Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "Programm kann Website nicht anzeigen" Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.11.2012, 14:45   #1
Trouble343
 
"Programm kann Website nicht anzeigen" Trojaner - Unglücklich

"Programm kann Website nicht anzeigen" Trojaner



Hallo,

ich glaube, dieses Problem ist schon öfters aufgetreten, aber hier ist es möglicherweise etwas anders:
Immer wenn ich über meinen normalen Benutzer (ohne Adminrechte) eingeloggt bin, erscheint direkt das bildschirmfüllende Fenster "Das Programm kann die Website nicht anzeigen" (oder so ähnlich).
Versuche ich es allerdings über einen Benutzer mit Adminrechten, funktioniert alles tadellos!
Ich ließ also direkt mal Malwarebytes laufen, und es fand 2 infizierte Dateien, die ich direkt löschte.
Als ich es danach auf meinen Benutzer ohne Admins versuchte, klappte alles wieder. Doch heute morgen, geschah das gleiche von vorne!
Ich bin verzweifelt
Ich bin nun grade wieder über den Benutzer mit Adminrechten on und lasse sowohl Malwarebytes als auch Emisoft Antimalware einen Komplett-Scan durchführen.
Aber was soll ich ansonsten machen?
Bitte, helft mir!

Alt 18.11.2012, 01:31   #2
t'john
/// Helfer-Team
 
"Programm kann Website nicht anzeigen" Trojaner - Standard

"Programm kann Website nicht anzeigen" Trojaner





http://www.trojaner-board.de/125889-...en-posten.html
__________________

__________________

Alt 18.11.2012, 02:03   #3
Trouble343
 
"Programm kann Website nicht anzeigen" Trojaner - Standard

"Programm kann Website nicht anzeigen" Trojaner



Okay, also erstmal vom Malwarebytes:

HTML-Code:
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.16.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Papa :: FELIX-PC [Administrator]

Schutz: Aktiviert

16.11.2012 23:32:03
mbam-log-2012-11-16 (23-32-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 605798
Laufzeit: 2 Stunde(n), 34 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Felix\Downloads\Programme\SoftonicDownloader_fuer_audacity.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Games\Konami\rld.dll (PUP.Hacktool.crk) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Und dann habe ich grade OTL durchlaufen lassen:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.11.2012 23:53:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Papa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,39% Memory free
7,96 Gb Paging File | 4,39 Gb Available in Paging File | 55,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 433,06 Gb Total Space | 215,19 Gb Free Space | 49,69% Space Free | Partition Type: NTFS
Drive D: | 456,92 Gb Total Space | 58,69 Gb Free Space | 12,84% Space Free | Partition Type: NTFS
Drive E: | 3,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FELIX-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Papa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2wizard.exe (Emsisoft GmbH)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Users\Papa\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\BackStage.exe (Conduit Ltd.)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - D:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\829ed22d7328a4d7e0916b4cffda8707\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - D:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - D:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - D:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - D:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - D:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll ()
MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (GdNetMon) -- C:\Windows\SysNative\drivers\GdNetMon64.sys (G Data Software AG)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ecosia.org/?sc=de
IE - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.09.18 16:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.10.30 14:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB_DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44E322C7-311C-4653-9BD5-54CFD2A2E265}: NameServer = 192.168.178.1,192.168.178.98
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe) - c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 14:32:43 | 000,000,044 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009.08.11 11:04:00 | 000,000,000 | R--D | M] - E:\Autoupdate -- [ UDF ]
O33 - MountPoints2\{31174ecb-1675-11df-8029-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{31174ecb-1675-11df-8029-806e6f6e6963}\Shell\AutoRun\command - "" = E:\StartUp.exe -- [2009.11.26 13:10:20 | 000,623,967 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.17 14:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.11.17 14:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012.11.17 13:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.11.17 13:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.11.17 13:38:14 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\Anti-Malware
[2012.11.17 13:29:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe
[2012.11.17 12:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.11.17 00:14:04 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\Drakensang_TRoT
[2012.11.16 23:39:26 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\PunkBuster
[2012.11.16 23:38:03 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\Battlefield 3
[2012.11.16 23:36:53 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\ArcaniA - Gothic 4
[2012.11.16 23:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.11.16 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Google
[2012.11.16 23:32:47 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Origin
[2012.11.16 23:32:38 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Origin
[2012.11.16 23:03:57 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Malwarebytes
[2012.11.16 23:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.16 23:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.16 23:03:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.16 23:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.16 21:32:13 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Windows Live
[2012.11.16 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Audacity
[2012.11.16 19:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.11.16 19:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.11.16 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\kgbshounxfannag
[2012.11.15 22:55:01 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.15 22:55:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.15 22:50:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.15 22:50:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.15 22:50:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.15 22:50:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.15 22:50:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.15 22:50:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.15 22:50:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.15 22:50:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.15 22:50:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.15 22:50:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.15 22:50:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.15 22:50:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.15 22:50:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.15 22:50:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.15 22:50:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.15 22:48:07 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.15 22:48:07 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.15 22:48:07 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.15 22:48:07 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.15 13:22:52 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.15 13:22:52 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.15 13:22:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.15 13:22:49 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.15 13:22:49 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.15 13:22:49 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.15 13:22:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.15 13:22:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.15 13:22:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.15 13:22:40 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.15 13:22:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.14 19:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcaniA - Gothic 4
[2012.11.04 19:22:44 | 000,000,000 | ---D | C] -- C:\BOSS
[2012.10.30 09:23:29 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.10.29 22:46:07 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\LogMeIn Hamachi
[2012.10.21 14:28:08 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.10.21 14:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012.10.21 14:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.10.21 14:11:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.10.20 12:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.10.20 12:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.10.20 12:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.17 23:58:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214886623-3929896450-3179004277-1000UA.job
[2012.11.17 23:47:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.17 23:42:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.17 15:58:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214886623-3929896450-3179004277-1000Core.job
[2012.11.17 13:39:22 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.11.17 13:29:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe
[2012.11.17 13:20:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.17 13:20:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.17 13:20:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.17 13:20:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.17 13:20:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.17 12:47:29 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 12:47:29 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 12:44:07 | 000,876,903 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.11.17 12:44:07 | 000,046,559 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.11.17 12:10:44 | 3207,507,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.17 01:21:12 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.11.17 01:21:12 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.17 01:19:50 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.11.16 23:04:27 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.16 22:53:33 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.11.16 22:51:30 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.11.16 22:51:30 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.11.16 22:51:29 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.11.16 20:09:57 | 000,000,680 | RHS- | M] () -- C:\Users\Papa\ntuser.pol
[2012.11.16 19:51:48 | 000,076,353 | ---- | M] () -- C:\ProgramData\rozbitcypmzmabk
[2012.11.16 19:50:56 | 003,019,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.15 18:22:33 | 000,064,000 | ---- | M] () -- C:\Windows\rtbavfwn.exe
[2012.11.14 19:47:22 | 000,000,711 | ---- | M] () -- C:\Users\Public\Desktop\ArcaniA - Gothic 4.lnk
[2012.11.12 20:31:13 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012.10.30 00:25:51 | 000,001,406 | ---- | M] () -- C:\Users\Papa\Desktop\Free YouTube to MP3 Converter.lnk
[2012.10.21 14:34:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.20 12:48:48 | 000,000,071 | ---- | M] () -- C:\Windows\wininit.ini
[2012.10.20 12:48:47 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.17 13:39:22 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.11.16 23:03:41 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.16 19:51:31 | 000,076,353 | ---- | C] () -- C:\ProgramData\rozbitcypmzmabk
[2012.11.15 22:55:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 22:48:07 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 18:22:40 | 000,064,000 | ---- | C] () -- C:\Windows\rtbavfwn.exe
[2012.11.14 19:47:22 | 000,000,711 | ---- | C] () -- C:\Users\Public\Desktop\ArcaniA - Gothic 4.lnk
[2012.10.30 00:25:51 | 000,001,406 | ---- | C] () -- C:\Users\Papa\Desktop\Free YouTube to MP3 Converter.lnk
[2012.10.20 12:48:48 | 000,000,071 | ---- | C] () -- C:\Windows\wininit.ini
[2012.10.20 12:48:47 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.08.19 10:23:18 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.19 10:23:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.11.14 16:45:38 | 000,876,903 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.08.25 17:25:37 | 000,000,306 | ---- | C] () -- C:\Windows\game.ini
[2011.08.23 17:13:24 | 000,000,680 | RHS- | C] () -- C:\Users\Papa\ntuser.pol
[2011.08.23 12:38:17 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.08.17 14:04:40 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2011.08.16 17:38:03 | 000,001,302 | ---- | C] () -- C:\Windows\disney.ini
[2011.08.16 17:37:40 | 000,000,206 | ---- | C] () -- C:\Windows\disneysy.ini
[2010.11.17 15:52:17 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


