Malware Problem

cosinus · 09.12.2012, 15:34

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Belatucradus · 09.12.2012, 16:44

Hallo, und danke cosinus.
Hier die files:

Code:

ATTFilter

# AdwCleaner v2.011 - Datei am 09/12/2012 um 16:10:37 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : User - MANUU-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Bandoo Coordinator
Gestoppt & Gelöscht : PC Performer Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\ask.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
Gelöscht mit Neustart : C:\ProgramData\pc performer manager
Ordner Gelöscht : C:\Program Files\Bandoo
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files\PriceGong
Ordner Gelöscht : C:\Program Files\SpecialSavings
Ordner Gelöscht : C:\ProgramData\Bandoo
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Savings Sidekick
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutb
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SpecialSavings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Babylon
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\bProtector
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\Bandoo
Schlüssel Gelöscht : HKLM\Software\bProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCoordinator.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F5379B4B-24D8-432A-9A96-BE75EE5117DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F91D52D6-83F5-41A3-99E2-F3828F294A8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F91D52D6-83F5-41A3-99E2-F3828F294A8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [firefox@bandoo.com]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://eu.ask.com/web?l=dis&o=APN10020&gct=hp&apn_dtid=^YYYYYY^YY^AT&apn_ptnrs=^A4G &apn_uid=1012507313224423&p2=^A4G ^YYYYYY^YY^AT --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]

-\\ Mozilla Firefox v17.0.1 (de)

-\\ Google Chrome v21.0.1180.79

*************************

AdwCleaner[R1].txt - [20722 octets] - [07/12/2012 21:18:28]
AdwCleaner[S1].txt - [19901 octets] - [09/12/2012 16:10:37]

########## EOF - C:\AdwCleaner[S1].txt - [19962 octets] ##########

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 09.12.2012 16:16:46 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,59% Memory free
4,00 Gb Paging File | 2,78 Gb Available in Paging File | 69,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 240,67 Gb Total Space | 42,47 Gb Free Space | 17,65% Space Free | Partition Type: NTFS
Drive D: | 225,00 Gb Total Space | 33,52 Gb Free Space | 14,90% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465,76 Gb Total Space | 198,64 Gb Free Space | 42,65% Space Free | Partition Type: NTFS
 
