TR/Kazy.24162.13 gefunden

Gerd21 · 22.10.2012, 22:11

Hallo Trojaner-Board,
Gestern hat Avira, auf meinem Rechner ein Virus gefunden und nachdem ich Tante Google befragte, hab ich mich entschlossen eurem Lösungsweg zu folgen, statt es einfach zu entfernen und mich dann vermeindlich sicher zu fühlen.

Hier noch einige maßnahmen die ich vorher noch durchgeführt habe:
-Kompletter scan durch Avira (Virus nicht gelöscht sondern in Quarantaine behalten)
-entfernen von deamontools, weil das wohl die Warnung beim kommpletten Scan auslöst

Ich hoffe ihr verzeiht mir Anfängerfehler, denn das ist das erste mal das ich in einem Forum schreibe.

Hier das log von Avira (bei fund)

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 21. Oktober 2012  12:52

Es wird nach 4377992 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : PC-SCHROTTLAUBE

Versionsinformationen:
BUILD.DAT      : 12.0.0.870     41827 Bytes  09.12.2011 13:59:00
AVSCAN.EXE     : 12.1.0.18     490448 Bytes  09.12.2011 11:39:55
AVSCAN.DLL     : 12.1.0.17      65744 Bytes  09.12.2011 11:40:16
LUKE.DLL       : 12.1.0.17      68304 Bytes  09.12.2011 11:40:03
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 15:45:02
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 15:27:04
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 19:20:59
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 16:52:07
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 15:40:34
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 17:09:33
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 20:04:54
VBASE007.VDF   : 7.11.45.207  2363904 Bytes  11.10.2012 14:48:00
VBASE008.VDF   : 7.11.45.208     2048 Bytes  11.10.2012 14:48:00
VBASE009.VDF   : 7.11.45.209     2048 Bytes  11.10.2012 14:48:00
VBASE010.VDF   : 7.11.45.210     2048 Bytes  11.10.2012 14:48:00
VBASE011.VDF   : 7.11.45.211     2048 Bytes  11.10.2012 14:48:00
VBASE012.VDF   : 7.11.45.212     2048 Bytes  11.10.2012 14:48:00
VBASE013.VDF   : 7.11.45.213     2048 Bytes  11.10.2012 14:48:00
VBASE014.VDF   : 7.11.46.65    220160 Bytes  16.10.2012 16:27:54
VBASE015.VDF   : 7.11.46.153   173568 Bytes  18.10.2012 17:04:30
VBASE016.VDF   : 7.11.46.223   162304 Bytes  19.10.2012 09:26:03
VBASE017.VDF   : 7.11.46.224     2048 Bytes  19.10.2012 09:26:03
VBASE018.VDF   : 7.11.46.225     2048 Bytes  19.10.2012 09:26:03
VBASE019.VDF   : 7.11.46.226     2048 Bytes  19.10.2012 09:26:03
VBASE020.VDF   : 7.11.46.227     2048 Bytes  19.10.2012 09:26:03
VBASE021.VDF   : 7.11.46.228     2048 Bytes  19.10.2012 09:26:03
VBASE022.VDF   : 7.11.46.229     2048 Bytes  19.10.2012 09:26:03
VBASE023.VDF   : 7.11.46.230     2048 Bytes  19.10.2012 09:26:03
VBASE024.VDF   : 7.11.46.231     2048 Bytes  19.10.2012 09:26:03
VBASE025.VDF   : 7.11.46.232     2048 Bytes  19.10.2012 09:26:03
VBASE026.VDF   : 7.11.46.233     2048 Bytes  19.10.2012 09:26:03
VBASE027.VDF   : 7.11.46.234     2048 Bytes  19.10.2012 09:26:03
VBASE028.VDF   : 7.11.46.235     2048 Bytes  19.10.2012 09:26:03
VBASE029.VDF   : 7.11.46.236     2048 Bytes  19.10.2012 09:26:03
VBASE030.VDF   : 7.11.46.237     2048 Bytes  19.10.2012 09:26:03
VBASE031.VDF   : 7.11.46.252    23552 Bytes  20.10.2012 17:04:32
Engineversion  : 8.2.10.187
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 17:21:49
AESCRIPT.DLL   : 8.1.4.60      463227 Bytes  05.10.2012 14:42:16
AESCN.DLL      : 8.1.9.2       131444 Bytes  26.09.2012 17:08:07
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 17:10:36
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL     : 8.3.0.38      811382 Bytes  28.09.2012 20:03:48
AEOFFICE.DLL   : 8.1.2.48      201082 Bytes  24.09.2012 17:25:57
AEHEUR.DLL     : 8.1.4.118    5423480 Bytes  11.10.2012 17:58:14
AEHELP.DLL     : 8.1.25.2      258423 Bytes  11.10.2012 17:58:13
AEGEN.DLL      : 8.1.5.38      434548 Bytes  26.09.2012 17:08:06
AEEXP.DLL      : 8.2.0.6       115060 Bytes  11.10.2012 17:58:14
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 17:21:48
AECORE.DLL     : 8.1.28.2      201079 Bytes  26.09.2012 17:08:06
AEBB.DLL       : 8.1.1.3        53621 Bytes  18.10.2012 17:04:31
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  09.12.2011 11:39:57
AVPREF.DLL     : 12.1.0.17      51920 Bytes  09.12.2011 11:39:55
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 15:45:02
AVARKT.DLL     : 12.1.0.19     208848 Bytes  09.12.2011 11:39:53
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  09.12.2011 11:39:54
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  09.12.2011 11:40:07
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  09.12.2011 11:39:56
NETNT.DLL      : 12.1.0.17      17104 Bytes  09.12.2011 11:40:03
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  09.12.2011 11:40:18
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  09.12.2011 11:40:19

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50839f76\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Auszulassende Dateien.................: C:\Program Files (x86)\Origin, C:\Program Files (x86)\Origin Games, 
Abweichende Gefahrenkategorien........: +JOKE,+PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 21. Oktober 2012  12:52

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTXFISPI.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wh_exec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ctxfihlp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolPanlu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MDM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Games\Battlefield Vietnam\eReg\Battlefield Vietnam_eReg.exe'
C:\Games\Battlefield Vietnam\eReg\Battlefield Vietnam_eReg.exe
  [FUND]      Ist das Trojanische Pferd TR/Kazy.24162.13

Beginne mit der Desinfektion:
Die Datei '\\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Battlefield Vietnam\Produktregistrierung.lnk' wurde ins Quarantäneverzeichnis verschoben.
C:\Games\Battlefield Vietnam\eReg\Battlefield Vietnam_eReg.exe
  [FUND]      Ist das Trojanische Pferd TR/Kazy.24162.13
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4eeb6329.qua' verschoben!
  [HINWEIS]   Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Programs> wurde erfolgreich repariert.
  [HINWEIS]   Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Programs> wurde erfolgreich repariert.
  [HINWEIS]   Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Programs> wurde erfolgreich repariert.
  [HINWEIS]   Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Programs> wurde erfolgreich repariert.
  [HINWEIS]   Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Start Menu> wurde erfolgreich repariert.
  [HINWEIS]   Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Start Menu> wurde erfolgreich repariert.
  [HINWEIS]   Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Start Menu> wurde erfolgreich repariert.
  [HINWEIS]   Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Start Menu> wurde erfolgreich repariert.


Ende des Suchlaufs: Sonntag, 21. Oktober 2012  13:56
Benötigte Zeit: 00:00 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
     16 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
     15 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.

danach komplettscan mit Avira, log ist im Anhang (keine weiteren Funde)

Heute

Defogger an

Otl log im Anhang

Das Extra.txt ist zu groß für einen Anhang und zu lang um es in den Text zu integrieren

Ich hoffe ihr könnt mir helfen und ich bedanke mich schon mal im voraus

PS habe das grad noch in einem anderen Thread TR/Katzy.14262.13 gefunden Zitat markusg:

Zitat:

C:\Program Files (x86)\EA GAMES\Battlefield 1942\Mods\XPack2\eReg\Battlefield 1942 Secret Weapons of WWII_eReg.exe
stammt dies von der original quelle oder nen gecracktes spiel?

denn bei mir heißt der Virus:
C:\Games\Battlefield Vietnam\eReg\Battlefield Vietnam_eReg.exe
nur fals da ein Zusammenhang besteht
Das Spiel ist übrigens auch Orginal

PPS bei näherem hinsehen hat er den gleichen TR/Kazy.24162.13 hat im Titel nur die Zahlen vertauscht

schrauber · 23.10.2012, 08:00

Hi,

Battlefield löschen.

kannst Du die logs bitte in den Thread posten? Ich kann auf Arbeit keine Anhänge laden.

kira · 23.10.2012, 08:01

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Hilfeleistung - geplante Vorgehensweise:

Problemsuche
Problembeseitigung/Systembereinigung
Verwendete Programme deinstallieren/entfernen
Thema abschließen: Tipps zur Computersicherheit

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Hast Du OTL falsch gespeichert:
es muss auf dem Desktop abgelegt werden!
Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
also entfernen und erneut herunterladen:
-> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Nach speichern in der Log-Datei soll etwa so aussehen:

Zitat:

Folder = C:\Users\***\Desktop

3.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Mache Häckchen bei LOP- und Purity-Prüfung
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

5.
Avira Free Antivirus - Funde exportieren

Rechtsklick auf den AntiVir-Schirm in der Taskleiste => Avira Free Antivirus starten => Verwaltung => Ereignisse
Links bei Filter nur "Fund" anhaken.
Jeden Fund markieren (nicht alle Ereignisse, nur Funde) => Rechtsklick auf Funde => Ereignis(se) exportieren
und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten.

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Gerd21 · 23.10.2012, 08:16

Danke das ihr so schnell reagieren konntet.
Da ich selber zur zeit auf Arbeit bin, kann ich erst ab 17:30 Uhr eure bis jetzt gegebenen Anweisungen ausführen.

dann ertmal bis dahin

Hier das mbam log

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Schrottlaube :: PC-SCHROTTLAUBE [Administrator]

23.10.2012 18:42:42
mbam-log-2012-10-23 (21-29-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 783793
Laufzeit: 2 Stunde(n), 44 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ich wiederhole jetzt otl aber diesmal auf denm Desktop

Hier das Otl log

Code:

ATTFilter

OTL logfile created on: 23.10.2012 21:46:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schrottlaube\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 5,43 Gb Available Physical Memory | 67,95% Memory free
15,98 Gb Paging File | 13,56 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 755,73 Gb Free Space | 54,09% Space Free | Partition Type: NTFS
 
Computer Name: PC-SCHROTTLAUBE | User Name: Schrottlaube | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Schrottlaube\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Advanced Wheel Mouse\wh_exec.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - C:\Advanced Wheel Mouse\wh_exec.exe ()
MOD - C:\Advanced Wheel Mouse\wh_hook.dll ()
MOD - C:\Windows\SysWOW64\CTXFIGER.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SaiDOutput) -- C:\Programme\Saitek\DirectOutput\DirectOutputService.exe (Saitek)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (SaiH0762) -- C:\Windows\SysNative\drivers\SaiH0762.sys (Saitek)
DRV:64bit: - (whfltr2k) -- C:\Windows\SysNative\drivers\whfltr2k.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 0F 0D BE 4D 73 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..extensions.enabledAddons: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.10.0.3
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.21 20:04:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.21 20:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.21 20:04:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.21 20:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.21 20:04:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.21 20:08:02 | 000,000,000 | ---D | M]
 