Und die Extras, falls du die brauchst:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.11.2012 23:53:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Papa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,39% Memory free
7,96 Gb Paging File | 4,39 Gb Available in Paging File | 55,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 433,06 Gb Total Space | 215,19 Gb Free Space | 49,69% Space Free | Partition Type: NTFS
Drive D: | 456,92 Gb Total Space | 58,69 Gb Free Space | 12,84% Space Free | Partition Type: NTFS
Drive E: | 3,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FELIX-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A07FCDA-993D-4AC1-9886-9DA8A3836D78}" = rport=445 | protocol=6 | dir=out | app=system | 
"{184856B5-2E34-4268-9E7A-4BBC5726E451}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1867FA94-85A9-4BA1-943D-579F3D96A87B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1AB1E152-07D3-4FAC-901B-DC941B15BA28}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2451CD9D-806E-4F5D-8609-EECBDADBC717}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{26E5C2EE-6A29-4FB7-B340-A0294B639BAE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{35411528-D639-4443-97DB-2B38AF1F570B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36204FF9-5842-4281-8DC3-6BDF31F43F44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{476BB649-578E-42A1-AB18-095300358027}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{481785CA-6A2D-41F6-956B-27BA723A41BA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{75BFD49E-5065-45D3-B33F-3790068E934F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{769B04B2-F429-4FC6-8011-351991F4960F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E7CD164-C43D-4558-AB14-885B197931A3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7EFFEE1D-C551-47DF-A2C8-563A4A4F13B1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8214203B-8BF3-4F2B-8052-330C3CF3D481}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{881E8401-5B1D-457F-A81B-E9DE0FA2C581}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8CEDEDF8-19CA-48A5-A648-A3D5E6D160BF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{ACABEAB1-C331-4201-ACA3-AE867AA29C66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C44FE259-E3B1-420E-AF7F-6B7D2092F26D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D5965002-566A-4AD8-BF34-418A10B15721}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED80E9E0-23B6-49BC-B0E7-5052A134922F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F4AB5526-1AB3-4BF6-914A-C769DFF83E17}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F4CE9A1C-478D-4A97-A1F5-54DD5EFF1B16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017FEF5D-0EEE-4808-AEB7-C68FB105DC8B}" = protocol=6 | dir=in | app=d:\program files (x86)\batman\binaries\win32\batmanac.exe | 
"{0599349A-3178-495D-B500-7BE4B53BEF7C}" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{07AA4A66-03BE-487F-BCCC-4699332E13C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{094181E0-0BA2-45FA-AD97-7DB552EAA022}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{0B68DD19-5141-449C-B3DD-1763A15B2343}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe | 
"{0E6935FB-60A6-4D2F-9727-5F06FAECED0D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe | 
"{0ED3CA84-DF65-4F7F-BC53-049D6C8FB202}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\specops_theline_demo\binaries\win32\specopstheline.exe | 
"{0F719768-7312-4217-B5DB-9D27E366F9EA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{10E3ACB8-309A-4F94-96CE-D3F8F316DC06}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\arcadedeluxeagent.exe | 
"{1397EAD2-D55A-4509-A451-CE1FBC043D7D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe | 
"{14399D51-84C1-4601-8A73-99B080932FF3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\napoleonfelix\dark messiah singleplayer demo\mm.exe | 
"{14A8CE24-EBD1-4670-8A5A-00C57DDDE0F8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{151BC341-3E5E-4065-86CF-47C045235FA6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{17620EE1-D817-421D-A44A-985E129768E5}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{1776166E-6C96-4CB9-8C92-0AA6C4BA2E89}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{1B5F3019-6DFE-4D83-B8F2-572BB64E4130}" = protocol=17 | dir=in | app=d:\program files (x86)\prince of persia.exe | 
"{1BCC81F6-AF95-4905-9327-97C711B17CF3}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe | 
"{1DACB546-AC8C-4E09-91EE-E2C6C6233AB2}" = protocol=6 | dir=in | app=d:\program files (x86)\reliccoh.exe | 
"{1E6EB656-C56C-4948-B411-9C4516354703}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{20414D0B-0893-4D65-A8B7-B3881D366DB9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe | 
"{20B7E816-7B9C-4AEB-9046-3D4AA1623FF2}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{20C28C22-E934-491D-A2F6-DBC2DC14985D}" = protocol=6 | dir=in | app=d:\program files (x86)\nwn2server.exe | 
"{20D4CD77-CEB6-457D-8920-18BA5532B851}" = protocol=58 | dir=in | app=system | 
"{22C738DD-0EB1-444B-AF57-51C2B7EA22F2}" = protocol=17 | dir=in | app=d:\program files (x86)\nwn2main_amdxp.exe | 
"{22D764E8-7B07-4FF4-8B50-B81166E56015}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{25102260-DB87-460D-BCCA-5FF2D43A4C6D}" = protocol=17 | dir=in | app=d:\program files (x86)\princeofpersia_launcher.exe | 
"{2742C5EB-E734-40D2-81F8-D4FC315ACB03}" = protocol=6 | dir=in | app=d:\games\bohemia interactive\arma2.exe | 
"{27616C3E-7E49-4558-B6B0-2427CDBCC1D1}" = protocol=6 | dir=in | app=d:\program files (x86)\nwn2main.exe | 
"{285FF3DE-352D-4CCE-9BEE-675E9961DA96}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{28E14172-B1C4-4D74-9030-29A10360C497}" = protocol=17 | dir=in | app=d:\program files (x86)\james cameron's avatar - das spiel\bin\avatar.exe | 
"{2B79CB9D-1493-4C47-91FB-044EDCF1F1D1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{2B7A8DBF-7C2B-44F8-BDBA-B8CE627B261D}" = protocol=6 | dir=in | app=d:\program files (x86)\nwupdate.exe | 
"{2ED499D2-2E51-432A-98FE-467DEAF32A17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{307FF339-76E3-41E0-9F37-6ACE8E64A913}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{31209010-1ED5-42B0-A02A-9D5A221EFD45}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{314114BB-C09C-44E2-9457-576778206FBB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{315D3FC1-4B42-4AAB-AA9D-8F5EA73D010D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{32BC3982-2746-41E6-A1F3-4953FE06A334}" = protocol=6 | dir=in | app=d:\program files (x86)\nwn2main_amdxp.exe | 
"{33100070-B30D-4012-AE5F-F60D1E1CB24B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{3405B051-A24F-4006-9024-2A1A26B46FE2}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{346EC2B2-DF69-4719-B3B1-0DFEE6D20474}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{34B971E4-2A91-4B01-B2ED-6AB36FE3AB2D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe | 
"{3506676C-25D3-4776-8FC7-BF37EC4E175C}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{353D1DE8-420B-4623-ABA5-AB978215209B}" = protocol=17 | dir=in | app=d:\program files (x86)\relicdownloader\relicdownloader.exe | 
"{36FFED7B-D33A-45C2-91C2-80C25CC39B78}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{381E2B3F-7E99-45B8-92DA-E3CAF43DCFF4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{398C0151-F407-4DE3-9F3A-C3F39E411568}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{3A507DE0-9377-4CBB-A649-8CCB96250567}" = protocol=6 | dir=in | app=d:\program files (x86)\james cameron's avatar - das spiel\bin\avatarlauncher.exe | 
"{3CB0FFBB-9C6A-4215-B115-E328F195C720}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3ED3D319-A50D-46F5-98F0-0C47DEFCF90B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{41731009-C399-4316-A793-2621CDAACC64}" = protocol=6 | dir=out | app=system | 