Computer Name: MANUU-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02350A75-070B-4EFB-A07B-EABC6F42CC3B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{04FE09EA-910C-463B-B0FF-4748094B67EC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0FE7B969-B5F9-48EC-9820-8E023BB50F34}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{11397179-D745-425F-AFAC-24392CE21BAF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{145D420A-6BA4-429E-BDD1-0076535C3BC1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1F35AB04-9D4E-46D1-852B-6DA325D82D7C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2CC6EA18-8BF8-406A-96C1-93AB4F4AFCDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{33AE105F-294D-4224-95B1-A74116600371}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3FE3EEB0-0B51-4B9F-BF95-7AC9F45BA2EC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4297E87E-EEC8-4038-9B25-EE37ECB192DE}" = lport=54005 | protocol=6 | dir=in | name=akamai netsession interface | 
"{42B3C211-C17F-4425-B589-57DF8EA36EBE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{447E6C30-AAAC-49A7-8ED6-D4BF67A3FCC2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4E5D9453-E13C-469D-98AD-BFC51252FB91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{577F3C01-D4D4-4B27-858F-FDA5CCA403EB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{61A1CEBD-E33C-41D7-8249-583AB5407661}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7165D842-5D97-4012-BC6F-452283598233}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74AA94BE-AB17-4EE4-954E-47EBED24F3D7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{808939EA-B172-497D-9F0C-C1A480F4CC52}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E37CFE0-47D6-4F6D-9161-FDD7C72A3099}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{976337A9-58FE-4CF5-B71E-9847C314A0E9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9BE052C6-0F65-4418-9AB3-C9FC5C6B1843}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A6C8B5C1-4877-4C8E-909C-67ADF1DEF486}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AF988FE6-C0FB-4565-9108-975BB7D3B8B0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BD970FC8-097D-44D8-AA04-C8AA39BFC4E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BE46AF4A-245E-4091-840C-4B11ED26C082}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C00660EB-A99B-431B-8316-CAB756955F54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C20E53B7-ECA8-4C90-910D-FD7D2B128BE0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C417F3FA-F294-4A2D-B4AF-96B0127220B5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CF50C6A8-74C9-40B8-AA62-2F4D230C9C0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D467F531-F6D2-4E51-86C3-7DF49E9FCA63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DEF27483-22CF-4DAD-AF3F-6EA19BDC0DB9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EBE649E8-2603-4D53-9B1F-5DAD8B959A6E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EDBA0EE7-30AD-482B-8172-8C89E78D4C15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EFBADF04-FE52-4C26-9B9A-7AA323BA6F1C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{F0D0BECD-B81D-4498-81FB-D3CED8AA9A6C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F7EFA886-270C-4253-9594-D1DC2251B0A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FFA7C060-5343-48DB-8B22-7B71C009BDD0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FE2B25-7205-47CE-AFBA-3965D4DEDBF3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{068F5F1D-A6F7-4449-BD30-B10AEF9BE7B0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{07C36032-5D43-4358-B9A0-9AD28212AC7D}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{0A625213-F957-4589-83EB-9D1E87F11E69}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{0C060538-554B-4489-AA3B-D39868301863}" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"{0E9D4784-25EA-4511-B020-BB72D41CAB7D}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{0F5CABDE-3544-4393-A7EE-59A876DEF441}" = protocol=17 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
"{1058327F-2192-4B3E-B70B-67B5F32F3C8F}" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.patch.exe | 
"{113B41E0-7325-40FE-ABA3-579E22985ABE}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{145EED5D-ADE4-45F4-8F9B-4021C040360F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1565B434-9365-4EE6-8570-33F3957EE5B5}" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"{16CF084C-BDDC-41EE-9180-806F432DCC86}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{17FF0A15-2B13-46C6-8FF2-7BDD02ACE434}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1840D0C5-0E65-45FD-B2C0-3CE9509FED38}" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.exe | 
"{19609836-6C8D-450A-A8D4-5F15635637D8}" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{1DD64930-C18A-43AB-A88E-C3297CF50560}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{225D3BF8-E7E6-413A-980B-52B1BF9384E9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2473CF2C-5EA0-4235-B2E8-ABAFA4CCE0BF}" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.exe | 
"{268E1E68-6EFC-44DB-9A4B-645DC83C0AAE}" = protocol=17 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"{2D9D18E9-BC3D-4445-9124-278864979636}" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{2FA411E8-A0D1-4EEE-8775-FBD82E8FC001}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3453B1EB-02F8-4426-9622-2A88379C495A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{34AC7C86-D929-4057-B788-07D300AD3156}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{36A6A2EF-1BE5-47FF-AA6B-FCBF4A75D7FA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{37AA4715-1C2C-4695-BE44-CC671E3F0B59}" = protocol=6 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