[2009.12.14 17:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\Extensions
[2012.10.23 18:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\Firefox\Profiles\9sywmvez.default\extensions
[2012.09.26 21:02:25 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\Firefox\Profiles\9sywmvez.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2012.07.24 23:20:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.19 20:21:29 | 000,000,933 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\11-suche.xml
[2011.12.19 20:21:30 | 000,002,419 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 20:21:29 | 000,010,525 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\gmx-suche.xml
[2012.10.21 18:54:47 | 000,000,950 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin-1.xml
[2010.06.29 19:43:06 | 000,000,950 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin-2.xml
[2010.07.21 17:16:04 | 000,000,950 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin-3.xml
[2010.07.25 06:26:46 | 000,000,950 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin-4.xml
[2010.09.09 21:44:32 | 000,000,950 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin-5.xml
[2010.02.03 15:38:36 | 000,000,947 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin.xml
[2011.12.19 20:21:30 | 000,002,457 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\lastminute.xml
[2011.12.19 20:21:29 | 000,005,508 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\webde-suche.xml
[2012.10.21 19:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.20 23:26:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.20 23:26:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.20 23:26:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.20 23:26:28 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.23 10:31:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 11:58:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 10:31:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 10:31:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 10:31:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 10:31:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96C9C0F1-1C40-4787-9473-42B415C208BC}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d9ef8470-5076-11df-a261-8e1b2a8e5597}\Shell - "" = AutoRun
O33 - MountPoints2\{d9ef8470-5076-11df-a261-8e1b2a8e5597}\Shell\AutoRun\command - "" = F:\autorun1.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 21:41:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schrottlaube\Desktop\OTL.exe
[2012.10.23 18:40:35 | 000,000,000 | ---D | C] -- C:\Users\Schrottlaube\AppData\Roaming\Malwarebytes
[2012.10.23 18:40:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.23 18:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.23 18:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.23 18:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.21 20:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.10.21 20:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.10.21 20:07:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.21 19:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.10.21 19:39:57 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.10.21 19:39:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.10.21 19:39:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.10.21 19:39:51 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.10.21 19:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.10.21 19:25:02 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.10.21 19:25:02 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.10.21 19:24:48 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.10.20 23:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.13 10:39:42 | 000,000,000 | ---D | C] -- C:\Users\Schrottlaube\Documents\FOMM
[2012.10.11 22:23:20 | 000,000,000 | ---D | C] -- C:\Users\Schrottlaube\AppData\Local\FOMM
[2012.10.10 20:10:07 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 20:10:07 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 20:10:07 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 20:09:58 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 20:09:42 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 20:09:42 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 20:09:41 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 20:09:41 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 20:09:40 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 20:09:40 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 20:09:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 20:09:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 20:09:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 20:09:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 20:09:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 20:09:40 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 20:09:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 20:09:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 20:09:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 20:09:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 20:09:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 20:09:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 20:09:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 20:09:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 20:09:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 20:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 20:09:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 20:09:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 20:09:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 20:09:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 20:09:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 20:09:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 20:09:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 20:09:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 20:09:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 20:09:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 20:09:20 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 20:09:20 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.09.30 20:59:32 | 000,000,000 | ---D | C] -- C:\Users\Schrottlaube\Documents\4A Games
[2012.09.30 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Schrottlaube\AppData\Local\4A Games
[2012.09.26 19:12:47 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 21:41:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schrottlaube\Desktop\OTL.exe
[2012.10.23 21:25:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 18:40:03 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.23 18:26:44 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 18:26:44 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 18:23:49 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.23 18:23:49 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.23 18:23:49 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.23 18:23:49 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.23 18:23:49 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.23 18:19:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.23 18:18:48 | 2139,738,111 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.22 23:49:11 | 000,062,020 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.10.22 23:49:11 | 000,062,020 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.10.22 23:49:11 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.10.22 21:30:45 | 000,000,020 | ---- | M] () -- C:\Users\Schrottlaube\defogger_reenable
[2012.10.21 19:39:43 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.10.21 19:39:42 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.10.21 19:39:42 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.10.21 19:39:42 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.10.21 19:39:42 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.10.21 19:39:42 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.10.21 19:24:39 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.10.21 19:24:38 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.10.21 19:24:38 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.10.21 19:24:38 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.10.21 19:24:38 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.10.21 19:24:38 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.10.09 20:25:20 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 20:25:20 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.08 21:38:04 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.10.08 21:38:04 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.08 21:33:54 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.23 18:40:03 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.22 21:30:45 | 000,000,020 | ---- | C] () -- C:\Users\Schrottlaube\defogger_reenable
[2012.10.21 20:08:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.06.23 10:31:12 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2012.06.23 10:24:39 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.11.21 19:39:17 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.11 08:11:40 | 000,007,612 | ---- | C] () -- C:\Users\Schrottlaube\AppData\Local\Resmon.ResmonCfg
[2011.03.29 23:54:48 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.03.29 23:54:47 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.03 23:40:30 | 000,000,100 | ---- | C] () -- C:\Users\Schrottlaube\AppData\Local\fusioncache.dat
[2010.11.03 23:38:30 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.13 14:38:08 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\.minecraft
[2010.02.26 00:16:19 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\Amazon
[2010.06.27 20:09:51 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010.04.25 16:31:32 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\DAEMON Tools Lite
[2010.11.14 11:01:54 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\LucasArts
[2010.07.05 20:36:01 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\Mount&Blade
[2012.06.10 17:22:29 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\Mount&Blade Warband
[2012.10.08 21:01:43 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\Origin
[2009.12.19 13:04:27 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\ProtectDisc
[2012.09.09 20:33:54 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\Screaming Bee
[2012.07.29 21:59:56 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\six-updater
[2012.06.27 19:58:06 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\six-zsync
[2009.12.14 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\Smart Recorder
[2010.12.26 10:00:55 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\Spore
[2011.12.18 01:24:04 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\The Creative Assembly
[2012.04.09 19:36:57 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\Tropico 3
[2012.07.24 00:16:17 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\TS3Client
[2012.08.18 16:16:17 | 000,000,000 | ---D | M] -- C:\Users\Schrottlaube\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 

< End of report >

Gerd21 · 23.10.2012, 21:09

und das extra.txt

Code:

ATTFilter

OTL Extras logfile created on: 23.10.2012 21:46:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schrottlaube\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 5,43 Gb Available Physical Memory | 67,95% Memory free
15,98 Gb Paging File | 13,56 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 755,73 Gb Free Space | 54,09% Space Free | Partition Type: NTFS
 
