.2013 09:09:44 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100

Description = ERROR: mDNSPlatformReadTCP - recv: 10053 

 

Error - 16.06.2013 09:09:44 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100

Description = 660: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

 

Error - 16.06.2013 09:09:44 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100

Description = ERROR: mDNSPlatformReadTCP - recv: 10053 

 

Error - 16.06.2013 09:09:44 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100

Description = 660: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

 

Error - 16.06.2013 09:09:44 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100

Description = ERROR: mDNSPlatformReadTCP - recv: 10053 

 

Error - 16.06.2013 09:09:44 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100

Description = 660: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

 

[ System Events ]

Error - 16.06.2013 07:37:41 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1069

 

Error - 17.06.2013 11:25:31 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 17.06.2013 11:27:51 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7038

Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"

 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern

 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft

 Management Console (MMC).

 

Error - 17.06.2013 11:27:51 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1069

 

Error - 18.06.2013 11:24:01 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 18.06.2013 11:26:12 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7038

Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"

 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern

 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft

 Management Console (MMC).

 

Error - 18.06.2013 11:26:12 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1069

 

Error - 19.06.2013 09:12:10 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 19.06.2013 09:14:23 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7038

Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"

 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern

 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft

 Management Console (MMC).

 

Error - 19.06.2013 09:14:23 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1069

 

 

< End of report >

--- --- ---

OTL Logfile:

Code:

OTL logfile created on: 20.06.2013 00:50:12 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,99 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,08% Memory free

7,98 Gb Paging File | 6,25 Gb Available in Paging File | 78,36% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195,21 Gb Total Space | 99,81 Gb Free Space | 51,13% Space Free | Partition Type: NTFS

Drive D: | 400,86 Gb Total Space | 243,85 Gb Free Space | 60,83% Space Free | Partition Type: NTFS

Drive F: | 931,51 Gb Total Space | 433,38 Gb Free Space | 46,52% Space Free | Partition Type: NTFS

 

Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC -  File not found

PRC - C:\Users\Jan\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Safari\Safari.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe (Apple Inc.)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\EXPERTool\TBPANEL.exe (Gainward Co.)

PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

MOD - C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe ()

MOD - C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll ()

MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\ASUSSERVICE.DLL ()

MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll ()

MOD - C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ()

MOD - C:\Windows\SysWOW64\AsIO.dll ()

MOD - C:\Program Files (x86)\EXPERTool\TBManage.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (Printer Control) -- C:\Windows\SysNative\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (DisplayFusionService) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)

SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (UHSfiltv) -- C:\Windows\SysNative\drivers\UHSfiltv.sys (Creative Technology Ltd.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)

DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)

DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)

DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)

DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 61 2C 5E 16 82 CC 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.27 21:54:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.27 21:54:21 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2011.11.02 21:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions

[2013.06.19 19:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\7lo1gnue.default\extensions

[2012.12.14 00:16:19 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\7lo1gnue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2013.06.19 15:12:11 | 000,002,120 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\7lo1gnue.default\searchplugins\MyStart.xml

[2013.05.24 12:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2013.05.24 12:58:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Download-Version\TrayServer_de.exe (MAGIX AG)

O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)

O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)

O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = D:\Xfire\Xfire.exe (Xfire Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\ICQ7.6\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\ICQ7.6\ICQ.exe (ICQ, LLC.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BA3542D-D6F0-4CA1-A2A9-D97F66A1748B}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.06.19 19:02:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013.06.16 23:45:52 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Holi2013

[2013.06.16 20:45:12 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{3217048B-1CB5-4222-8FD5-34EDC74F2184}

[2013.06.16 13:41:56 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\DCIM

[2013.05.27 21:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2013.05.24 12:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.05.22 17:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2013.05.22 17:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[1 C:\Users\Jan\*.tmp files -> C:\Users\Jan\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.06.20 00:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.06.19 22:10:50 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2013.06.19 22:10:50 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2013.06.19 22:10:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2013.06.19 19:22:07 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.06.19 19:22:07 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.06.19 19:14:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.06.19 19:14:33 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys

[2013.06.16 23:52:10 | 000,430,087 | ---- | M] () -- C:\Users\Jan\Desktop\Untitled.camproj

[2013.06.16 21:39:26 | 000,001,447 | ---- | M] () -- C:\Users\Jan\Desktop\Unbenannt.png