"{3C0DC04E-AB1F-45EB-AFB2-1DFCB416832C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C8C8279-73F6-4F90-B53E-3C738F86E1BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E94AA2C-58A9-47A7-98A0-1C3CA99A47A1}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{413FCCED-2050-44D3-AC5E-FF46275504F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{467858CE-3373-488D-9040-22EEBA88438D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{49965159-D2BD-4AD2-9536-B9DC9EA19F18}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{49E9CD1A-7B26-4891-8D94-7E786B02B100}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{4C514851-E87D-4B0F-B02F-CE437BA30476}" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"{4CA4838B-DB80-4A9E-8946-D4936DD80CDF}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"{55E31247-D83F-4AEB-99CB-16D89DDC74CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{578C5543-06A4-4CB5-AD13-5F3DAF4F908F}" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"{59210A10-7EFD-4A46-95DB-D44CE4A88224}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A4F0906-61D2-4014-8191-D6FC796C7D33}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{5BB2EFBC-88C9-4AB5-B2C6-9FCB366073BF}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{5F4BFCBF-E7DA-49DF-8EB7-40DB2CAC6C86}" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"{63AFC118-4712-4F22-B701-A7A56FBCE3F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64A3F4CF-EBE2-4EAA-83D3-51A3DBEBB7BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6722DE90-BF4F-41D4-977F-747F42960D7D}" = protocol=6 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"{68CDE297-95DA-4DAB-BD1E-EBA5DB4CDB2D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{6BD7C4AA-2711-4AFA-ABE7-8EDA8F8658C4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7247D27A-E634-4345-BA65-E018D0736EF3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{73FD590E-DB46-44C5-AA15-50621DEFDA3D}" = protocol=6 | dir=in | app=c:\program files\dvdvideosofttoolbar\dtuser.exe | 
"{7A36779E-40E6-4660-8019-86ED4AF93C5D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{7B087EF4-5680-48CF-8700-E36860DA4819}" = protocol=17 | dir=in | app=c:\program files\dvdvideosofttoolbar\dtuser.exe | 
"{7BCB57B4-4C01-471E-9BAC-7FEAAF9C9916}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7FC7A608-AC76-4079-878C-429630C2D7BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8262F08C-6B35-4824-9C49-23452388509E}" = protocol=58 | dir=in | app=system | 
"{8581969A-19FA-479B-81A2-A3642B65D349}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{85A04D3F-43D5-485D-BF06-CBD890800AE5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{86A57A34-C77A-4BD6-B4F2-6FB0A850849C}" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.patch.exe | 
"{8836F2E4-FBFF-4C2C-9A53-08DC81F9C5FC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{8CCBC600-E9FE-40A7-B417-B83B5746AA48}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{9004B553-7A14-44A9-BE1E-636CB81A9BEF}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{9D94A85A-20ED-480C-9678-8B5859A80D7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9FFB9C2C-731A-4A79-BB8B-7A6DBD59BD97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A30B2B40-31B9-462B-A2EA-A13DEB29684E}" = protocol=6 | dir=in | app=c:\users\user\downloads\audioconverter_setup(2).exe | 
"{A4A42F0E-FAD8-423D-8D28-2E0ED1ACABF5}" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.exe | 
"{A6A919D6-D73F-4465-9E7B-38900B02669B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AA8B5375-E127-43E6-B957-AD22A3A73F08}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{AB6B562A-55EA-4E22-B6FD-1199E77B928A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{AD847F00-BEA5-44EC-9843-4D5A8BA9C513}" = protocol=6 | dir=out | app=system | 
"{B044FFC8-25BD-45FB-8906-B4C664E5AA61}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3B185B4-DA03-4A89-873A-B72FE99D1BFC}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{B4110C65-CD34-4633-8C87-988B787E85D3}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{B83BBC01-2B09-49E2-802C-DD63ECC9D9F6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{BC7A6D33-61C3-4F2A-9680-43EEDE7BC356}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{BD3927EA-32C9-4B4C-A4D3-AEAD30CF635A}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{BE2662D0-85E0-46C6-96B5-728A411E3B00}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{BEBCB015-3699-407B-AF8E-FCAD53785C11}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{C2FCA2CC-9A40-4E76-8D5A-28CC68CCB091}" = protocol=17 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe | 
"{C32F2B04-16B4-4A6C-B97D-397887C0418E}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"{C3ACCE8A-5E1F-4B80-B716-07C253648868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6A90593-67DA-4399-8A74-1524D6A3AF29}" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.exe | 
"{CAE017DE-96C7-4325-95D6-4D28D0CB4E69}" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.patch.exe | 
"{CEF517E1-D6B8-4A44-B9B8-8B90A2109C83}" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.patch.exe | 