Computer Name: PC-SCHROTTLAUBE | User Name: Schrottlaube | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E124BA0-57EE-4615-9734-5D1A357F16AE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{29966745-10D6-46BC-8CF7-7E64B9DDE591}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4B0E8B25-56B2-4338-8E28-C3CDC1D8DFCF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5420D8D6-C587-4594-A4A9-E630EF81818A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{579700F9-2F58-4182-92FB-B869E9FCE65D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{83B9D99B-BDFF-42B7-A923-EC0CDE5D1F08}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85A2D39B-BAA4-4142-92B0-CFFAD8C23DC5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{92626002-0609-465B-BF26-A0C6A6B9368A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F2DD5C2E-0FDB-4F48-8878-FD5EDCD945F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F4C4002D-2C7F-467F-9E13-3CE07D06E2D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FFD704CD-4662-4B03-93B6-40C8C10CC837}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0085E002-B721-4C57-8A58-2848C9D1981B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | 
"{00F552F3-9D0D-4A32-A31E-68E28124CBDB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{018CEDE5-CC92-4FA8-B956-D7E95725BCA9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{01986AC2-5EAE-4F38-860E-0FEAF14847EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monkey2\monkey2.exe | 
"{0420CA8C-103C-4230-B127-6F18AD863E8C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe | 
"{06B51970-36BB-484B-BC25-553579E6D6B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{070A413B-807C-4B93-9504-3786525DD0BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0829D836-EF34-4363-8D4A-63B847E6EE90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\soldiers heroes of world war 2\soldiers.exe | 
"{08E5B7C4-3BF1-4E39-8114-57B3FDA8ECB3}" = protocol=17 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe | 
"{09346987-2F4E-4534-87A0-E4BBF605D373}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe | 
"{0987AE7F-6A8C-4963-BFA1-4B7FAEF8938A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{09D98B7F-E446-4476-B9CC-A02B62F9A2D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\day of defeat source\hl2.exe | 
"{0C207937-727C-4699-B655-065F985FBE8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{0C383EBE-360E-4FB6-9205-05383E276F6D}" = protocol=6 | dir=in | app=c:\games\coh\relicdownloader\relicdownloader.exe | 
"{0C622F5E-A8F8-447F-B910-B58C4240C844}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{0DE6F7AE-6652-48D0-B6A2-2A9B163F1AF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm | 
"{0EFFE772-B1D3-4FE6-9DBD-916279AFE01D}" = protocol=17 | dir=in | app=c:\games\sins of a solar empire\sins of a solar empire.exe | 
"{0FDDA832-A9A1-4697-ADF5-D2864E2FD4A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\help.htm | 
"{1023B39A-FA86-4179-8FA5-C3BFAA8F8D6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe | 
"{110B298A-D872-489F-925C-7747316F6E37}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | 
"{1115FDCD-09CB-4182-B45A-08E8147BD50A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm | 
"{116F80FF-9A21-4EB3-8DBA-0EDD4577A1FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{11F6FF81-315F-4E5D-91EF-FED456F1CDCC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | 
"{12F7699A-6DAA-4DEC-8B21-31E8C3307330}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{132A9B97-CB52-4DB0-A4E6-B311C99F46D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1340B1F2-FC2A-4728-8838-B55EEE37E457}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{13786A51-5212-4047-AEE3-0489E0D3147C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{13A24538-971F-41B4-914A-2CEE035316ED}" = protocol=17 | dir=in | app=c:\games\coh\relicdownloader\relicdownloader.exe | 
"{148DB922-4D08-4EC2-A1C8-322A017015B4}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{1493EDEB-72F2-4911-84BC-DA0693A2F294}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico\tropico.exe | 
"{14CED07A-71DD-4EB2-8D25-F75A62EAF199}" = protocol=6 | dir=in | app=c:\games\sins of a solar empire\sins of a solar empire.exe | 
"{15856B59-DF3B-4819-AAF1-515489E6609F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | 
"{1622C2D7-18F1-402F-A8C1-DC468F786A0B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1623CF0C-E583-417E-B783-6AD108034B21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm | 
"{1651CB70-088A-4BB7-AE81-09D0AA93F5B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{17F6CA13-31BF-442C-AC1C-092BDECB21F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{18558BD6-5EF4-4812-B844-475552EF5FC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{194BF4EE-BFAE-4DF5-AFD6-085251101345}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{1ACB61A2-8EA9-4D07-A6FF-C9DE343C2CC4}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | 
"{1B43A380-D39B-4DD9-9227-185475BBB49D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{1B99AFC9-480C-4829-BA8A-33B5BC3ADDED}" = protocol=6 | dir=in | app=c:\games\pro evolution soccer 2010\pes2010.exe | 
"{1C31D77A-019B-40C5-B79F-5C9798731AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe | 
"{1D1D2058-B2C2-4DDA-A75A-93178843B75C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1D430CA0-92B0-464F-A319-4BB90B067002}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{1E80C897-2F54-4976-B5D9-D2DEFC02D4C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E8A0A6D-0ED7-4E4F-8E10-8CB8557763A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of juarez - bound in blood\cojbibgame_x86.exe | 
"{1F86E511-FFE5-4482-B378-00F5314577D2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1FCE7730-8EB8-4BE5-AE48-766DD1FFBC61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{1FE50074-2538-49F3-8225-A197BF475000}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe | 
"{200DB7D0-720A-400D-867E-E9D1B558DCB8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{20C7D074-7D14-4B9F-9AC5-8B0C37F8BCB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe | 
"{20D52F34-18D7-49FE-9FA9-95923BF052A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | 
"{20E669DF-0865-46CD-AB6C-7BB7CA558B65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{2126902F-1A4E-422A-958D-B1CD14546B7C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{21CD1435-E061-4600-B328-B830425E2979}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{22CAFB24-872C-4F2D-9E81-DA9BD38DDCAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{22D5A2AA-5481-48BB-92BF-F04173920049}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kane and lynch dead men\launcher.exe | 
"{23039CF7-7141-45FA-95C6-5FA3370837B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe | 
"{23E9C203-BEAB-446D-BA50-259281B965EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{24E96351-C6E0-4C4E-B219-64E0483688FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra\system\redorchestra.exe | 
"{2616FE6C-8A90-4266-AB99-14115FA52AB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{26B817A9-53D6-4825-84E5-EB0BCB0D21A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 2\tropico2.exe | 
"{28C7FD98-C9FB-43E8-AFB7-D2B99C628233}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | 
"{28F4C9FD-265A-43EE-8606-C5F34560304A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{29ADB2C1-F9C0-4601-B753-8B07A18D61F7}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{2AD033EB-679A-4C1A-A852-D1122CB8CDAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{2AD11999-E5BE-40B9-B94B-05ED6725DC94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{2AFB9265-5A1F-4B07-97A3-2C8D88F37AED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2BE2C165-EF6B-4DCC-99AE-845386C1A3DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow.exe | 
"{2CCBB9B3-BB0B-497D-B957-BE9BA0C8A14F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{2E1A0005-1E08-4CB0-B16E-531008E950E5}" = protocol=6 | dir=in | app=c:\games\civ iv\warlords\civ4warlords.exe | 
"{2ECA68A3-FB8F-4CCA-ABA9-3C1C95D6C362}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm | 
"{2FC11BC1-43C6-4DD5-A88E-EC05697AFFC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{32B4D2B1-3A00-4F03-8758-2A23AE0ED077}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wolves\starwolves.exe | 
"{33AB5447-EDF7-492F-922E-D9E6B1671BC4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{346455D6-EB43-470A-BC95-EB8F4B3057B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{35556E39-EBA1-4451-BE2E-6C560BE6F536}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm | 
"{3604E833-92CD-417A-807E-D79228DB8F54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{36B20AF2-E5C1-414F-B9A7-A67EECDA6925}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe | 
"{373DD96C-32B3-48D0-BC50-CCB472828E7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{3826AA7E-8F0D-4FF0-9DED-48238E8A2699}" = protocol=17 | dir=in | app=c:\games\supcom\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{383D2826-C657-4680-B96E-5C44057200D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | 
"{38B22492-86FE-4224-9367-D0AF70DA7C45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm | 
"{38E0CDCE-A0AC-4EFC-8DF1-2AB007717B2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow.exe | 
"{3A085EAD-F4F7-4D0C-B2E2-7EDB59BF3B84}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3B58D702-A0E9-48B7-9F56-466E5D39A29D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\galactic civilizations ii - ultimate edition\twilight\gc2twilightofthearnor.exe | 
"{3C123164-AC00-4502-BF32-099E234E2BC5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{3C4436B0-E02D-45CB-B75F-F12F74743316}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3C9B8037-F8E0-4AB0-83C2-7FB743D501F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | 
"{3CB2E063-1DF7-4708-BBE2-ABED3F092193}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{3D3DE8E6-9416-4BE7-B3B2-001287E2146A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3E4436C7-B798-4D05-85BC-D8149E2C9A2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3F5DDAD1-07FA-4FD5-9408-7E4F42BD6E8C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3F92D3E3-0B5F-49A8-B9A0-736D1F54AEAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{3FA7ABEE-2C17-444A-860D-98BFE97F7E03}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{40358949-EB04-48BF-A2CD-02C53136611B}" = protocol=17 | dir=in | app=c:\games\civ iv\warlords\civ4warlords_pitboss.exe | 
"{408FBB4A-9880-4920-8FBB-FBDEDB51C346}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{410630AD-0910-4B8C-A0FB-1984907D70DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{42834C08-EFB0-4129-93E9-2770BC02037E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wolves 2\star wolves 2.exe | 
"{42F1AD0E-8F7E-44FF-99BA-D418E729B08C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\soldiers heroes of world war 2\soldiers.exe | 
"{431E0F22-8F48-451E-8DF0-5D9B09388DC6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wolves\starwolves.exe | 
"{43551FBB-5E21-4EDA-A6DF-DD734AF18DE3}" = protocol=17 | dir=in | app=c:\games\pro evolution soccer 2010\pes2010.exe | 
"{4361CC00-2A76-4BBC-AB46-4844BF19C5A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{43A033C5-E636-4FD3-B182-FBC4A22329DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{43EFBC8D-8273-47DC-8EA1-A626A541CC5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | 
"{44545F0B-8507-493B-820E-E011143EBED7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{44E16171-8D00-4C2A-915E-F5945B105FAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\soldiers heroes of world war 2\soldiers.exe | 
"{45A01484-0959-44B2-98A5-71C498C31EA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wolves\starwolves.exe | 
"{45DA23A8-5E20-4565-83F2-49CC38458B69}" = protocol=6 | dir=in | app=c:\games\supcom\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{467F922E-D2D4-4F24-ABE0-7DA71BC98B21}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{46CCAA05-C6BF-4728-8D8A-324166438EA9}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{474181E8-C42A-440C-B4DD-7FE599365E27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm | 
"{474FFA5E-F1D4-49DD-A513-5DC4B237CE22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow_editor.exe | 
"{47719396-1AAD-4B3F-A5B3-9B887F4A499E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{48213793-43F6-4F04-BF99-6818E910959E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | 
"{486F73F0-3FAF-45CC-8F6E-893B04E73DE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{495678AD-99AE-4D67-9F85-A64D2125BAA8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{49F2AB2D-C6C3-4CF7-B64D-BD6DAEC563DD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{49FB07DA-3557-4890-8701-1D85B5ACAFF2}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | 
"{4AA93E8E-E9A2-47A1-A072-54FEAB36E114}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe | 
"{4D95AC68-C490-4BCD-990F-4D4279872D83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4DAC523C-859C-446B-A133-49398C69A990}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war red tide\redtide.exe | 
"{51310513-BC85-43C4-B042-6FA2750D6FE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{515E2E51-3716-475A-9A36-81EB4C7FEA0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe | 
"{52C40D45-F3A7-43B2-988E-20124D15960B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{52CEBA5C-DD71-4704-B233-B84F2C6B8D53}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{53231E1C-B485-4BC9-970D-C6B04B932828}" = protocol=58 | dir=in | app=system | 
"{53F3247B-5905-4310-9565-1E9C5346877E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{55408D41-95B2-4E99-84C0-6DF50C471BE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{568D890F-47B6-45F7-BEC5-969A520105AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{56930DA3-6086-4669-9EF5-3A55F331771C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{56D73DEB-F2B7-4298-A83F-2A42F68C2201}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{56FFA69A-74BD-47F9-9EFB-C9E88E0FF6E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe | 
"{574C6FE3-ADE4-4C8A-894C-C06A72D527C8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{578996B7-2E21-4903-B77D-04F988EB69D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{580D49F0-BEFD-4061-B532-EF680EA7E70B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe | 
"{58E93723-128A-4BC7-AF47-2C2AA67A4057}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\counter-strike source\hl2.exe | 
"{59D02ECF-3A2C-4E74-8E15-23666D334D98}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5B471FB4-9743-41C0-80CD-57553D1CEB4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe | 
"{5C062342-8F88-45E8-9B02-95A7A4F96C7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{5DBD3DEB-73A8-4BEE-8620-032E6B5F9125}" = protocol=17 | dir=in | app=c:\games\battlefield bad company 2\bfbc2updater.exe | 
"{5E4ACCA6-4FB7-425F-AA27-911FC2F4BAA8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe | 
"{5F73ABD9-4C8F-4DA5-9435-1EF5B043E5B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monkey2\monkey2.exe | 
"{5F77859D-447C-4A4A-B04F-C1B75BC9F5E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe | 
"{5FC09648-5561-45C0-9717-B5C294F10715}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe | 
"{5FCB1AD8-9F78-4841-8C36-203FA42BC8AD}" = protocol=17 | dir=in | app=c:\games\hoi\hoi3game.exe | 
"{601DF185-1717-4BE6-B302-D0D4EB8559DF}" = protocol=17 | dir=in | app=c:\games\world in conflict\wic.exe | 
"{60D20E82-2058-47C1-87B7-5B2A4CA9A443}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe | 
"{6157126F-77AF-4E8A-B5BE-3DBECDE3E5ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{61698404-968E-4280-A6F0-A475A76122A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wolves 2\star wolves 2.exe | 
"{61A70190-2368-4EE0-ACA4-9779604BDBD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{63C2DD03-2A2B-4E82-AF54-404ED0E34058}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{65277AC3-6041-4BBC-B29B-6E4EB3950922}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kane and lynch dead men\launcher.exe | 
"{65C4A3A0-ADD8-4369-A52E-31EFB80CB738}" = protocol=17 | dir=in | app=c:\games\civ iv\beyond the sword\civ4beyondsword_pitboss.exe | 
"{664FC18A-18E5-49C1-A21D-8BB259102E6C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe | 
"{66641E2E-C820-4B92-9B23-816A0EB759A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra\system\redorchestra.exe | 
"{671C21EA-838B-481F-BDF8-2C18E5C81FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{68096149-F568-4E86-909E-24035D2868F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{68CC1473-A5FC-4136-83DC-0D6601B0BE57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wolves 3 civil war\sw3cw.exe | 
"{68D61257-7AC0-4633-AA3E-B364C4732892}" = protocol=6 | dir=in | app=c:\games\civ iv\civilization4.exe | 
"{693B691D-3C9E-445C-92CE-F113A6E87A00}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{6A01FB26-0BF8-45A0-98FF-98CFE587CA97}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra\system\redorchestra.exe | 
"{6A073AFD-94D2-4C4B-A366-F6E8D6EA8263}" = protocol=6 | dir=in | app=c:\games\pro evolution soccer 2010\pes2010.exe | 
"{6A7B9B48-636F-449D-8F5C-2A3994F4396E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6A7E09C3-3B3A-41D8-8304-B521A77F12B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | 
"{6AE21749-9215-44F5-9326-3AB8C83BD3A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{6B046D54-FA58-4CF6-B3EB-6DEB219A9503}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe | 
"{6B06B97D-DE60-4F44-8FD3-012C7C6B0A8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe | 
"{6B8B67B5-F249-4CD8-9943-83F2B998AF9A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6C31CD4B-5C19-4830-B2B1-EE6935243E9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm | 
"{6D0A1076-4B7E-4438-A1F1-856F231CBA5C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{6D54CB9D-BEA3-4264-84F2-611B02456009}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{6ECE1F93-2A29-4484-B41A-6782ED8C44EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe | 
"{6F795C19-CACF-4F0C-B66B-4A6594CEF5C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe | 
"{6F88469D-1CFD-45FF-B0C6-DB09644F8488}" = protocol=6 | dir=in | app=c:\games\civ iv\col\colonization.exe | 
"{6F9F1112-6525-4FB0-B75A-C5335439D1E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6FF8D4E6-C0B4-4171-905D-CB435320F959}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{700E7E34-A48D-43B1-B339-7A79768D3561}" = protocol=6 | dir=in | app=c:\games\battlefield bad company 2\bfbc2updater.exe | 
"{70A38FB7-FCA1-490D-8B25-C775F46D9DED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe | 
"{712EFB8E-1E09-4005-B419-69960F2679D3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{71B4BEE7-AF21-4A5F-8694-F46362EBF2A6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{7206DA73-8965-4C06-BB73-793836499DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{72356717-CBAB-4527-B822-14CDBD1DE68C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{725C1594-1434-4522-B348-711228A42FC9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{7262EF2A-A7F3-4969-B38C-DDF3A0FF2698}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7320AD69-62D1-4F08-9692-FE27625039DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monkey2\monkey2.exe | 
"{733AA8B9-693D-408D-AAB6-B9D337D56B77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe | 
"{73D44E5F-B096-4437-AAFD-F90E3D022341}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 2\tropico2.exe | 
"{75D786C1-7C72-4744-A221-5AF6D2581C24}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{76D12A0F-396C-4A69-A7DB-7BB62451CC1F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{772A3C88-35C7-48A5-A9BE-2B8CA97CFBFB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{77A61252-A88D-4656-9D50-6EF7205857F2}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{789F3C1F-9849-4E06-B773-193B11D15B36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{78C5A61F-A8DE-401B-AA31-49CA3DE6CE94}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{78D3BD91-D245-4E35-91D1-EB4E5E27DD9A}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{792EE1ED-BF68-4494-BE02-45362EACDE36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe | 