"{4191A327-A4B1-427C-8CFD-E4ADB5C185AF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{4308B158-5735-4F74-ACDD-0AD85BEF32EC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{431F011E-862E-480A-A508-BE41BAFE2730}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{4498656D-8232-4851-BDCD-9A4106E3E361}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe | 
"{44E3FBEF-7871-47C3-BB15-97B58E4D199E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | 
"{451A26F2-B8C8-43E0-8540-65E9867C0FB5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | 
"{45635423-3743-48B6-97AC-3C4470893ED4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{45D88B9A-F7B4-48EC-A3E7-3E524650722E}" = protocol=17 | dir=in | app=d:\ubisoft\die abenteuer von tim und struppi - das geheimnis der einhorn\tintin.exe | 
"{47A7C8E1-B178-456A-8012-43D13E011CEB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{489EAC27-F74C-40DE-BDE9-138D9A99DC1D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{48D2A044-087E-472F-A446-4F3633014E34}" = protocol=17 | dir=in | app=d:\program files (x86)\nwupdate.exe | 
"{4A5DDCE8-76B0-48E7-828C-9E552D02C5DD}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\clmlsvc.exe | 
"{4A924369-0E07-4D10-9E25-F298387A91AF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{4EAD5255-9929-4BCE-BB87-0D83E2F2F4A7}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\specops_theline_demo\binaries\win32\specopstheline.exe | 
"{4F9FD687-99E2-48DA-80C8-99BEDF0204BF}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{5235A84E-404D-462B-BFD4-72F0540A548E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{529E8CEC-CFF2-4F46-969F-658633A6D2BC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2demo.exe | 
"{5348D54F-6129-4781-9506-222BE0C9DE9C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{538BAB32-0A69-4011-B2B4-9042B19C2848}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe | 
"{56266D4F-09F9-4272-9190-D749ED7714AB}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{5630BAE4-3FD1-40A9-A571-55007F31138B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{58B40181-20DD-4DA3-BA70-FFF908047C45}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{58D1CEC5-E4B0-49CD-ADF2-59C773D4DC4F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{5989FB7A-A2B8-4F8C-8362-7E08A0498B53}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{5B39D45B-1DDF-4A71-A59E-94B7AA91D4AD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5B892F50-D4EE-4944-A405-B0B359562B0E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | 
"{5C6B7002-3911-4A95-AAA9-92EB06199BF3}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{5DCDA3AA-F7DC-45B8-8C45-738D2C4A2203}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe | 
"{5DD9C901-92D8-4384-9DF9-6E77B1FA7496}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{5EA1C30A-A7BD-4878-BF85-1E06501835BF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | 
"{606B5FEA-47EB-49DE-8D9A-98173F435FAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{64A07D07-FD36-4D9C-8EB7-3C70FEA604D4}" = protocol=6 | dir=in | app=d:\program files (x86)\james cameron's avatar - das spiel\bin\avatar.exe | 
"{65F75CFE-9667-4F2A-B66A-916BA9AACB98}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{66D09644-CAAF-461C-B306-F02FE1B44026}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fuel - demo\fuel.exe | 
"{66E0441E-F58E-441A-B887-997DC9B2B959}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | 
"{6A22532A-D195-486C-9EE9-FFF7ABB7A30C}" = protocol=6 | dir=in | app=d:\program files (x86)\princeofpersia_launcher.exe | 
"{6C9D82ED-C2D4-4E30-973C-87FFCC9D50EE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arx fatalis\arx.exe | 
"{6D2BA4F2-807A-4D84-A698-E175AF772BD4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe | 
"{700A701C-96A7-40A1-9195-B21CE38C5317}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{70B05887-0959-49DE-B0B2-F37FC1436AF6}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{72499D69-0EB0-49A2-A2A9-93DE312E30EB}" = protocol=17 | dir=in | app=d:\program files (x86)\batman\binaries\win32\batmanac.exe | 
"{72610B4F-CC7A-4F13-A322-FE9B2F34AAB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{735D801A-F40A-4307-90AD-0488D36EAC4E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | 
"{757E1A9D-651E-4E8E-82E6-5600CE505F65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{765926BB-686B-40B1-9B5F-42D95B9CBF3B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{7978EFCD-69DC-475E-9FCC-9F1EB4D22597}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{7A1189D6-B8EE-41CD-9BC5-5470F2ABF4FD}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe | 
"{7A6C03EF-241E-42D7-A046-0D80C5A40C35}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{816BB5F4-BC00-4FC1-9835-17A821E82F8D}" = protocol=17 | dir=in | app=d:\program files (x86)\binaries\shippingpc-bmgame.exe | 
"{820A8AB2-4460-4A26-995B-42C9A9E0215C}" = protocol=6 | dir=in | app=d:\program files (x86)\relicdownloader\relicdownloader.exe | 
"{8250C3FE-1799-4264-99C5-FD838329E215}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{82A3659C-FA13-44F6-A50C-56F0432BFF6C}" = protocol=17 | dir=in | app=d:\program files (x86)\nwn2main.exe | 
"{84C1506F-133C-42B6-AC8E-B69A1D8634D0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | 
"{851C587D-53D6-4BD4-BF47-F635C301C685}" = protocol=17 | dir=in | app=d:\games\bohemia interactive\arma2.exe | 
"{8B3D5B60-1F60-4444-8DB5-653019127721}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8C4394DD-43CB-41E6-941A-4A833F6A50C4}" = protocol=6 | dir=in | app=d:\ubisoft\die abenteuer von tim und struppi - das geheimnis der einhorn\tintin.exe | 
"{8DD32F15-8899-4F7F-9C80-26489F12FB8B}" = protocol=17 | dir=in | app=d:\program files (x86)\reliccoh.exe | 
"{93FB5ABB-1D32-4D4A-BE2B-A371EB128A8A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe | 
"{984FE0AF-D350-4484-B64A-5436275E6461}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9BC30C94-CC12-4953-A259-C559E222B23D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{9F2F6681-3601-41AD-9CE8-9035E3563B9E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\napoleonfelix\dark messiah singleplayer demo\mm.exe | 
"{9FCBCC9C-881F-42BA-8C2E-5E1E63A3B7EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A05E394B-CCF2-49A5-B288-BBFEBC57DA0A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | 
"{A2A1BD9E-FDD4-4298-AC16-DF6EE4CFF265}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A8152B75-FBBF-4DF8-9F5F-B60ACA3B1A7E}" = protocol=17 | dir=in | app=d:\program files (x86)\nwn2server.exe | 
"{AB631882-79F0-4045-9A74-50FB73C513EC}" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{AB678383-EB66-4C7B-B622-5EC336C17DA7}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{AC266917-A9DA-41BD-90B7-4C3244FA8D22}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{ACE91E78-339A-48B8-A467-A141C28AFFA0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe | 
"{AF917915-4D13-42C9-B2DE-B2B7A67E8565}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{B236EC61-21C6-46CD-93B9-317A6536B80D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B2C6F154-5BF7-4215-8B35-517B93DD12CD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{B78379DF-0A1A-4236-BDA1-CF26BB7CE5A5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"{BB40E1F1-70AE-42A8-975F-CB4D529DD15C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | 
"{BEBB90B6-1095-46D2-8E81-6111E73305D9}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe | 
"{BF197B8D-D546-4013-8D35-FE7E1AEC5B28}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{C1977A33-3775-41FC-842F-7927B76FB306}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{C1F883E9-AA59-4AB5-9204-C0B9B67EC539}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C4BF95D2-B639-4A0D-A88C-74AFA0FBA70C}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{C4E2281A-4B9F-4E8C-BD21-E1322C2DFA93}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{C537C892-CDA6-4307-BC8C-F12C847D905D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2demo.exe | 