"{D0FF7BB2-00E8-48A1-9051-1C8C2FEE22EC}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{D311B642-C173-41AD-9D63-B3302D1A57DE}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{DCE78D9F-4463-49B2-9DAE-C5C201A97EFA}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{E01BA4C8-0BEC-46B8-871D-C2869801F47B}" = protocol=17 | dir=in | app=c:\users\user\downloads\audioconverter_setup(2).exe | 
"{E1FD4910-56E5-444E-8F48-456520D18770}" = protocol=6 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe | 
"{E2023BEB-485E-45F6-B22F-D4A6A61DD359}" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{E37FF0EA-1CFE-4A4C-9D48-6FACEAF02D3A}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{E5A4ED21-C344-4E16-91AA-C064037B62B9}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{E5A7AF7B-D8FF-4991-9061-18C967BE826E}" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{EC2B26DF-740F-4926-B3AA-D15E7D92E4A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F0B39AE5-E229-4C8A-86B5-CBCDE77B61B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F526C96C-5560-4D4A-B946-893991EB1535}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F58DE72A-5F92-49A9-88F8-2B4C5A4E31A9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{FC7828A4-386E-4492-961F-793C752293FB}" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{052403D3-1D44-42E8-ACC9-C922C85DFB80}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{08270A47-11AD-4BE7-81F7-54E508373D6E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{11AD4EB7-23B4-48A4-AAFB-DDDD2C6F294B}C:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe | 
"TCP Query User{1D70191E-99FA-4AE0-8E72-CE559CFDF48E}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"TCP Query User{1F455C08-F01B-4593-A221-E68C7024AB9B}C:\program files\prettymaybasic\prettymay.exe" = protocol=6 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"TCP Query User{211F76A6-21C0-4314-BA95-375E4F21574C}F:\world of warcraft 1\launcher.patch.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\launcher.patch.exe | 
"TCP Query User{349A0034-86B2-4C86-A8B8-9CCAB3FBC528}D:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{383840F8-18A3-48F8-A856-B1134679EBF8}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{414EBF0A-8198-4A19-BB93-6A495603BD79}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"TCP Query User{45DF059F-FBF4-47FC-89B6-29150F72740E}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{496F905C-8AFF-46B5-B79C-AA0D6918002E}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"TCP Query User{4C0BBF61-971F-4168-9312-1A7F1823D6CE}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{5D7A01FC-9C8C-4199-825E-609404EEAAB6}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{6B1225D6-898A-47D0-8A9E-90C5C92C8D3D}F:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{6D937413-E0E8-4148-8562-1C41A6AABDED}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{7041B0CA-AFBA-484D-B549-4B4B8FC68C79}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"TCP Query User{729F2CAA-7C36-4290-8E05-215B253DAD2B}C:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"TCP Query User{7869C16E-7158-45C1-BDEC-055197FF34A1}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"TCP Query User{7FDCE5B6-3673-49E2-978F-B8D86BBBCE6F}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{88E6D92A-4C14-4D78-AB9D-3B3B56C146E0}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{A3F23D8C-82C7-4642-9069-103A6A937E21}C:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"TCP Query User{A75A6418-A616-4B4A-B25A-5D599537CD25}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{AA7B47E1-05E5-45CA-9044-1E14B9E6C4B5}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"TCP Query User{AC628CC7-4378-44AE-AEF1-E2E7F78DF1EE}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{AEB12D6E-A0DB-47A6-894E-402515321EE2}F:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{B0F89C1E-BF52-425B-85CA-6A0FF5BB7721}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{B1D5F5EE-8F8F-4736-B9BF-815B985D52C8}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{B48D924C-F7DB-4292-8AF1-C30DDAC20A31}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{B4D27E42-C945-4D74-A957-D347E9049B7D}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{B5F069E8-EEF6-46C6-A65F-CE45334A0013}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"TCP Query User{CF780C53-5EF7-4D04-9F70-AB1FD64264C0}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"TCP Query User{E2BEF478-0365-412E-9623-89C034642F90}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"TCP Query User{E45AFBDA-6D22-42B1-94AB-BAF96F573B5B}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 
"TCP Query User{E6A08B8E-5EDC-47FC-817B-415A3AE2C68B}D:\world of warcraft\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{EBD33C73-CAA0-4F3D-93B1-1537583F3E11}F:\world of warcraft 1\launcher.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
"TCP Query User{EC077C06-6357-4765-84C8-AB570DE96989}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"TCP Query User{F1E0D0F4-F3A3-4C73-916E-C9E5A2A567D5}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{F4ED224C-96DF-4790-894A-EB0157AC0260}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{F52B1F52-3BCB-4FA6-B298-44187FF9B85D}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"TCP Query User{F74F569A-A073-492D-8F15-84E36272638C}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"UDP Query User{048489F3-D172-4A5E-98A8-B08040972D16}D:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{07841906-C7D6-4E0A-91C0-A8652DDB43D0}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{08A4E1E5-50CA-47F6-8C8D-284BC26F7EC3}C:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe | 