"{7A44AB00-9AA7-4AEB-82E1-EB675F19D2B3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{7B2EFF48-BBF5-4BEF-B072-CC8CE03A50A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | 
"{7B53D74F-EDE5-421F-B366-0B0E2C09C636}" = protocol=17 | dir=in | app=c:\games\coh\relicdownloader\relicdownloader.exe | 
"{7BC495D6-E17C-4908-AEE7-6C4EE59A3ECE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{7C088567-1176-42CC-94BF-BF8CD6563EC5}" = protocol=6 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe | 
"{7C9E4705-3A76-47F6-9327-DA4818F1FC67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7D77ACDB-6AD1-42F1-A62C-C117A3E884BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{7E3C0E99-0B42-4FA2-94B7-C298C68AD1EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7E91FEA5-DF29-48BF-B62D-5EE0EB12454A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7F4A402C-F986-459E-87EA-76AF19B872BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{7FCF39F0-C3F1-454E-B511-D5A4A2D87850}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80A17043-7331-4326-BE4D-D3A9DBEF22DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iii - complete\eu3game.exe | 
"{811F6E9F-0653-4F53-88CF-E12CA64BD19A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{81990403-1F31-46C8-9055-FF8764012F20}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{81BF6D4D-023D-4162-8129-1600FC9DA60E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{82834130-97B2-43CB-B8EE-BFFBC2CF4B67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{82E93696-5C36-451B-AE3A-AF442E6BE340}" = protocol=6 | dir=in | app=c:\games\age\empires2.exe | 
"{83A2CB9A-517D-4555-B603-3FEFB0A9DEBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | 
"{83F2AADD-E467-44A7-954B-AD14D9054F0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{841B8501-73D1-4C81-AAFF-40E9A502E778}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm | 
"{857C5F4A-70A3-4863-85B1-E57B47E0389C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{85CE7A18-E497-4333-B20E-40C29BEA280E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8623852E-05E2-44AF-9778-7510E4E41C6A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\help.htm | 
"{86A47FA6-9504-49B3-97AE-463C5C0218A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm | 
"{8738EE04-D5D3-4F35-8F38-FD9FAC3A4DF7}" = protocol=17 | dir=in | app=c:\games\supcom\gpgnet\gpg.multiplayer.client.exe | 
"{876A09EC-0A5C-47D1-9DA1-009385A7E780}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{897DC9BE-20B1-484B-A1D6-86763E1CD63A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe | 
"{89B3EB1F-FB6E-4DA9-8681-C7B43DF516CD}" = protocol=17 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe | 
"{89D08497-E637-46E5-8D1E-2D6FF7AE6E49}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra\system\redorchestra.exe | 
"{8A4DD8D4-14EF-4837-BB1C-D070D17096C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{8AF15F61-AE3B-4211-8B47-F04C84332034}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{8B6D0CBE-F6A9-4E03-AFD0-EC15C466721F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe | 
"{8B94261A-3D3C-47B4-BAA1-BBC9F990C7C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite\sniperelite.exe | 
"{8BA4F6D0-78DA-4E93-BB99-3D8452536183}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8C17E585-5168-4AD6-BB90-B21126B82AA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8C7FF7F8-A7C3-4FCD-B374-3EFDB6361662}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wolves 2\star wolves 2.exe | 
"{8D9F5720-170D-4B06-A765-0B06BF414DB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe | 
"{8ED3FA6D-D74A-4995-BB67-9B8141C1BA3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8FACCE9E-E2C1-4364-8E8E-75853EC7B78D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{8FB6E908-6C9F-4244-B1FC-DC19BD33A859}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8FFF940D-DC22-4FC0-811A-B807AA0191E8}" = protocol=17 | dir=in | app=c:\games\civ iv\warlords\civ4warlords.exe | 
"{91846275-94CD-44D7-B23A-4A0424CC76B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm | 
"{91886DB5-CA18-4D01-AF04-FE64B53E62AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow.exe | 
"{91961A6C-E8A5-4B26-9B70-3B591BA5D183}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wolves 3 civil war\sw3cw.exe | 
"{91D3A56D-5CFA-49C2-ABBD-B2645AE7D5AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{920584D2-F6C3-414F-9EB1-201A6465E8F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{926570CD-9653-42D9-8D10-B3F5945E6CDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{93349A9F-21DA-4B52-90E5-C93B07BC241E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{935F08F1-9949-45F4-BC1F-5DEB3CD1C12A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe | 
"{93AB787C-64CF-4DEA-80AF-2BE7CCB2E3F9}" = protocol=17 | dir=in | app=c:\games\pro evolution soccer 2010\pes2010.exe | 
"{94F8C5F8-1EAB-4471-A306-E2B711BE9AC2}" = protocol=17 | dir=in | app=c:\games\age\empires2.exe | 
"{959B72E7-7DCB-4BB1-BF26-7AE15866935D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico\tropico.exe | 
"{96CBD5B1-F67A-4FAF-BFE5-5C459ACE926D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{96CDE882-159C-42B1-8E4C-3CC3CB7B2648}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe | 
"{9754A5BC-1BFA-4C40-AB4E-66E11951D8FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow.exe | 
"{97B6132E-03DA-45ED-B5F8-7E174E392C51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{97E25D2A-9701-488B-8313-28DD93856530}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\day of defeat source\hl2.exe | 
"{98A9CEDF-DBB5-43CF-8D76-85FDA77259B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9A5BA415-1192-4E8B-92BF-DDD64FAAAE61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{9A9EEA64-BFE2-4895-918C-C9C610A378BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{9B64B2F3-4664-4D0F-9FE2-1A090CB07AEE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{9BD6A190-16F9-4F14-8D1D-974031924947}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of juarez - bound in blood\cojbibgame_x86.exe | 
"{9C2CA667-17E0-459D-AE85-C1532040E12C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9C8B276F-68C1-452F-ABF1-1A993820AA0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9D11C065-FD8D-4D2A-821F-5E7DB34914D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe | 
"{A1621613-88E9-443D-983D-FDD05662744E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A179B86A-6763-4AB9-8205-A1508AF24556}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{A1915779-C3AB-40EC-A444-BB9DCBB9CA8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | 
"{A1D3EF47-53F2-4B04-8FC1-C3E836785336}" = protocol=6 | dir=in | app=c:\games\world in conflict\wic.exe | 
"{A1DCE1C1-61ED-4C64-B9D3-4A3AEA7AC501}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm | 
"{A1FC65DE-FF06-41A9-A21F-E6AA3AEBF466}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow_editor.exe | 
"{A2EC9DF3-04CD-470F-98F2-9575506DA63D}" = protocol=17 | dir=in | app=c:\games\supcom\supreme commander\bin\supremecommander.exe | 
"{A3A8BFBA-C27A-4FEF-84DB-9A15B4206C51}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{A4E8F68D-7299-4CF2-B739-FD71E3BCDE71}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A52A58B2-F6B8-423C-92E3-ACF542E501A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\soldiers heroes of world war 2\soldiers.exe | 
"{A52FBAC9-3AAF-43ED-9B51-7FAB219BBD19}" = protocol=6 | dir=in | app=c:\games\world in conflict\wic_ds.exe | 
"{A5D2EF84-7B24-484C-B374-AAF6AC935DD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | 
"{A6770442-C6B2-4D27-8AE5-14939ECE6393}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A690A133-C9C3-425F-A7EE-F01538A3F1FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{A71CD6B6-B808-4F3B-973D-CB1A0BAA3EC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{A743978A-86F2-4122-8A56-EE5937C62D57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A7555F42-8425-440D-AECB-9AE25769071C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{A7F2AF8F-2739-4650-B269-2865BBF360C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AA16A4BB-AE4D-4DCD-A631-2A0C6052A9D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{AB7A8148-4014-4AA1-8D63-825DE5557411}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe | 
"{AC466BF2-1B0D-4929-B2C4-5C4F96B57036}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe | 
"{AC5F40EF-5D24-4987-90F2-75C2F3392200}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{ACB31BBC-DAD7-445F-8A72-91A88EA799E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{AD3C8FF8-A46F-49B0-9A56-CB9C9F8DD15D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{AE497BAE-9A10-452E-B721-F5E610A4F3B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{AF18D2FD-8975-4BE2-B4D6-8FA6AED91579}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AFD90950-2490-472F-BDCC-D1DB1773D1DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{B0D5C45F-6240-4F39-95DB-0614F3419B98}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{B171D10E-D2ED-482A-A706-585B1AA156C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\counter-strike source\hl2.exe | 
"{B1CCD45B-6D85-439A-9EEE-3ABAB6DC380F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B24D217F-0835-4A09-ACEB-8AECC112FE70}" = protocol=6 | dir=in | app=c:\games\coh\reliccoh.exe | 
"{B3080B0D-4A0E-4DF6-8F0E-339EA87E2ACF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3251CC4-F4A6-4541-BFB1-C07DE0BEB7CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iii - complete\eu3game.exe | 
"{B47B14AC-1D6E-483A-8A7D-E402ED86A8F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{B51236AD-B92A-40AE-AD5D-82530D7FD2C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B5D3990D-9BF0-478A-9313-2AAF182B09E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iii - complete\eu3game.exe | 
"{B65A04B6-D91E-41D9-AA33-E825DDF3EA78}" = protocol=17 | dir=in | app=c:\games\world in conflict\wic_ds.exe | 
"{B67E47F9-2316-43D5-9DA6-603B9E85D26D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite\sniperelite.exe | 
"{B6D7E706-6454-495C-9725-7359B792A6CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{B7BAA2CC-B59C-4CFB-9EF7-45F7B5E47A34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B90EBD11-AF41-4876-A3E9-7C7F59D5D162}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{BA69C81A-A901-4CE2-B6B8-2916D2BC8E74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe | 
"{BAF070C9-9C2D-40A2-8D6F-B0161BC441CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{BB365F08-610B-4292-8B05-4F54C3B0C616}" = protocol=6 | dir=in | app=c:\games\world in conflict\wic_online.exe | 
"{BB3AA53A-AFD2-4AD4-A6E0-A0358D01AB52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war red tide\redtide.exe | 
"{BB8060C7-FF9F-458C-8203-E3E4F31A0984}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BE4A1F25-BAFE-4EF8-90CA-E4E8F0281D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{BE9A8B91-EC2A-42AA-BADD-449D90FDD0A4}" = protocol=6 | dir=in | app=c:\games\coh\relicdownloader\relicdownloader.exe | 
"{C0D62F96-24BE-4713-907E-5B335A15488F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{C18EFF66-E5B4-4250-A9DA-ABB88AB3398E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war red tide\redtide.exe | 
"{C1EF3414-D27C-45E6-B138-4F3427F6B1F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wolves\starwolves.exe | 
"{C2BB7B86-CBCC-45F4-99EB-96FB4C5BD72D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{C3AE429D-DCF3-42EF-8535-3B580449372A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{C3B4A516-7CB6-46B5-90BE-8082C5A7CD4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C446EA5A-928E-484C-89A6-BD2115C92D29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | 
"{C722E187-DA8C-4843-B0F8-430B6CD76512}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{C754A93B-90E4-45A0-828F-95A9F0EF46B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{C89D80F7-AB1C-4028-952E-BD43C9884B7A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{C91E4E5A-A263-4D10-8957-990DEA040806}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CA3BB598-43E0-4A51-ADB3-7950BD45334A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite\sniperelite.exe | 
"{CA6BB3DC-8425-4BE0-9F44-1AA38C2E2702}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe | 
"{CAB498BB-C25B-4964-A2D6-038AE079CB4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CB699065-9C3B-43C4-9D12-3C56ED588293}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{CC089094-CB49-4442-B499-9F98A737A659}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hearts of iron 3\hoi3.exe | 
"{CC45793D-7E58-4F85-B648-76E47A2375DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wolves 3 civil war\sw3cw.exe | 
"{CC819B62-6756-4F02-ADDC-1D492EDB272C}" = protocol=17 | dir=in | app=c:\games\world in conflict\wic_online.exe | 
"{CC9AA02D-C67F-4E77-BC5A-C04CEE2DE1ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{CCD68046-156B-4C07-8CA5-A590BCBED054}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wolves 2\star wolves 2.exe | 
"{CD1BF47A-FF5B-4D23-9499-BC1C47474001}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe | 
"{CD65AEBD-133C-4385-94F4-7E1AF146439C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe | 
"{CE3D5C7B-2F7D-478E-85BD-CF58A58C5E76}" = protocol=6 | dir=out | app=system | 
"{CE4DCA9C-DE3A-4F80-81AF-BAEA8B9B07C3}" = protocol=6 | dir=in | app=c:\games\supcom\gpgnet\gpg.multiplayer.client.exe | 
"{CE709C7A-F0C4-40D9-A432-5A3FB4C839CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\galactic civilizations ii - ultimate edition\twilight\gc2twilightofthearnor.exe | 
"{CE86BA21-6BE7-49E6-8078-E660599FD850}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{CEA5835C-744D-4D04-9E61-59964219AE93}" = protocol=17 | dir=in | app=c:\games\civ iv\beyond the sword\civ4beyondsword.exe | 
"{CEF173E9-0A7F-4607-B8C5-85DDD075A3C2}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{CF43723D-94F6-48BB-B494-4CBD7FA3C42B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{CF684435-48AA-47B0-A59A-8753A2206893}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{D1169D4A-8835-42CB-863E-ADF0811DCF7B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D22D25D8-D0F1-4914-9C8F-27A84AA1A9FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe | 
"{D24013B6-A581-4D1A-9827-461383C09946}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{D275BBE6-6D0B-432D-852A-BCC1944CDA4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite\sniperelite.exe | 
"{D3383E14-DF7D-487A-A55E-25E2644B5488}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{D3E46476-59D7-48CE-8ABB-D611388F2891}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe | 
"{D3FFA52B-8DF4-4CE1-A622-F406589776C4}" = protocol=17 | dir=in | app=c:\games\coh\reliccoh.exe | 
"{D4289C51-73DD-44AE-891C-CBFE45E6DFDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow_editor.exe | 
"{D4615E77-75A3-4C9A-B49E-75BC3E8FCC84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{D521C84A-6991-4A58-8BBD-6B206C033B58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D57E15E9-4BF5-42AC-8EB7-78C4FBB6B44C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{D6F82A19-8055-48B4-AD61-9FF180DF4F7E}" = protocol=6 | dir=in | app=c:\games\civ iv\warlords\civ4warlords_pitboss.exe | 
"{D8A6C1D1-8BEB-43BD-AEFA-E2AD4C3BE7E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D8D3EB23-DAFE-48D3-8469-D2F7D1A7F76E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe | 
"{D908F889-0DC0-48B8-97D8-A24DA50CB232}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war\mow_editor.exe | 
"{DAB9214F-9405-4F01-8452-339B654EF6A6}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{DAC2B128-4685-48FB-8472-4B4399701C1C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{DAFB7111-8634-4EF1-9728-4C0741991AFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{DB2D03CA-38BF-4F76-9FBD-F82029F7584E}" = protocol=17 | dir=in | app=c:\games\civ iv\col\colonization.exe | 
"{DBE20F55-3030-406C-A19D-44A52E46F10E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{DC9D4BD3-2951-432A-AD6C-587D814E73F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{DD9B6715-BE64-440C-8D74-59E070DA8D88}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{DF3A3169-B930-40EA-B734-2B4E34EB3B2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe | 
"{DF6DA36F-78C9-405D-88C0-0537C5133646}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monkey2\monkey2.exe | 
"{E07E3A20-FE96-48E6-8C25-67383C1DBA6D}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | 
"{E0814050-FACA-4604-9313-EA5D5534DE1D}" = protocol=6 | dir=in | app=c:\games\civ iv\beyond the sword\civ4beyondsword_pitboss.exe | 
"{E0ED02E8-1A84-4C6F-B018-CD64F43177E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{E116DB45-2C98-4B06-A8D1-A72246910321}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E1BE8F91-7514-4D66-820D-2F527C7AE557}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E1D1C416-3AE2-4C3F-9D87-5B05A1CE4170}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{E2056F24-BFBD-4DFB-A768-A9C5350FBC6F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | 
"{E245311A-D0F3-4BA1-9F0F-C702543E86C0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E2CCEE81-3870-4375-AFD6-F8D0BEB4BC31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe | 
"{E3CA1897-977D-4632-A042-2AC886B47CF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E4B33FC4-53DE-4F8C-B167-6FDBCEC323B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E4EFD14D-26A5-4C37-883D-F66ED3856DDE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E552C7BE-0219-4D48-92FD-79E34A612791}" = protocol=17 | dir=in | app=c:\games\civ iv\civilization4.exe | 
"{E57D3647-1D14-4473-B415-51D99882AC99}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{E6879C9D-2697-4415-99D6-2887B673E873}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{E6942B43-34AA-40DD-AE58-DD891A9DDBAA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E76A3B4A-9AEA-4470-B9F3-098D6C50C634}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{E844A39A-8E6C-45F1-8154-1644022D84C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe | 
"{E856CFDA-E866-4BAC-A3A9-40CFC72EA5BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe | 
"{E8B199DA-D77C-48A4-86C8-134CEFAC7348}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E905B2D2-C7C4-4C1C-8BC8-1855BE4EB996}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E940F281-53E3-4EA3-84C6-985899824450}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iii - complete\eu3game.exe | 
"{EA93F3B8-BBE2-4C4A-A458-8D881FC57F4E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EB17882D-4CA7-4C56-90D1-BC6781EF6A9A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{EB52A19F-FE4E-4070-BD18-612175E5711D}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | 
"{EBD993BC-2466-4B5B-A715-6ED7C439DE00}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{EC264824-5D56-4201-BB6B-0247E8A78EBC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F0B82FB4-040A-4636-A7A4-F14EE13ABF53}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe | 
"{F2E162A8-988D-4D35-A2AF-364B20369B16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F343DD8F-FA66-4F15-86B4-3CB93C0E26B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe | 
"{F3F31D42-EF37-4BFC-9A3D-A3CAB75B36C0}" = protocol=6 | dir=in | app=c:\games\hoi\hoi3game.exe | 
"{F411E42D-F96B-40DF-B59F-625341930EB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war red tide\redtide.exe | 
"{F454B6CE-8A27-4C88-ABF5-79EA4A73DA51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F5022979-2E58-4691-B9B5-1AF9A92498CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{F534138F-C31E-4CA4-91EE-4B85CEFD808C}" = protocol=6 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe | 
"{F535D9D1-9B0A-4C9E-9BA6-D7EFBDAC892F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hearts of iron 3\hoi3.exe | 
"{F63EC975-C1B5-45CD-A112-31A7E35282EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{F653A36A-62B4-4CD2-84B7-33497C6C2961}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{F717CAA3-0C84-4FCB-A602-840B0785337F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{F7EF17C6-3C70-4E61-B2DD-016501783EFA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F846409F-B5DF-4750-BD82-212F83965A7C}" = protocol=6 | dir=in | app=c:\games\supcom\supreme commander\bin\supremecommander.exe | 