"{C5A37F34-D5AD-41E0-83F5-EDC0B208CC90}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{C647386F-4690-4A1C-99E1-ECAA7FE3356F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{C88BB608-4272-4068-A12A-4EFA9147FD7C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"{C99FB48F-DCDE-47D7-B6AC-1A66B5174A65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CAE03A5A-4B51-4E86-98E4-B0940C965FA1}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{CC3A51CA-89F1-4400-ABC9-A82EEEE80F3D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{CFA3F636-6F12-4CE1-89A3-140637EA750D}" = protocol=17 | dir=in | app=d:\program files (x86)\james cameron's avatar - das spiel\bin\avatarlauncher.exe | 
"{CFEC1969-37C9-4984-B10E-3EB2E2A7351B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D06FD029-8FF2-40DE-9520-B2B2F05AD3CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D50A4670-6D4D-4263-B153-CD0030006447}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\dmrengine.exe | 
"{D5A91B41-F367-4074-B4B4-D85BBDBFE6B2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D7AC2C6E-3B18-4F09-993B-8D9EB988B1AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC1519CF-A815-4037-A98C-00DE3653C4BB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{DC449160-FDD9-4BE7-B799-8BDFD925B0AF}" = protocol=6 | dir=in | app=d:\program files (x86)\prince of persia.exe | 
"{DF34E71C-AB8A-4886-8C9A-49DEED0CC802}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{E3D020EE-6C9A-4784-9B51-859FEBE082AA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | 
"{E5A07C73-DD2B-47C5-8F0F-0A4FCFD98940}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2demo.exe | 
"{E62E0965-5E24-4A97-98D7-268E652C4FD1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{E7A7341D-81C2-46FB-8907-66F6EFE6519B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{E7B28322-9712-4793-8D94-580231C0C9BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E85570FE-228B-4452-BBDB-68A17410C057}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E904552E-5227-4ECD-970D-F0AE91FA3B91}" = protocol=6 | dir=in | app=d:\program files (x86)\binaries\shippingpc-bmgame.exe | 
"{E980274B-CBEE-4802-AC0F-5C8391474423}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2demo.exe | 
"{E9EF0E96-C318-4ACB-B901-08DC42E23979}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{EB82B2BA-0A9C-47B9-8297-E2F4A6402EAB}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | 
"{ED1A31F0-9FE8-4EF2-8479-94817125571E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe | 
"{F01C3DAA-D084-42F8-A20D-095423C1E2E2}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | 
"{F2C7EA0C-80CD-48EC-9793-C3A1C940A045}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{F43463E9-CF7D-4AF5-909A-361824490085}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe | 
"{F4611276-2F83-4509-86FD-5C907874F03C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arx fatalis\arx.exe | 
"{F627CA33-5349-4D38-A04B-39838C72C7CD}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fuel - demo\fuel.exe | 
"{F8686951-A452-4CD0-A83D-50DFFCF020E2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe | 
"{FA59C4FE-FCB7-4892-8294-3D0635398A91}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe | 
"{FE2D6118-6922-4D6E-95D0-AD95C12F0AA7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Pirates of the Caribbean - At Worlds End
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B48B3C5-B596-4822-A148-837B11885CB5}" = Lost Horizon
"{2B673C6F-BDEA-48AE-AB59-7479BF04EF6E}" = Nail'd
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CC49D98-2914-4444-88F1-6739EBBD140E}_is1" = Die Abenteuer von Tim und Struppi - Das Geheimnis der Einhorn
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{3F64C088-9A45-41B3-8B99-71AFAB720A56}" = Sherlock Holmes jagt Jack the Ripper
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DD88500-1EAB-4D87-8079-88214668B699}_is1" = Alpha Polaris German Demo Version 1.0.0
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{52B94500-1782-411F-BFA5-EBAC312964DE}" = The Witcher Demo
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{675279fe-598d-43e8-8bea-b71e68a7a5cc}" = Nero 9 Essentials
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{74027A70-698F-49B4-969D-AA64BE2A8D8B}_is1" = Metro 2033 Demo
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{7E19B002-4CA3-4C9F-BA92-91D101B97219}" = James Cameron's AVATAR(tm): DAS SPIEL
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3(TM)
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AFC93C3-EEE0-497C-9341-27753FAC7233}" = Prince of Persia The Two Thrones
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAFD160A-2333-40D8-AA25-42D1989CA0F2}" = Toy Story 3
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D227E95D-C9E6-4B09-BC4C-F5A96D08A1CE}" = Patrizier IV Demo
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBC8C5A1-7745-419F-B6C6-B0DD87F24D52}" = LogMeIn Hamachi
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1" = ArcaniA - Gothic 4
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adventskalender" = Interaktiver Adventskalender
"ArmA 2" = ArmA 2 Uninstall
"Audacity 1.3 Beta_is1" = Audacity 1.3.12
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Company of Heroes" = Company of Heroes
"CycoreFX HD 1.7 for After Effects" = CycoreFX HD 1.7 for After Effects
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"HighwayNights" = Cobra 11 - Highway Nights (remove only)
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3 (TM)
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"LAME_is1" = LAME v3.99.3 (for Windows)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Memento Mori_is1" = Memento Mori
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Satinav Demo" = Das Schwarze Auge - Satinavs Ketten Demo
"Security Task Manager" = Security Task Manager 1.8d
"StarCraft II" = StarCraft II
"Steam App 105400" = Fable III
"Steam App 108710" = Alan Wake
"Steam App 12850" = FUEL - Demo
"Steam App 15100" = Assassin's Creed
"Steam App 1700" = Arx Fatalis
"Steam App 17410" = Mirror's Edge
"Steam App 19900" = Far Cry 2
"Steam App 202480" = Creation Kit
"Steam App 204030" = Fable - The Lost Chapters
"Steam App 219850" = Torchlight II Demo
"Steam App 24240" = PAYDAY: The Heist
"Steam App 34030" = Napoleon: Total War
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 35720" = Trine 2
"Steam App 40800" = Super Meat Boy
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 48000" = LIMBO
"Steam App 48190" = Assassin's Creed Brotherhood
"Steam App 55100" = Homefront
"Steam App 55280" = Homefront Dedicated Server
"Steam App 620" = Portal 2
"Steam App 644" = Portal 2 Publishing Tool
"Steam App 6980" = Thief: Deadly Shadows
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 8980" = Borderlands
"Steam App 98200" = Frozen Synapse
"The Lost Crown_is1" = The Lost Crown
"The Moment of Silence_is1" = The Moment of Silence
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1214886623-3929896450-3179004277-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.08.2012 14:43:11 | Computer Name = Felix-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACBSP.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d90ac83  Name des fehlerhaften Moduls: ACBSP.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d90ac83  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0183c849  ID des fehlerhaften Prozesses:
 0x15e0  Startzeit der fehlerhaften Anwendung: 0x01cd7c991344ca46  Pfad der fehlerhaften
 Anwendung: D:\Program Files (x86)\Steam\steamapps\common\Assassins Creed Brotherhood\ACBSP.exe
Pfad
 des fehlerhaften Moduls: D:\Program Files (x86)\Steam\steamapps\common\Assassins
 Creed Brotherhood\ACBSP.exe  Berichtskennung: 648c3323-e89b-11e1-b705-1078d2e8e303
 