[2013.06.16 13:40:32 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.06.16 13:40:32 | 000,656,044 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.06.16 13:40:32 | 000,616,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.06.16 13:40:32 | 000,130,676 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.06.16 13:40:32 | 000,106,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.06.12 23:22:39 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini

[2013.05.25 22:52:46 | 000,428,330 | ---- | M] () -- C:\Users\Jan\Documents\seite2.jpg

[2013.05.25 22:52:32 | 000,320,675 | ---- | M] () -- C:\Users\Jan\Documents\seite1.jpg

[2013.05.21 11:38:28 | 000,418,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[1 C:\Users\Jan\*.tmp files -> C:\Users\Jan\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.06.16 22:15:01 | 000,430,087 | ---- | C] () -- C:\Users\Jan\Desktop\Untitled.camproj

[2013.06.16 21:39:26 | 000,001,447 | ---- | C] () -- C:\Users\Jan\Desktop\Unbenannt.png

[2013.05.25 22:52:03 | 000,428,330 | ---- | C] () -- C:\Users\Jan\Documents\seite2.jpg

[2013.05.25 22:51:56 | 000,320,675 | ---- | C] () -- C:\Users\Jan\Documents\seite1.jpg

[2013.04.25 21:08:26 | 000,097,376 | ---- | C] () -- C:\Users\Jan\Video call snapshot 1.png

[2013.03.21 06:10:18 | 000,042,880 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2012.11.12 21:13:36 | 000,000,036 | ---- | C] () -- C:\Windows\nfsc_patch.ini

[2012.10.16 20:40:02 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012.08.22 19:23:14 | 000,151,046 | ---- | C] () -- C:\Users\Jan\IMG_0058.JPG

[2012.08.22 19:23:14 | 000,133,540 | ---- | C] () -- C:\Users\Jan\IMG_0059.JPG

[2012.07.06 18:22:16 | 000,206,848 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012.07.06 18:22:16 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2012.06.01 20:39:25 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll

[2012.01.29 21:44:08 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini

[2011.11.29 22:45:46 | 000,002,309 | ---- | C] () -- C:\Users\Jan\OpenOffice.odb

[2011.10.18 15:27:55 | 000,184,900 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011.10.08 21:39:05 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.10.08 21:39:04 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.10.03 16:57:00 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2011.10.03 16:56:59 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011.10.03 16:56:56 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2011.10.03 16:56:56 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2011.10.03 16:29:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011.10.03 16:28:59 | 000,023,026 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2011.07.20 12:11:54 | 000,000,200 | ---- | C] () -- C:\Windows\UHSConfig.ini

[2011.07.04 07:36:38 | 000,002,169 | ---- | C] () -- C:\Windows\FatWcfg.ini

[2011.07.04 07:36:38 | 000,000,388 | ---- | C] () -- C:\Windows\FatWMCcfg.ini

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2013.04.05 20:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\.minecraft

[2012.09.27 23:20:30 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Audacity

[2012.01.16 01:21:11 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\avidemux

[2013.04.01 20:06:43 | 000,000,000 | -HSD | M] -- C:\Users\Jan\AppData\Roaming\Common

[2012.11.10 21:46:41 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite

[2013.05.01 23:36:19 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DisplayFusion

[2013.05.26 15:00:57 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Dropbox

[2012.12.22 01:28:40 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoft

[2013.05.10 11:42:58 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ICQ

[2012.06.01 20:39:53 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\iVisit Data

[2012.11.11 00:27:48 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\L4dOgerLauncher

[2011.10.09 15:41:51 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\LolClient

[2012.05.25 19:05:14 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\LolClient2

[2012.08.28 01:18:49 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\MAGIX

[2013.01.27 20:52:06 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ObviousIdea

[2011.11.29 22:44:36 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\OpenOffice.org

[2013.06.04 18:13:16 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Origin

[2012.05.20 19:23:33 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PhotoScape

[2012.01.29 21:45:32 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Red Alert 3

[2012.07.26 19:17:01 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\six-updater

[2012.07.24 20:34:46 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\six-zsync

[2012.01.27 01:19:20 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Sony

[2013.06.20 00:06:00 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Spotify

[2011.12.04 00:11:48 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TeamViewer

[2012.10.15 20:37:35 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TechSmith

[2012.09.15 16:28:10 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Teeworlds

[2013.06.19 21:19:51 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TS3Client

[2011.10.08 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ts3overlay

[2011.12.24 12:33:52 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\VSO

[2012.09.30 19:14:57 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\WindSolutions

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---