"{F8690C76-3DC0-40FD-925F-BC2BB39C90E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | 
"{FA342F6E-8A4B-4F96-8EA3-768117FCD7A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | 
"{FACDDEC2-9EE3-4FCA-8625-55ECB011E7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | 
"{FC06F181-946F-442D-A5F6-AE16D776728E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{FC580C74-451B-4899-8F86-1C8BDD726FE0}" = protocol=6 | dir=in | app=c:\games\civ iv\beyond the sword\civ4beyondsword.exe | 
"{FCA1F1CF-66B2-4417-8740-7A1BB66C74B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD0623D7-B1B6-4205-B1D0-25BA26106393}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wolves 3 civil war\sw3cw.exe | 
"{FE96FF50-23CF-4439-974C-4DDD0DA0E92A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FF370A8A-2B5F-4DAA-80D2-234F2A250A6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{032CC7F9-2E82-4CAD-8FCC-84721EA0A4C7}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"TCP Query User{04ABDA06-A9B1-4349-90E6-DF9BD59351A3}C:\games\coh\reliccoh.exe" = protocol=6 | dir=in | app=c:\games\coh\reliccoh.exe | 
"TCP Query User{04C1E95A-7C9A-49B6-9402-D7809FD3BA40}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{072A6F87-A25F-424D-B2BF-DF0C2225D85C}C:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3.exe | 
"TCP Query User{0C08956E-7DD4-4DA9-8826-52803866FE07}C:\program files (x86)\steam\steamapps\gerd2106\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\day of defeat source\hl2.exe | 
"TCP Query User{0D5D0704-B722-4E7E-9F0E-EFF02C9904E1}C:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3ng.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3ng.exe | 
"TCP Query User{193498DF-96A4-4E5A-A5D4-022253DBAE13}C:\games\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\games\der herr der ringe online\lotroclient.exe | 
"TCP Query User{19D1F5C1-179A-49ED-BBC9-B5709A19B432}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{1A487C49-128C-4DE5-A08C-7449391024E5}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{2BA7122B-EDD4-4F4E-A47E-1A251C6D734E}C:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3ng.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3ng.exe | 
"TCP Query User{2E43490A-2444-4643-BBDD-01AB021E992D}C:\program files (x86)\steam\steamapps\gerd2106\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\team fortress 2\hl2.exe | 
"TCP Query User{2F8B92CD-CA1A-4F81-911A-4C38D9A5CF0B}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{373C8A31-FA84-4572-BBDD-857C43B5CA92}C:\users\schrottlaube\appdata\local\temp\ac84b0ddf16e4b1a825a9d3e226c4933\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\schrottlaube\appdata\local\temp\ac84b0ddf16e4b1a825a9d3e226c4933\relicdownloader.exe | 
"TCP Query User{3936F24E-C096-4A32-9EB9-6760129BBD5E}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{3995CEC2-62C7-45E5-9353-D4E270EACE37}C:\games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\games\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{3AD43E42-28F9-46C8-A7E5-AD2A1707FA67}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{46A2FCF0-E111-4BD9-9755-2B92EB4AFC51}C:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\fouc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\fouc.exe | 
"TCP Query User{51A836B2-5037-47D3-8819-4A6E32A6100A}C:\games\heroes of might and magic v\heroes of might and magic v\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\games\heroes of might and magic v\heroes of might and magic v\bin\h5_game.exe | 
"TCP Query User{592FCFCB-C1DA-4C4E-9239-C4545BF3A1A9}C:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe | 
"TCP Query User{5F8D6352-733D-46F8-B76C-57DBE74877D6}C:\games\hoi\hoi3game.exe" = protocol=6 | dir=in | app=c:\games\hoi\hoi3game.exe | 
"TCP Query User{6225BC5A-726A-47D2-B243-C07ACD15747E}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | 
"TCP Query User{62CBBA8E-9AAF-4056-9B1F-8195E9B1EDB7}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{65A42D46-0C59-4E9E-BFB3-B2A2BEFDE5DA}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{70DC0C61-5C18-4520-AA65-E6CC9A99D5B8}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{7C8B5D33-CFCC-4113-9036-770637612855}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{7D99DE25-C570-4AAE-B3F5-7D7B8FA3D7CF}C:\games\age\empires2.exe" = protocol=6 | dir=in | app=c:\games\age\empires2.exe | 
"TCP Query User{8D24D3B9-5346-44F7-ADC3-042873C87075}C:\program files (x86)\teamspeak2_rc2\server_windows.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak2_rc2\server_windows.exe | 
"TCP Query User{96B487B6-7260-4419-BE08-30FE8BA1E087}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{9A71FD00-B142-4DB4-AD7D-87628003933F}C:\program files (x86)\steam\steamapps\gerd2106\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\team fortress 2\hl2.exe | 
"TCP Query User{A649C0D8-E40A-4E2A-9656-B77C52DD1FB7}C:\games\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\games\der herr der ringe online\lotroclient.exe | 
"TCP Query User{A7ACF48D-A17C-4C28-AA21-76E351508906}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe | 
"TCP Query User{AA5CB370-2EA9-480A-9E3B-35B7DE491B44}C:\games\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\games\six updater\tools\bin\rsync.exe | 
"TCP Query User{B166C5E2-4C45-44FC-968E-9FDB0C54BA90}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{B2AC2145-7028-4B36-940E-699A9326A32E}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{BBC70759-5C08-4BFB-A984-1CA35F36EEC3}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{C4CE2A5F-FA21-491A-94E3-DACB97F2CB8A}C:\program files (x86)\steam\steamapps\gerd2106\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\counter-strike source\hl2.exe | 
"TCP Query User{D108FC80-2E85-4CD3-9CF2-E21BE3E43B97}C:\games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\games\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{D5FC2ADD-1D15-4976-B3D9-CA757F89ABFA}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe | 
"TCP Query User{D661BEDA-4B74-4E04-B2D1-FC426D4B7482}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{DF711BDC-C896-4F67-AD69-4628DB4E1008}C:\program files (x86)\steam\steamapps\gerd2106\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\insurgency\hl2.exe | 
"TCP Query User{E77F1A38-180C-47B8-B7A9-DCD621E224EC}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{E9AB1E7A-075B-4214-A9C8-2982DEE4C227}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{EDBD9719-EE08-4C6D-B603-ED20CE55ABE3}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe | 
"TCP Query User{F065D980-7A3D-4B6F-9E3B-2D1EB64586D2}C:\games\age\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\games\age\age2_x1\age2_x1.exe | 
"TCP Query User{F2E56CCA-B487-4CE7-9E58-D75C3FECBDD0}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{F37EF2E9-834E-4D0D-BB21-15687C7F60B6}C:\games\world in conflict\wic.exe" = protocol=6 | dir=in | app=c:\games\world in conflict\wic.exe | 
"TCP Query User{F531303E-036D-4F5C-8BFD-E8116E3ECDB1}C:\program files (x86)\teamspeak2_rc2\server_windows.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak2_rc2\server_windows.exe | 
"TCP Query User{F6F94B80-8235-4C77-AA60-0109A1F1F7EA}C:\games\cac gen\zero\game.dat" = protocol=6 | dir=in | app=c:\games\cac gen\zero\game.dat | 
"TCP Query User{F9AD77B5-A156-48BA-A42C-C140EF48EF67}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{FAD5012D-9D3B-4FCD-AE62-E6144AD4C896}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
"UDP Query User{016D8D86-7A9F-409C-B21D-E28E1C5BD1D6}C:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\fouc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\fouc.exe | 
"UDP Query User{0B139773-ABBC-4871-8B8E-8101D6419454}C:\games\coh\reliccoh.exe" = protocol=17 | dir=in | app=c:\games\coh\reliccoh.exe | 
"UDP Query User{0C744CCF-3D21-49D6-B4DF-46BD20F6B59B}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{0CCE7DB5-E1C3-4530-9825-031752907BBE}C:\program files (x86)\steam\steamapps\gerd2106\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\day of defeat source\hl2.exe | 
"UDP Query User{11776CDB-99C2-4AA3-B64D-F081AD9D7B27}C:\program files (x86)\steam\steamapps\gerd2106\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\team fortress 2\hl2.exe | 
"UDP Query User{1EF775D4-2CAF-4EF0-9AAE-19D238774581}C:\games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\games\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{313FCB12-C1EC-4291-B0E5-EAC7768628BC}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{371C49B1-27B6-4AD0-B5E9-451006710C28}C:\games\world in conflict\wic.exe" = protocol=17 | dir=in | app=c:\games\world in conflict\wic.exe | 
"UDP Query User{37301F32-39F7-4333-B834-066C27A3B011}C:\program files (x86)\teamspeak2_rc2\server_windows.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak2_rc2\server_windows.exe | 
"UDP Query User{3A7CE4B7-D2AE-440E-A7A4-D7C8E7295ED5}C:\games\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\games\der herr der ringe online\lotroclient.exe | 
"UDP Query User{3EAEA7D6-1B67-43C4-A759-D44D6A07A7A3}C:\games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\games\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{42A1912A-6504-42F3-AE4A-C33E83A3E082}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | 
"UDP Query User{49C867B8-0FDC-421C-B19C-8865AEDB34F0}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{4E5F9F01-8FEB-484B-9D0F-A77F7E7E0BC8}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{4F3627A7-33DB-462E-9FBB-E359569425DC}C:\program files (x86)\steam\steamapps\gerd2106\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\counter-strike source\hl2.exe | 
"UDP Query User{52E3A61B-36D4-469A-95FF-EF4EAE7E3C69}C:\games\age\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\games\age\age2_x1\age2_x1.exe | 
"UDP Query User{558333F3-7CCF-4FF1-87FE-25710ED6FB15}C:\program files (x86)\steam\steamapps\gerd2106\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\team fortress 2\hl2.exe | 
"UDP Query User{558932A4-E9B4-40C6-A9F5-942DBBC6A915}C:\games\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\games\six updater\tools\bin\rsync.exe | 
"UDP Query User{5C9A4A62-A097-496C-91FB-0773F3AF9212}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{5F7D17BD-C2E3-4D8D-B7F7-A722D2AFD53D}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{618C29A1-F695-4E6D-9066-BD1FFC14D020}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{62DA99F1-B4DB-46F7-898A-142649FD761C}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{631F30F4-9D5F-4F9C-8489-3137FFE97D39}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{680C5687-8EDB-4E8B-A561-A7516EB4E07B}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe | 
"UDP Query User{6BCFB11E-A3B9-41E3-B42C-4F1FB74F1578}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe | 
"UDP Query User{6C69D279-7ACA-4E33-B281-BCF0305C8C08}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{6E678C6F-910F-42A0-B292-65B24C4AC786}C:\games\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\games\der herr der ringe online\lotroclient.exe | 
"UDP Query User{6F5D4A52-E11D-44CE-8909-2B25ED0095B5}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{7C704F3C-0BF5-400A-A4A0-AF794A91CACB}C:\games\cac gen\zero\game.dat" = protocol=17 | dir=in | app=c:\games\cac gen\zero\game.dat | 
"UDP Query User{81F27FCE-01C0-4E10-A488-BC92A519094F}C:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kane and lynch dead men\kaneandlynch.exe | 
"UDP Query User{8DB251DF-9AAE-437D-B744-58B2F482E659}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{9716FC50-D95A-4DAF-B76A-73041FC3CE5F}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{9D36B2C1-BA1F-4A4B-8508-1E09C934051F}C:\games\age\empires2.exe" = protocol=17 | dir=in | app=c:\games\age\empires2.exe | 
"UDP Query User{9E49587A-1C62-41AF-8021-6C7151B2299D}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{9FF6F66E-DE2C-4D20-857B-8FAB559CFB13}C:\users\schrottlaube\appdata\local\temp\ac84b0ddf16e4b1a825a9d3e226c4933\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\schrottlaube\appdata\local\temp\ac84b0ddf16e4b1a825a9d3e226c4933\relicdownloader.exe | 
"UDP Query User{A2EC9C93-7245-4553-97CC-AA6F8198DAFC}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{AC05E47A-261C-4C00-BF9E-D5A80EF3DAE9}C:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3.exe | 
"UDP Query User{AFB12902-3E75-46AC-83E8-8F7BAB901DFD}C:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3ng.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3ng.exe | 
"UDP Query User{B2ADDD7E-97FC-4BFC-B9A6-DAE3D3D3DF5B}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe | 
"UDP Query User{B5975A51-1684-433B-A9E1-455E6A466600}C:\program files (x86)\steam\steamapps\gerd2106\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gerd2106\insurgency\hl2.exe | 
"UDP Query User{BE4163AE-E0D0-4ACE-8756-C710CE119C62}C:\program files (x86)\teamspeak2_rc2\server_windows.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak2_rc2\server_windows.exe | 
"UDP Query User{BFB60B73-1279-4E91-A7BF-0259A8717258}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{CA09F086-05F5-4F8E-8A81-3FB877A3443D}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"UDP Query User{D4DD88BF-323D-4F8F-ABBC-24A6BD23B684}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{D5183449-3A08-4F74-8A9B-F8D456ED022C}C:\games\heroes of might and magic v\heroes of might and magic v\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\games\heroes of might and magic v\heroes of might and magic v\bin\h5_game.exe | 
"UDP Query User{E7DDD838-EAEF-4067-BA11-49376BF0246A}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{EC4790E8-BDFA-4D10-ABEB-E52C76DF06DB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{F0D26DEA-DE13-45D3-B1E1-D92BA46F0B98}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
"UDP Query User{FA9E6D01-0C04-4D64-BA9F-CBC8DFFEB1D0}C:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3ng.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3ng.exe | 
"UDP Query User{FFFB5E26-38AA-4E1F-A40C-23939EA3F1A7}C:\games\hoi\hoi3game.exe" = protocol=17 | dir=in | app=c:\games\hoi\hoi3game.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4449B83C-1257-4355-8F3E-71280E922B5F}" = Intel(R) Network Connections 14.7.31.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{899FCA36-ADAF-4612-8579-B37DDB0C092F}" = Saitek SD6 Programming Software 6.6.6.9
"{8FC854D3-EE18-425F-85D9-28E0A850FF2E}" = Saitek DirectOutput 6.2.2.4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"PROSetDX" = Intel(R) Network Connections 14.7.31.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FB0306C-11D8-35F2-9AC9-121FA753F9AD}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.5026)
"{0FB0306C-11D8-35F2-9AC9-121FA753F9AD}.vc_x64runtime_30729_5026" = Visual C++ 2008 x64 Runtime - v9.0.30729.5026
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45375017-B0F8-44EA-9D5B-2DCE7C84FFC2}" = SA21xx Device Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{894084B6-BC69-43B7-BF06-B93AECFEA520}" = GameSpy Comrade
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster für Battlefield Vietnam
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.5026)
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}.vc_x86runtime_30729_5026" = Visual C++ 2008 x86 Runtime - v9.0.30729.5026
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F989306B-9287-444F-AE73-E30C7E4AF0F5}" = Battlefield Vietnam: WW2 Mod
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"A2BAF Data cache removal" = ARMA 2: British Armed Forces - Data cache removal
"A2PMC Data cache removal" = ARMA 2: Private Military Company - Data cache removal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battle.net" = Battle.net
"Battlecraft Vietnam1.2" = Battlecraft Vietnam
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye" = BattlEye Uninstall
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"BFV Command and Control Server Manager - BFVCC2.14_B Beta" = BFV Command and Control Server Manager - BFVCC
"Birth of the Federation" = Birth of the Federation
"Byteswarm_LiveUpdate" = Byteswarm LiveUpdate 2.1.0.3
"Company of Heroes" = Company of Heroes
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diablo" = Diablo
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Drakensang_is1" = Drakensang
"DTS Connect Pack" = DTS Connect Pack
"ESN Sonar-0.70.4" = ESN Sonar
"FireWarriorA00" = FireWarrior
"GameSpy Arcade" = GameSpy Arcade
"Gaming Mouse" = Gaming Mouse
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Hattrick Organizer" = Hattrick Organizer (remove only)
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"MDT" = Battlefield Mod Development Toolkit 2.5
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RTPatch_is1" = RTPatch Update
"Sacred_is1" = Sacred
"Semper Fi_is1" = Semper Fi 2.04
"Sins of a Solar Empire" = Sins of a Solar Empire
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10500" = Empire: Total War
"Steam App 11480" = Soldiers: Heroes of World War II
"Steam App 1200" = Red Orchestra
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 1230" = Mare Nostrum
"Steam App 12360" = FlatOut: Ultimate Carnage
"Steam App 1280" = Darkest Hour
"Steam App 1290" = Darkest Hour Server
"Steam App 17390" = Spore
"Steam App 17460" = Mass Effect
"Steam App 17700" = Insurgency
"Steam App 202200" = Galactic Civilizations II: Ultimate Edition
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 20570" = WarhammerÂ® 40,000â„¢: Dawn of WarÂ® II â€“ Chaos Risingâ„¢
"Steam App 21980" = Call of Juarez: Bound in Blood
"Steam App 220" = Half-Life 2
"Steam App 22100" = Mount & Blade
"Steam App 22330" = The Elder Scrolls IV: Oblivion 
"Steam App 22370" = Fallout 3: Game of the Year Edition
"Steam App 22380" = Fallout: New Vegas
"Steam App 23490" = Tropico 3: Steam Special Edition
"Steam App 240" = Counter-Strike: Source
"Steam App 24740" = Burnout Paradise: The Ultimate Box
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 24860" = Battlefield 2
"Steam App 24980" = Mass Effect 2
"Steam App 25800" = Europa Universalis III
"Steam App 25890" = Hearts of Iron III
"Steam App 28000" = Kane & Lynch 2: Dog Days
"Steam App 300" = Day of Defeat: Source
"Steam App 3130" = Men of War: Red Tide
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 32460" = Monkey Island 2: Special Edition
"Steam App 33520" = Tropico
"Steam App 33530" = Tropico 2: Pirate Cove
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 34030" = Napoleon: Total War
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 3700" = Sniper Elite
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 40100" = Supreme Commander 2
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42910" = Magicka
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 46260" = Star Wolves 3: Civil War
"Steam App 46270" = Star Wolves
"Steam App 46280" = Star Wolves 2
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War Gold
"Steam App 4780" = Medieval II: Total War - Kingdoms
"Steam App 47890" = The Sims(TM) 3
"Steam App 48700" = Mount and Blade: Warband
"Steam App 48720" = Mount & Blade: With Fire and Sword
"Steam App 50130" = Mafia II
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 6060" = Star Wars - Battlefront II
"Steam App 630" = Alien Swarm
"Steam App 65700" = ARMA 2: British Armed Forces
"Steam App 65720" = ARMA 2: Private Military Company
"Steam App 7830" = Men of War
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 8080" = Kane & Lynch: Dead Men
"Steam App 8500" = EVE Online: Incursion
"Steam App 9900" = Star Trek Online
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"VLC media player" = VLC media player 1.1.10
"WheelMouse" = Advanced Wheel Mouse 6.0.0.002
"WinLiveSuite" = Windows Live Essentials
"X3Reunion_is1" = X3 Reunion v2.5
"X3TerranConflict_is1" = X3 Terran Conflict v3.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.10.2012 05:20:50 | Computer Name = PC-Schrottlaube | Source = Application Hang | ID = 1002
Description = Programm falloutNV.exe, Version 1.4.0.525 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 8b4    Startzeit: 
01cda9238fc3283b    Endzeit: 690    Anwendungspfad: c:\program files (x86)\steam\steamapps\common\fallout
 new vegas\falloutNV.exe    Berichts-ID:   
 