Error - 18.08.2012 07:05:26 | Computer Name = Felix-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 20.08.2012 13:46:59 | Computer Name = Felix-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: T3Main.EXE, Version: 1.0.0.1, Zeitstempel:
 0x40c8a4da  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x80000003  Fehleroffset: 0x0001280c  ID des fehlerhaften
 Prozesses: 0x324  Startzeit der fehlerhaften Anwendung: 0x01cd7efba97db981  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\Steam\steamapps\common\Thief Deadly
 Shadows\system\T3Main.EXE  Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll
Berichtskennung:
 09e42614-eaef-11e1-8b25-1078d2e8e303
 
Error - 20.08.2012 19:38:10 | Computer Name = Felix-PC | Source = Application Hang | ID = 1002
Description = Programm Amnesia.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 994    Startzeit: 
01cd7f2ba2d39e02    Endzeit: 38    Anwendungspfad: d:\program files (x86)\steam\steamapps\common\amnesia
 the dark descent demo\Amnesia.exe    Berichts-ID:   
 
Error - 24.08.2012 16:50:03 | Computer Name = Felix-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.08.2012 10:06:18 | Computer Name = Felix-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PlayMovie.exe, Version: 9.0.7110.0,
 Zeitstempel: 0x4cda7c7e  Name des fehlerhaften Moduls: CLNavX.ax, Version: 8.1.0.2108,
 Zeitstempel: 0x4c87828a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005c952  ID des fehlerhaften
 Prozesses: 0x131c  Startzeit der fehlerhaften Anwendung: 0x01cd83933d45b931  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\PlayMovie.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\NavFilter\CLNavX.ax
Berichtskennung:
 346da322-ef87-11e1-9a66-1078d2e8e303
 