"UDP Query User{0C088D93-5C59-4C0D-958F-F58633ECCA43}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{0E104FA0-363B-48B9-8211-02FE1548526C}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"UDP Query User{20B4A484-2F8E-4761-8F62-AB2BC00B82F0}F:\world of warcraft 1\launcher.patch.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\launcher.patch.exe | 
"UDP Query User{2423E96F-4132-42D2-AAE4-5180C5212215}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"UDP Query User{2C73BA71-2310-4466-A0C6-E2F78B1C14C5}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"UDP Query User{3C16588A-F034-4DC7-9EE6-07E3C8827FEB}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{3CF28737-B0FA-4ED2-86AA-7A47A6F4EF64}C:\program files\prettymaybasic\prettymay.exe" = protocol=17 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"UDP Query User{498899E1-4DCD-4857-A529-C71B8B27D7DC}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"UDP Query User{4AE22E10-D105-4C2F-8528-65E9B9BD34C2}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"UDP Query User{5032EFDB-3036-4158-87DA-B9723538AC65}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{5A046992-E3CB-4CBA-B185-F7C942A02127}C:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"UDP Query User{5C443027-4137-49EC-83D8-73D66D2F710E}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"UDP Query User{607040B3-D81F-4D72-AE4B-7621822F43A7}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"UDP Query User{65A82FCA-A52A-4269-8F6F-E482A1AE1BF9}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{680CC033-786E-4C6A-ADEF-0D4A656BE69F}C:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"UDP Query User{6BED1D77-3037-4E75-A69F-CED42B2C2EE2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{6E41EE68-B134-47DF-80AA-353EB1453B02}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{863B56EB-68AD-4C56-AFAA-80B21F326087}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{8B05FA58-7AD0-4072-8098-9F2A8CAE6865}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{8BB9A4AE-0D30-47B0-A313-B13EC11A5146}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{8F8340BA-9652-4820-8F66-9721F17A2470}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{9543A2DE-1A08-4191-8158-0A0648318331}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"UDP Query User{A706D8D8-C137-4667-AFCB-4FDF6FD03BD6}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{BC20D295-DA41-4C63-B010-8F369D3F24CB}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{BD2BCAF3-AA83-4E16-8D2F-2E3FC95EC900}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{C1A04F2D-356B-4ED8-AC3B-EBBE0BA49324}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"UDP Query User{C2F07296-DFDB-4E0A-AB6E-31D18CA3D39F}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{C478B475-C361-43A5-9B38-DAF9F1526A1A}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"UDP Query User{CD308447-38E7-4E40-B4F7-81F5DEECB53C}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{D77B2917-AEA1-49D0-B8AE-8743EADF1A77}F:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{D7C8D59B-6961-43D7-8FE9-6DBB5DA704D6}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"UDP Query User{DA9C1411-5C75-46E9-8A10-E4210888115C}D:\world of warcraft\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{DD436CC3-88ED-42D0-A105-AF68C1AA94EF}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 
"UDP Query User{DD5F5B14-7032-499C-A78B-EF69898BF184}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"UDP Query User{E0CDCB2C-329E-4D2F-BE09-383A52A23C53}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{ED91E705-A9C5-429F-9F96-71C5308194AD}F:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{F6370810-1E80-4FA9-99D1-B71740ECA6CA}F:\world of warcraft 1\launcher.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0a942b37-2a6f-4b9f-9470-0d1d3d2de196}" = Nero 9 Essentials
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = Die Sims™ 3 Diesel Accessoires
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11807553}" = Hotel Dash Suite Success
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = Die Sims™ 3 Supernatural
"{B4CB2C34-E745-4063-9CD6-F54D46F7F4FE}" = Nitro PDF Reader 2
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Creative Removable Disk Manager" = Creative-Manager für Wechseldatenträger
"Defraggler" = Defraggler
"Deponia 2" = Chaos auf Deponia
"DivX Setup" = DivX-Setup
"dvdvideosofttoolbar" = DVD Video Soft Toolbar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"houseworx_is1" = houseworx
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"Logitech Vid" = Logitech Vid HD
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX_{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Picasa 3" = Picasa 3
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.16.2.6
"SysInfo" = Creative-Systeminformationen
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ThumbsPlus 3.21" = ThumbsPlus Version 3.21-R
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
"ZENcast Organizer" = ZENcast Organizer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.12.2012 23:52:51 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5788
 