Error - 14.10.2012 08:15:16 | Computer Name = PC-Schrottlaube | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 14.10.2012 08:15:31 | Computer Name = PC-Schrottlaube | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Saitek\DirectOutput\SaiFlightSimX.exe.Manifest".  Die abhängige Assemblierung
 "Microsoft.FlightSimulator.SimConnect ,processorArchitecture="x86",publicKeyToken="67c7c14424d61b5b",type="win32",version="10.0.60905.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.10.2012 08:16:22 | Computer Name = PC-Schrottlaube | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 14.10.2012 08:20:12 | Computer Name = PC-Schrottlaube | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 21.10.2012 06:50:24 | Computer Name = PC-Schrottlaube | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 21.10.2012 06:50:39 | Computer Name = PC-Schrottlaube | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Saitek\DirectOutput\SaiFlightSimX.exe.Manifest".  Die abhängige Assemblierung
 "Microsoft.FlightSimulator.SimConnect ,processorArchitecture="x86",publicKeyToken="67c7c14424d61b5b",type="win32",version="10.0.60905.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.10.2012 06:51:30 | Computer Name = PC-Schrottlaube | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 22.10.2012 13:39:47 | Computer Name = PC-Schrottlaube | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.1.4666 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e20    Startzeit: 
01cdb07ba122042a    Endzeit: 125    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 734faf54-1c6f-11e2-89a9-001cc0fe1915  
 