Error - 30.08.2012 09:33:46 | Computer Name = Felix-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gimp-2.8.exe, Version: 2.8.2.0, Zeitstempel:
 0x50369de7  Name des fehlerhaften Moduls: libgegl-0.2-0.dll, Version: 0.0.0.0, Zeitstempel:
 0x4ff66ab2  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000002c56f  ID des fehlerhaften
 Prozesses: 0xc24  Startzeit der fehlerhaften Anwendung: 0x01cd86b20aafb17b  Pfad der
 fehlerhaften Anwendung: C:\Program Files\GIMP 2\bin\gimp-2.8.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\GIMP 2\bin\libgegl-0.2-0.dll  Berichtskennung: 52650b59-f2a7-11e1-9d3e-1078d2e8e303
 
Error - 30.08.2012 12:52:36 | Computer Name = Felix-PC | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 05.09.2012 08:58:21 | Computer Name = Felix-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1058    Startzeit: 01cd8b64175a5df4    Endzeit: 50    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 05.09.2012 11:10:25 | Computer Name = Felix-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1c68    Startzeit: 01cd8b73c378e431    Endzeit: 50    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 05.09.2012 11:13:38 | Computer Name = Felix-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: T3Main.EXE, Version: 1.0.0.1, Zeitstempel:
 0x40c8a4da  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x80000003  Fehleroffset: 0x0001280c  ID des fehlerhaften
 Prozesses: 0x7a0  Startzeit der fehlerhaften Anwendung: 0x01cd8b78eaf99947  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\Steam\steamapps\common\Thief Deadly
 Shadows\system\T3Main.EXE  Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll
Berichtskennung:
 449a82d3-f76c-11e1-b22b-1078d2e8e303
 
[ Media Center Events ]
Error - 21.10.2011 16:08:58 | Computer Name = Felix-PC | Source = MCUpdate | ID = 0
Description = 22:08:58 - Fehler beim Herstellen der Internetverbindung.  22:08:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.10.2011 16:09:29 | Computer Name = Felix-PC | Source = MCUpdate | ID = 0
Description = 22:09:08 - Fehler beim Herstellen der Internetverbindung.  22:09:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 16.11.2012 14:57:39 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 16.11.2012 14:58:02 | Computer Name = Felix-PC | Source = bowser | ID = 8003
Description = 
 
Error - 16.11.2012 14:59:19 | Computer Name = Felix-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 5.182.18.197  registriert werden. Der Computer mit IP-Adresse 5.149.106.184
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 16.11.2012 17:52:18 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 16.11.2012 17:52:18 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 G Data Personal Firewall erreicht.
 