Error - 08.12.2012 23:52:51 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5788
 
Error - 08.12.2012 23:52:52 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.12.2012 23:52:52 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6786
 
Error - 08.12.2012 23:52:52 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6786
 
Error - 08.12.2012 23:52:53 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.12.2012 23:52:53 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7800
 
Error - 08.12.2012 23:52:53 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7800
 
Error - 09.12.2012 10:03:22 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.17.3:5353   32 3.17.168.192.in-addr.arpa.
 PTR iPhone-von-Daniel-Erhart.local.
 
Error - 09.12.2012 10:03:24 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   16 3.17.168.192.in-addr.arpa.
 PTR manuu-PC.local.
 
[ Media Center Events ]
Error - 28.09.2010 08:21:23 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 14:21:23 - Fehler beim Herstellen der Internetverbindung.  14:21:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.09.2010 08:21:55 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 14:21:52 - Fehler beim Herstellen der Internetverbindung.  14:21:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.09.2010 09:22:27 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 15:22:27 - Fehler beim Herstellen der Internetverbindung.  15:22:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.09.2010 09:22:57 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 15:22:56 - Fehler beim Herstellen der Internetverbindung.  15:22:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.10.2010 04:37:39 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 10:37:35 - Fehler beim Herstellen der Internetverbindung.  10:37:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.10.2010 07:18:23 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 13:18:19 - Fehler beim Herstellen der Internetverbindung.  13:18:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.11.2010 08:08:03 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 13:08:00 - Fehler beim Herstellen der Internetverbindung.  13:08:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.11.2010 08:08:55 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 13:08:38 - Fehler beim Herstellen der Internetverbindung.  13:08:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 08.12.2012 20:13:42 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.12.2012 20:54:18 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.12.2012 22:11:14 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.12.2012 22:14:18 | Computer Name = manuu-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.12.2012 09:19:59 | Computer Name = manuu-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.12.2012 09:19:59 | Computer Name = manuu-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.12.2012 09:20:00 | Computer Name = manuu-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.12.2012 10:03:21 | Computer Name = manuu-PC | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.17.3 
mit dem Computer mit der  Netzwerkhardwareadresse 7C-6D-62-39-22-84 ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
Error - 09.12.2012 10:03:35 | Computer Name = manuu-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 09.12.2012 10:11:48 | Computer Name = manuu-PC | Source = DCOM | ID = 10000
Description = 
 
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.12.2012 16:16:46 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,59% Memory free
4,00 Gb Paging File | 2,78 Gb Available in Paging File | 69,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 240,67 Gb Total Space | 42,47 Gb Free Space | 17,65% Space Free | Partition Type: NTFS
Drive D: | 225,00 Gb Total Space | 33,52 Gb Free Space | 14,90% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465,76 Gb Total Space | 198,64 Gb Free Space | 42,65% Space Free | Partition Type: NTFS
 
Computer Name: MANUU-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Users\User\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Steam\sdl.dll ()
MOD - C:\Programme\Steam\bin\libcef.dll ()
MOD - C:\Programme\Steam\bin\chromehtml.dll ()
MOD - C:\Programme\Steam\bin\avutil-51.dll ()
MOD - C:\Programme\Steam\bin\avformat-53.dll ()
MOD - C:\Programme\Steam\bin\avcodec-53.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
MOD - C:\Programme\Creative\Sync Manager Unicode\CTSyncRs.crl ()
MOD - C:\Programme\Common Files\Adobe\Shell\psicon.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cpuz132) -- C:\Users\User\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\LVUVC.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD 2A 9E 8C EC 00 CB 01  [binary data]
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\URLSearchHook: {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1006\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.order.1: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227980&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\User\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.14 17:54:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.08 15:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.02 13:27:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 11:47:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\User\Program Files\DNA [2012.12.09 16:14:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.02 13:27:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 11:47:23 | 000,000,000 | ---D | M]
 