Error - 22.10.2012 14:18:28 | Computer Name = PC-Schrottlaube | Source = Application Hang | ID = 1002
Description = Programm msinfo32.exe, Version 6.1.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 454    Startzeit: 01cdb080a43ecc65    Endzeit: 0    Anwendungspfad: C:\Windows\system32\msinfo32.exe

Berichts-ID:
 dd247902-1c74-11e2-89a9-001cc0fe1915  
 
[ System Events ]
Error - 22.10.2012 12:25:08 | Computer Name = PC-Schrottlaube | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 22.10.2012 12:25:08 | Computer Name = PC-Schrottlaube | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 22.10.2012 15:32:13 | Computer Name = PC-Schrottlaube | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 22.10.2012 15:32:13 | Computer Name = PC-Schrottlaube | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 22.10.2012 15:34:18 | Computer Name = PC-Schrottlaube | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 22.10.2012 15:34:18 | Computer Name = PC-Schrottlaube | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 23.10.2012 12:19:36 | Computer Name = PC-Schrottlaube | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 23.10.2012 12:19:36 | Computer Name = PC-Schrottlaube | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 23.10.2012 12:21:41 | Computer Name = PC-Schrottlaube | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 23.10.2012 12:21:41 | Computer Name = PC-Schrottlaube | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >

Gerd21 · 23.10.2012, 21:30

Hier meine instalierten Programme

Code:

ATTFilter

7-Zip 4.65 (x64 edition)	Igor Pavlov	11.04.2010	3,98MB	4.65.00.0
Adobe AIR	Adobe Systems Inc.	29.05.2010		1.5.3.9130
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	08.10.2012	6,00MB	11.4.402.287
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.10.2012	6,00MB	11.4.402.287
Adobe Reader XI - Deutsch	Adobe Systems Incorporated	21.10.2012	127MB	11.0.00
Advanced Wheel Mouse 6.0.0.002		17.09.2010		
Alien Swarm	Valve	04.08.2010		
Allgemeine Runtime Files (x86)	Sereby Corporation	15.10.2010	37,5MB	1.0.3.1
Amazon MP3-Downloader 1.0.9		26.02.2010		
ARMA 2	Bohemia Interactive	05.05.2011		
ARMA 2: British Armed Forces	Bohemia Interactive	06.05.2011		
ARMA 2: British Armed Forces - Data cache removal		27.06.2012		
ARMA 2: Operation Arrowhead	Bohemia Interactive	06.05.2011		
ARMA 2: Private Military Company	Bohemia Interactive	06.05.2011		
ARMA 2: Private Military Company - Data cache removal		27.06.2012		
Avira Free Antivirus	Avira	09.12.2011	109MB	12.0.0.870
Battle.net		23.06.2012		
Battlecraft Vietnam		01.03.2010		
Battlefield 2		20.12.2009		
Battlefield 3™	Electronic Arts	08.10.2012		1.4.0.0
Battlefield Heroes	EA Digital illusions	22.02.2010		
Battlefield Mod Development Toolkit 2.5		01.03.2010		
Battlefield Vietnam(TM)		01.03.2010		
Battlefield Vietnam: WW2 Mod		01.03.2010		
Battlefield: Bad Company™ 2	Electronic Arts	20.10.2010	5,73GB	1.0.0.0
Battlelog Web Plugins	EA Digital Illusions CE AB	08.10.2012		1.138.0
BattlEye for OA Uninstall		29.07.2012		
BattlEye Uninstall		02.07.2012		
BFV Command and Control Server Manager - BFVCC		01.03.2010		
Birth of the Federation		22.01.2012		
Burnout Paradise: The Ultimate Box	Criterion Games	30.05.2010		
Byteswarm LiveUpdate 2.1.0.3		01.03.2010		
Call of Duty 4: Modern Warfare	Infinity Ward	23.04.2010		
Call of Duty: Modern Warfare 2	Infinity Ward	08.04.2010		
Call of Duty: Modern Warfare 2 - Multiplayer	Infinity Ward	08.04.2010		
Call of Juarez: Bound in Blood	Ubisoft	14.10.2011		
CCleaner	Piriform	24.09.2012		3.23
Command & Conquer Generals	Electronic Arts	11.12.2009	1,51GB	0.50.0000
Command and Conquer(TM) Generäle Die Stunde Null	Electronic Arts	11.12.2009		1.00.0000
Company of Heroes	THQ Inc.	17.12.2009		2.601.0
Company of Heroes: Tales of Valor	Relic	30.12.2009		
Counter-Strike: Source	Valve	14.12.2009		
Creative Audio-Systemsteuerung	Creative Technology Limited	16.09.2010		3.00
Creative Software AutoUpdate	Creative Technology Limited	16.09.2010		1.40
Creative Sound Blaster Properties x64 Edition	Creative Technology Limited	16.09.2010		1.02
Darkest Hour	Darkest Hour Team	14.12.2009		
Darkest Hour Server		14.12.2009		
Dawn of War - Dark Crusade	THQ	11.12.2009		1.00.0000
Dawn of War - Soulstorm	THQ	11.12.2009		1.00.0000
Day of Defeat: Source	Valve	28.12.2009		
Der Herr der Ringe Online v03.02.04.8010	Codemasters	04.11.2010		03.02.04.8010
Diablo		23.06.2012		
DirectX 9.0c Extra Files (x86, x64)	Sereby Corporation	15.10.2010	224MB	1.10.06.0
Dolby Digital Live Pack	Creative Technology Limited	09.12.2009		
Drakensang	dtp	19.12.2009		
DTS Connect Pack		09.12.2009		
Empire: Total War	The Creative Assembly	08.02.2010		
ESN Sonar	ESN Social Software AB	05.06.2012		0.70.4
Europa Universalis III	Paradox Interactive	28.12.2010		
EVE Online: Incursion	CCP	16.05.2011		
Fallout 3 - The Garden of Eden Creation Kit	Bethesda Softworks	01.03.2010		1.00.0000
Fallout 3: Game of the Year Edition	Bethesda Softworks	28.02.2010		
Fallout Mod Manager 0.13.21	Q, Timeslip	11.10.2012	3,86MB	
Fallout: New Vegas	Bethesda Softworks	24.11.2011		
FireWarrior		20.11.2010		
FlatOut: Ultimate Carnage	BugBear	01.07.2010		
Futuremark SystemInfo	Futuremark Corporation	19.12.2009		3.20.1.2
Galactic Civilizations II: Ultimate Edition		14.07.2012		
GameSpy Arcade		30.12.2009		
GameSpy Comrade	GameSpy	20.12.2009	5,95MB	2.1.1.214
Gaming Mouse		17.09.2010		
GPGNet	Gas Powered Games	27.03.2010	27,5MB	1.0.0
Grand Theft Auto IV	Rockstar	27.12.2009		
Grand Theft Auto: Episodes from Liberty City	Rockstar	04.12.2010		
Half-Life 2	Valve	06.06.2010		
Half-Life 2: Episode One	Valve	06.06.2010		
Half-Life 2: Episode Two	Valve	06.06.2010		
Half-Life 2: Lost Coast	Valve	11.06.2010		
Hattrick Organizer (remove only)		20.12.2009		
Hearts of Iron III	Paradox Interactive	29.09.2012		
Heroes of Might and Magic V		04.08.2010		
Insurgency	Team Insurgency	15.12.2009		
Intel(R) Network Connections 14.7.31.0	Intel	02.12.2009	10,2MB	14.7.31.0
Java 7 Update 9	Oracle	21.10.2012	128MB	7.0.90
Java 7 Update 9 (64-bit)	Oracle	21.10.2012	127MB	7.0.90
Kane & Lynch 2: Dog Days	IO Interactive	12.03.2011		
Kane & Lynch: Dead Men	IO Interactive	12.03.2011		
Mafia II	2K Czech	12.03.2011		
Magicka	Arrowhead Game Studios AB	17.06.2012		
Malwarebytes Anti-Malware Version 1.65.1.1000	Malwarebytes Corporation	23.10.2012	19,4MB	1.65.1.1000
Maniac Mansion Deluxe		24.02.2010		
Mare Nostrum	Sandstorm Productions	14.12.2009		
Mass Effect	BioWare	02.01.2010		
Mass Effect 2	BioWare	30.01.2010		
Medieval II: Total War	The Creative Assembly	28.02.2010		
Medieval II: Total War - Kingdoms	The Creative Assembly	24.04.2010		
Men of War	Best Way	01.07.2010		
Men of War: Red Tide		01.07.2010		
Metro 2033	THQ	29.09.2012		
Microsoft .NET Framework 1.1		03.11.2010		
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	27.06.2010	38,8MB	4.0.30319
Microsoft Age of Empires II		15.01.2010		
Microsoft Age of Empires II: The Conquerors Expansion		15.01.2010		
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)	Microsoft Corporation	29.05.2012	10,3MB	3.5.30730.0
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	21.01.2012	31,3MB	3.5.92.0
Microsoft Games for Windows Marketplace	Microsoft Corporation	06.05.2011	6,03MB	3.5.50.0
Microsoft IntelliType Pro 8.2	Microsoft Corporation	13.10.2011		8.20.469.0
Microsoft Office File Validation Add-In	Microsoft Corporation	14.09.2011	7,95MB	14.0.5130.5003
Microsoft Office Professional Edition 2003	Microsoft Corporation	10.10.2012	1,39GB	11.0.8173.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	09.07.2011	1,69MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	24.01.2012	252KB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	300KB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	15.10.2010	620KB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	28.05.2012	788KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	29.05.2012	788KB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	18.12.2011	1,41MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	15.12.2009	596KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	25.03.2010	596KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	28.09.2011	13,7MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	15.10.2011	12,2MB	10.0.40219
Microsoft Xbox 360 Accessories 1.2	Microsoft	29.05.2010	7,82MB	1.20.146.0
Microsoft XNA Framework Redistributable 3.1	Microsoft Corporation	17.06.2012	7,55MB	3.1.10527.0
Monkey Island 2: Special Edition	LucasArts	19.10.2010		
MorphVOX Junior	Screaming Bee	09.09.2012	9,03MB	2.7.5
Mount & Blade	Paradox Interactive	04.07.2010		
Mount & Blade: With Fire and Sword		14.10.2011		
Mount and Blade: Warband	Taleworlds Entertainment	12.03.2011		
Mozilla Firefox 16.0.1 (x86 de)	Mozilla	21.10.2012	46,7MB	16.0.1
Mozilla Maintenance Service	Mozilla	21.10.2012	329KB	16.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	14.12.2009	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	14.12.2009	1,33MB	4.20.9876.0
MSXML 4.0 SP2 Parser and SDK	Microsoft Corporation	02.12.2009	1,22MB	4.20.9818.0
Napoleon: Total War	The Creative Assembly	06.05.2011		
NVIDIA 3D Vision Controller-Treiber 301.42	NVIDIA Corporation	22.05.2012		301.42
NVIDIA 3D Vision Treiber 301.42	NVIDIA Corporation	22.05.2012		301.42
NVIDIA Grafiktreiber 301.42	NVIDIA Corporation	22.05.2012		301.42
NVIDIA PhysX-Systemsoftware 9.12.0213	NVIDIA Corporation	22.05.2012		9.12.0213
NVIDIA Update 1.8.15	NVIDIA Corporation	22.05.2012		1.8.15
OpenAL		16.09.2010		
Origin	Electronic Arts, Inc.	09.03.2012		8.5.0.4554
Pando Media Booster	Pando Networks Inc.	04.11.2010	5,46MB	2.3.4.8
Portal	Valve	11.06.2010		
Pro Evolution Soccer 2010	KONAMI	01.06.2010	7,29GB	1.03.0000
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	19.12.2009		11.0.0.12
PunkBuster für Battlefield Vietnam		01.03.2010		
PunkBuster Services	Even Balance, Inc.	28.05.2012		0.992
Red Orchestra	Tripwire Interactive	14.12.2009		
Red Orchestra 2: Heroes of Stalingrad	Tripwire	28.05.2012		
Rome: Total War Gold	The Creative Assembly	30.12.2009		
RTPatch Update	PocketSoft	06.04.2012		
SA21xx Device Manager	Philips	18.03.2010		1.0
Sacred	Ascaron Entertainment GmbH	06.04.2012		
Saitek DirectOutput 6.2.2.4	Saitek	31.01.2010	1,30MB	6.2.2.4
Saitek SD6 Programming Software 6.6.6.9	Saitek	31.01.2010	40,2MB	6.6.6.9
Semper Fi 2.04	Paradox Interactive	02.04.2011	256MB	
Sid Meier's Civilization 4	Firaxis Games	11.12.2009		1.74
Sid Meier's Civilization 4 - Beyond the Sword	Firaxis Games	11.12.2009		3.01
Sid Meier's Civilization 4 - Warlords	Firaxis Games	11.12.2009		2.13
Sid Meier's Civilization IV Colonization	Firaxis Games	11.12.2009		1.00
SimCity 4 Deluxe	Maxis	15.10.2010		
Sins of a Solar Empire	Stardock Entertainment	12.12.2009		
Six Updater	Six Projects	26.07.2012	38,7MB	2.09.7016
Skype Click to Call	Skype Technologies S.A.	20.01.2012	13,3MB	5.6.8442
Skype™ 5.10	Skype Technologies S.A.	05.09.2012	19,4MB	5.10.116
Sniper Elite	Rebellion Developments	29.12.2009		
Soldiers: Heroes of World War II	Bestway	30.12.2009		
Sound Blaster X-Fi	Creative Technology Limited	14.12.2009		1.0
Spore	Maxis	25.12.2010		
Spybot - Search & Destroy	Safer Networking Limited	20.12.2009		1.6.2
Star Trek Online	Cryptic Studios	11.02.2012		
Star Wars - Battlefront II	Pandemic Studios	19.10.2010		
Star Wolves		01.07.2010		
Star Wolves 2		01.07.2010		
Star Wolves 3: Civil War	Elite Games Team	01.07.2010		
StarCraft II	Blizzard Entertainment	16.05.2012		1.4.3.21029
Steam	Valve Corporation	14.12.2009	1,49MB	1.0.0.0
Supreme Commander	Gas Powered Games	27.03.2010		1.00.0000
Supreme Commander - Forged Alliance	Gas Powered Games	28.03.2010		1.00.0000
Supreme Commander 2	Gas Powered Games	06.06.2010		
Team Fortress 2	Valve	11.06.2010		
TeamSpeak 2 RC2	Dominating Bytes Design	14.12.2009		2.0.32.60
TeamSpeak 2 Server RC2	TeamSpeak Systems	06.01.2010		2.0.23.19
TeamSpeak 3 Client	TeamSpeak Systems GmbH	31.07.2012		3.0.8.1
The Elder Scrolls IV: Oblivion	Bethesda Softworks	21.11.2011		
The Secret of Monkey Island: Special Edition	LucasArts	19.10.2010		
The Sims(TM) 3	Electronic Arts	05.05.2011		
Total War: SHOGUN 2	The Creative Assembly	17.12.2011		
Tropico	PopTop	16.05.2011		
Tropico 2: Pirate Cove	Frog City	16.05.2011		
Tropico 3: Steam Special Edition	Haemimont Games	30.01.2010		
VLC media player 1.1.10	VideoLAN	11.06.2011		1.1.10
Warhammer 40,000 Space Marine	Relic	24.04.2012		
Warhammer 40,000: Dawn Of War - Gold Edition	THQ	11.12.2009	2,62GB	1.51
Warhammer® 40,000®: Dawn of War® II – Retribution™	Relic	11.03.2011		
WarhammerÂ® 40,000â„¢: Dawn of WarÂ® II â€“ Chaos Risingâ„¢	Relic	30.04.2010		
Windows Live Essentials	Microsoft Corporation	09.07.2011		15.4.3538.0513
Windows Media Player Firefox Plugin	Microsoft Corp	31.12.2009	296KB	1.0.0.8
WinRAR		20.12.2009		
WORLD IN CONFLICT	Ubisoft Entertainment	11.12.2009		1.0.1.1
World of Tanks	Wargaming.net	18.08.2012	15,0MB	
X3 Reunion v2.5	EGOSOFT	02.12.2009		
X3 Terran Conflict v3.0	EGOSOFT	11.10.2010