Error - 16.11.2012 17:52:18 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "G Data Personal Firewall" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 16.11.2012 21:09:06 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 16.11.2012 21:09:06 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 G Data Personal Firewall erreicht.
 
Error - 16.11.2012 21:09:06 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "G Data Personal Firewall" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 17.11.2012 10:39:13 | Computer Name = Felix-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 18.11.2012, 02:11   #4
t'john
/// Helfer-Team
 
"Programm kann Website nicht anzeigen" Trojaner - Standard

"Programm kann Website nicht anzeigen" Trojaner



Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:
ATTFilter
:OTL
MOD - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Papa\*.tmp
C:\Users\Papa\AppData\Local\{*}
C:\Users\Papa\AppData\Local\Temp\*.exe
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt


Scan mit Malwarebytes' Anti-Rootkit
Download: Download - Malwarebytes Anti-Rootkit BETA

Anleitung: Anleitung: Malwarebytes Anti-Rootkit


danach:

3. Schritt

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.11.2012, 02:32   #5
Trouble343
 
"Programm kann Website nicht anzeigen" Trojaner - Standard

"Programm kann Website nicht anzeigen" Trojaner



Ehm, ich kann den Rechner jetzt nurnoch im abgesichertem Modus starten, im normalen bleibt der Bildschirm nach der Anmeldung schwarz...
Weitermachen oder ist das ein Problem?

Edit: Aufjedenfall sind hier schonmal die LogFiles:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
C:\ProgramData\FullRemove.exe moved successfully.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{B906C11A-D193-4143-9FA7-E2EE8A5A8F21} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3} folder moved successfully.
C:\ProgramData\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Papa\*.tmp not found.
File\Folder C:\Users\Papa\AppData\Local\{*} not found.
C:\Users\Papa\AppData\Local\Temp\AutoRun.exe moved successfully.
C:\Users\Papa\AppData\Local\Temp\COMAP.EXE moved successfully.
C:\Users\Papa\AppData\Local\Temp\eauninstall.exe moved successfully.
C:\Users\Papa\AppData\Local\Temp\FIFA Manager 07_uninst.exe moved successfully.
C:\Users\Papa\AppData\Local\Temp\ose00000.exe moved successfully.
C:\Users\Papa\AppData\Local\Temp\ose00002.exe moved successfully.
C:\Users\Papa\AppData\Local\Temp\sonarinst.exe moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Papa\Desktop\cmd.bat deleted successfully.
C:\Users\Papa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400807 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Felix
->Temp folder emptied: 577709472 bytes
->Temporary Internet Files folder emptied: 1259910651 bytes
->Java cache emptied: 550507 bytes
->Google Chrome cache emptied: 322020781 bytes
->Flash cache emptied: 111640 bytes
 
User: Papa
->Temp folder emptied: 25035822 bytes
->Temporary Internet Files folder emptied: 501384164 bytes
->Flash cache emptied: 1609 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1000617 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2352045871 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 279744 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 79856 bytes
 
Total Files Cleaned = 4.807,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11182012_021654
         
Nun, heute klappte alles wieder einwandfrei O.o
Und der Log von OTL erhielt noch folgende Ergänzung:
Code:
ATTFilter
Files\Folders moved on Reboot...
C:\Users\Papa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X0GJRF5F\imp[1].htm moved successfully.
C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NX1FZCDY\screen[1].css moved successfully.
C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NFTV2DVS\ads[1].htm moved successfully.
C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4WID6DA9\127140-programm-website-anzeigen-trojaner[1].htm moved successfully.
C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4WID6DA9\imp[1].htm moved successfully.
C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Sorry für den Doppelpost, irgendwie konnte ich nicht mehr editieren O.o
Mache nun den Rest, und danke schonmal

Sooo, dann hier der für Malwarebytes Anti-Rootkit...
Code:
ATTFilter
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.18.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Papa :: FELIX-PC [administrator]

18.11.2012 11:40:19
mbar-log-2012-11-18 (11-40-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 27974
Time elapsed: 9 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Und, zu guter letzt der Cleaner:

Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 18/11/2012 um 11:45:56 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Papa - FELIX-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Papa\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Papa\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Papa\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartBar.CT2625848
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [1029 octets] - [18/11/2012 11:45:56]

########## EOF - C:\AdwCleaner[S1].txt - [1089 octets] ##########
         


Alt 18.11.2012, 12:08   #6
t'john
/// Helfer-Team
 
"Programm kann Website nicht anzeigen" Trojaner - Standard

"Programm kann Website nicht anzeigen" Trojaner



Sehr gut!

Wie laeuft der Rechner?


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> "Programm kann Website nicht anzeigen" Trojaner

Alt 18.11.2012, 15:13   #7
Trouble343
 
"Programm kann Website nicht anzeigen" Trojaner - Standard

"Programm kann Website nicht anzeigen" Trojaner



Also, der Rechner läuft auch wieder über meinen Account
Malware Scan läuft grade. Ist es nicht seltsam, dass der Trojaner nur ein Benutzer gesperrt hat oder ist das normal?