Und zu guter letzt die Avira Funde

Code:

ATTFilter

Exportierte Ereignisse:

21.10.2012 13:56 [System Scanner] Malware gefunden
      Die Datei 'C:\Games\Battlefield Vietnam\eReg\Battlefield Vietnam_eReg.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.24162.13' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4eeb6329.qua' 
      verschoben!

21.10.2012 12:51 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Games\Battlefield Vietnam\eReg\Battlefield Vietnam_eReg.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.24162.13' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

kira · 25.10.2012, 08:21

vermutlich Fehlalarm, zu den Ausnahmen hinzufügen oder ignorieren
ansonsten sieht gut aus

Systemreinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="
[2011.12.19 20:21:29 | 000,000,933 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\11-suche.xml
[2011.12.19 20:21:30 | 000,002,419 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 20:21:29 | 000,010,525 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\gmx-suche.xml
[2010.06.29 19:43:06 | 000,000,950 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin-2.xml
[2010.07.21 17:16:04 | 000,000,950 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin-3.xml
[2010.07.25 06:26:46 | 000,000,950 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin-4.xml
[2010.09.09 21:44:32 | 000,000,950 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin-5.xml
[2010.02.03 15:38:36 | 000,000,947 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin.xml
[2011.12.19 20:21:30 | 000,002,457 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\lastminute.xml
[2011.12.19 20:21:29 | 000,005,508 | ---- | M] () -- C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\webde-suche.xml
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d9ef8470-5076-11df-a261-8e1b2a8e5597}\Shell - "" = AutoRun
O33 - MountPoints2\{d9ef8470-5076-11df-a261-8e1b2a8e5597}\Shell\AutoRun\command - "" = F:\autorun1.exe

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

3.
Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während der Online-Scans deaktivieren:
Anti-Virus-Programm und Firewall.
Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
Während der Online-Scans auf andere Online-Aktivitäten verzichten.
Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.
.

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!

Eset Online Scanner (NOD32)
- Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
- Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
- Dein Anti-Virus-Programm während des Scans deaktivieren.
- Button "ESET Online Scanner" drücken.
- IE-User müssen das Installieren eines ActiveX Elements erlauben.
- Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
- Einen Haken bei "Remove found threads" und "Scan archives" machen.
- Start drücken.
- Signaturen werden heruntergeladen.
- Der Scan beginnt automatisch.
- Wenn fertig, das Protokoll speichern und mir posten.
  -> List of found threats
  -> Export to text file
  -> Back
  -> Delete quarantäne files
- Finish drücken.
- Browser schließen.
- Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
- Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Gerd21 · 25.10.2012, 19:16

Hier das fix log

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q=" removed from keyword.URL
C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\11-suche.xml moved successfully.
C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\englische-ergebnisse.xml moved successfully.
C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\lastminute.xml moved successfully.
C:\Users\Schrottlaube\AppData\Roaming\mozilla\firefox\profiles\9sywmvez.default\searchplugins\webde-suche.xml moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9ef8470-5076-11df-a261-8e1b2a8e5597}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9ef8470-5076-11df-a261-8e1b2a8e5597}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9ef8470-5076-11df-a261-8e1b2a8e5597}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9ef8470-5076-11df-a261-8e1b2a8e5597}\ not found.
File F:\autorun1.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Schrottlaube\Desktop\cmd.bat deleted successfully.
C:\Users\Schrottlaube\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Schrottlaube
->Temp folder emptied: 156923354 bytes
->Temporary Internet Files folder emptied: 185298269 bytes
->Java cache emptied: 28738977 bytes
->FireFox cache emptied: 122392787 bytes
->Google Chrome cache emptied: 6765385 bytes
->Flash cache emptied: 121325 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 385948078 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 845,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10252012_195816

Files\Folders moved on Reboot...
C:\Users\Schrottlaube\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

der pc hat sich aber beim runterfahren aufgehengt
-explorer konnte nicht beendet werden da er noch den sound fürs runterfahren abspielen wollte
-> neustart erzwingen
-lange nur deskpot hintergrund -> reset
-neustart, windows normal geladen

kira · 25.10.2012, 20:16

alles im grünen Bereich?

Gerd21 · 25.10.2012, 20:28

CCleaner hat funktioniert.

ESET Onlinescanner geht nicht: "Can not get Update. Is proxy configured?" mit diesen Worten bricht er bei 4% ab.
Bei den Proxyeinstellungen von Eset steht nichts.

Er sagt mir auch, dass Windows Defender noch an ist und ich finde keine Möglichkeit ihn zu deaktivieren.

Ich habe Eset auch wenns schwer war über diesen komischen Internet-Explorer, unter befolgen deiner Anweisungen, laufen lassen nur für den fall das diese Info nötig ist.

Habs nochmal mit Firefox probiert und das gleiche Ergebnis.

Nach einem erneuten Neustart mit 10 sec pause ging Eset ohne Probleme.
-> keine Funde
Ich sehe kein Möglichkeit das Protokoll zu speichern.
Bis jetzt kann ich sagen alles im grünene Bereich

Es gibt weder Esets bei "Software" noch einen Eset Ordner unter Programme also auch nichts zu entfernen.

kira · 26.10.2012, 04:25

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner

- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!

Zitat:

Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!

Wie erstelle ich ein eingeschränktes Benutzerkonto?
Software immer auf dem neuesten Stand halten!:
ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox
Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
- Unbekannten E-Mail-Anhang NICHT öffnen!
- Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)
Die fünf häufigsten Passwort-Fehler

"Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
so wird oft Art von Adware/Spyware mitinstalliert!

NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!

Programme und Treiber:
Nur vom Hersteller!

Onlinebanking:
Gib deine Passwörter niemals preis!
Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.

Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab

Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!

Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
Webseiten ohne Gültiges Impressum nicht besuchen
- Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
► Ausserdem machst Du dich damit strafbar!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
Virenscanner
BSI für Bürger
SETI@home - [Sicherheit] Sicherheitskonzept

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:

Verlauf, Cache und Cookies: Spuren beseitigen nach dem Surfen
hier nachlesen und hier microsoft.com
Wenn dein System reibungslos läuft, kannst zeitweise die alte Wiederherstellungspunkte entfernen: -> Alle Systemwiederherstellungspunkte bis auf den Letzten löschen
Oft den PC zu optimieren nütz wenig, der braucht jetzt eine Radikalkur (nach ca. 3-4 jahren, aber hängt von der Häufigkeit der Nutzung bzw Belastung ab): Anleitung: Neuaufsetzen des Systems + Absicherung
Staub, Fingerabdrücke, Handschweiß – PC und Peripherie sehen mit der Zeit ganz schön eklig aus, ausserdem laut, reagiert langsam und wird schnell heiß:
-> Frühjahrsputz für den PC: Tipps zur Reinigung und Entrümpelung

wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira

Gerd21 · 26.10.2012, 19:28

So, alles bereinigt, auch BF Vietnam entfernt (spiel ich sowieso nicht mehr)
außer ccleaner, das werde ich wirklich öfter mal benutzen.

nochmals vielen dank an dich kira

23.10.2012, 08:00	#2
schrauber /// the machine /// TB-Ausbilder	TR/Kazy.24162.13 gefunden Hi, Battlefield löschen. kannst Du die logs bitte in den Thread posten? Ich kann auf Arbeit keine Anhänge laden. __________________ __________________

TR/Kazy.24162.13 gefunden

Log-Analyse und Auswertung: TR/Kazy.24162.13 gefunden