Also, der Scan hat nichts ergeben, hier der (hoffentlich richtige) LogFile:
Code:
ATTFilter
Emsisoft Anti-Malware - Version 7.0
Letztes Update: 18.11.2012 14:16:46

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	18.11.2012 15:09:07


Gescannt	690966
Gefunden	0

Scan Ende:	18.11.2012 19:43:00
Scan Zeit:	4:33:53
         

Alt 19.11.2012, 03:47   #8
t'john
/// Helfer-Team
 
"Programm kann Website nicht anzeigen" Trojaner - Standard

"Programm kann Website nicht anzeigen" Trojaner



Ja das ist normal.

Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 03.12.2012, 22:47   #9
Trouble343
 
"Programm kann Website nicht anzeigen" Trojaner - Standard

"Programm kann Website nicht anzeigen" Trojaner



Hallo,

sorry dass ich nicht solange geantwortet habe, nunja jedenfalls habe ich den Online Scanner durchgeführt, und er hat am Ende tatsächlich zwei Sachen gefunden, die er dann glaube ich auch löschte.
Als ich das Programm aber beendet hatte und in den besagten Ordner ging, war dieser leer O.o
Ist es möglich, dass sich das Programm irgendwie selbst nach dem Beenden deinstalliert hat?
Deswegen kann ich hier auch leider keinen Log posten, wie schlimm ist das und was kann ich noch tun?
Ist der Rechner so weit clean oder hat sich das Virus möglicherweise eine Art Hintertür geschaffen?
Auf jedenfall sagt mir Windows immer beim Herunterfahren, dass noch eine "Task Host Window" geschlossen werden muss...
Dies war vorher nicht der Fall...

Alt 04.12.2012, 20:09   #10
t'john
/// Helfer-Team
 
"Programm kann Website nicht anzeigen" Trojaner - Standard

"Programm kann Website nicht anzeigen" Trojaner



1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.12.2012, 21:48   #11
Trouble343
 
"Programm kann Website nicht anzeigen" Trojaner - Standard

"Programm kann Website nicht anzeigen" Trojaner



Was ist hier los O.o
Bin ich zu dumm?
Habe mit dem Programm einen Vollscan gemacht, eine Sache gefunden, alles wunderbar, hab runnergefahren den PC, und beim Neustart wollte ich den LogFile öffnen...
Aber da war nur einer eines Quick-Scans ohne Ergebnisse
Der andere war nicht mehr da...
Wahrscheinlich musstest du noch nie so einem Volldepp helfen

Alt 06.12.2012, 17:35   #12
t'john
/// Helfer-Team
 
"Programm kann Website nicht anzeigen" Trojaner - Standard

"Programm kann Website nicht anzeigen" Trojaner



Bitte das Malwarebytes Logfile posten!
(Reiter Logdateien)
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.02.2013, 08:13   #13
t'john
/// Helfer-Team
 
"Programm kann Website nicht anzeigen" Trojaner - Standard

"Programm kann Website nicht anzeigen" Trojaner



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu "Programm kann Website nicht anzeigen" Trojaner
2 infizierte dateien, adminrechte, admins, antimalware, anzeige, anzeigen, benutzer, dateien, dieses programm kann webseite nicht anzeigen, direkt, erscheint, fenster, funktioniert, helft, heute, infizierte, infizierte dateien, laufen, lösch, malware, malwarebytes, morgen, problem, programm, rechte, rechten, troja, trojaner, website




Ähnliche Themen: "Programm kann Website nicht anzeigen" Trojaner


  1. "Dieses Programm kann die Webseite nicht anzeigen" Windows 7
    Plagegeister aller Art und deren Bekämpfung - 02.12.2012 (16)
  2. "Dieses Programm kann die Website nicht anzeigen"-Virus
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (31)
  3. "Dieses Programm kann die Webseite nicht anzeigen" auch bei mir...
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (7)
  4. "Dieses Programm kann die Webseite nicht anzeigen"
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (7)
  5. "Dieses Programm kann die Webseite nicht anzeigen" Windows 7
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (1)
  6. "Dieses Programm kann die Webseite nicht anzeigen"
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (21)
  7. "Dieses Programm kann die Webseite nicht anzeigen" Windows 7
    Log-Analyse und Auswertung - 03.10.2012 (3)
  8. Trojaner liefert weißen Desktopblocker "Das Programm kann die Webseite nicht anzeigen"
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (12)
  9. Trojaner -Desktop "Dieses Programm kann die Webseite nicht anzeigen"
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (11)
  10. "Dieses Programm kann die Webseite nicht anzeigen"
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (10)
  11. "Dieses Programm kann nicht die Webseite anzeigen" Windows 7
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (3)
  12. "Dieses Programm kann die Webseite nicht anzeigen"
    Log-Analyse und Auswertung - 20.08.2012 (9)
  13. "Dieses Programm kann nicht die Webseite anzeigen" Virus
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (9)
  14. "Dieses Programm kann die Website nicht anzeigen" Problem
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (3)
  15. Vollbildmitteilung "Dieses programm kann die Website nicht anzeigen" verhindert Zugriff auf Desktop
    Plagegeister aller Art und deren Bekämpfung - 28.07.2012 (1)
  16. Trojaner "Dieses Programm kann Webseite nicht anzeigen"
    Log-Analyse und Auswertung - 13.05.2012 (15)
  17. Weißes Fenster mit "Die Website kann diese Seite nicht anzeigen." beim hochfahren
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (14)

Zum Thema "Programm kann Website nicht anzeigen" Trojaner - Hallo, ich glaube, dieses Problem ist schon öfters aufgetreten, aber hier ist es möglicherweise etwas anders: Immer wenn ich über meinen normalen Benutzer (ohne Adminrechte) eingeloggt bin, erscheint direkt das - "Programm kann Website nicht anzeigen" Trojaner...
Archiv
Du betrachtest: "Programm kann Website nicht anzeigen" Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.