[2010.05.31 18:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.12.08 15:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions
[2011.06.02 18:06:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.11.17 18:59:19 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012.11.07 21:11:06 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.10.30 13:02:46 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.11.23 13:43:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.11.19 17:23:19 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\crossriderapp5060@crossrider.com
[2012.10.07 17:07:17 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\fbdislike@doweb.fr
[2012.09.15 19:13:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\ich@maltegoetz.de
[2012.09.12 14:23:14 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\specialsavings@superfish.com
[2012.11.19 17:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode
[2012.10.07 17:07:16 | 000,215,605 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\extensions\fbdislike@doweb.fr.xpi
[2012.12.07 14:14:39 | 000,035,624 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.23 13:43:03 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010.05.31 20:09:46 | 000,001,819 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\bing.xml
[2010.08.08 18:44:12 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\bProtect.xml
[2010.08.08 18:44:12 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\conduit.xml
[2012.12.08 13:18:36 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin-1.xml
[2012.02.07 13:56:09 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin-2.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin.xml
[2010.08.05 16:09:41 | 000,002,057 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\youtube-videosuche.xml
[2010.05.31 18:21:26 | 000,004,140 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\youtube.xml
[2012.11.22 15:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.02 13:27:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.12.07 13:52:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DVD Video Soft Toolbar) - {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (DVD Video Soft Toolbar) - {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [BitTorrent DNA] C:\Users\User\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3593604086-429341408-3109665741-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{322C8882-CB42-4C6F-8D80-95B407A70B65}: DhcpNameServer = 194.183.128.35 194.183.128.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80308457-6C55-456A-B170-30378499DEDA}: DhcpNameServer = 194.48.139.254 194.48.124.200
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~2\PCPERF~1\22558~1.177\{16CDF~1\%Protector Process Name%.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.08 22:07:45 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MAGIX
[2012.12.08 22:06:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\MAGIX
[2012.12.08 22:06:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Xara
[2012.12.08 22:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.12.08 22:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2012.12.08 22:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.12.08 22:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2012.12.08 15:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.12.08 15:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.12.07 13:56:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.07 13:56:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.07 13:52:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2012.12.07 13:32:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.07 13:32:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.07 13:32:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.07 13:32:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.07 13:30:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.07 13:18:42 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012.12.06 01:24:34 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Grumpy Cat !
[2012.12.04 20:40:18 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\wichtig
[2012.11.30 16:51:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.11.27 19:33:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.11.27 19:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.27 19:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.27 19:29:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.27 19:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.22 17:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.22 17:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.11.22 15:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.11.20 23:40:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NVIDIA
[2012.11.19 14:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.11.19 13:49:44 | 002,557,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2012.11.19 13:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.11.16 13:34:47 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.16 13:34:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.16 13:33:05 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.16 13:32:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.16 13:32:52 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.15 21:30:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.15 21:30:48 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.15 21:30:47 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.15 21:30:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.15 21:30:41 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.15 21:25:16 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.15 21:25:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.15 00:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012.11.15 00:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.11.15 00:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012.11.14 22:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.11.14 17:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.14 17:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.14 17:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.11.14 17:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.11.14 17:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.09 16:20:24 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 16:20:24 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 16:13:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.09 16:13:06 | 1609,371,648 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.09 15:41:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.09 15:11:37 | 000,434,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.08 22:06:22 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Foto & Grafik Designer 6 SE.lnk
[2012.12.07 21:16:15 | 000,540,743 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012.12.07 13:52:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.07 13:20:05 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012.11.30 16:51:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.11.22 15:22:15 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 14:05:31 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.16 14:05:30 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.16 13:46:52 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.16 13:46:52 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.16 13:46:52 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.16 13:46:52 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 00:11:58 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.11.14 22:18:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
 
========== Files Created - No Company Name ==========
 
[2012.12.08 22:06:22 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Foto & Grafik Designer 6 SE.lnk
[2012.12.07 21:15:58 | 000,540,743 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012.12.07 13:32:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.07 13:32:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.07 13:32:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.07 13:32:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.07 13:32:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.22 15:22:15 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.22 15:22:15 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 13:35:01 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 13:32:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 00:11:58 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.06.30 14:04:27 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2011.09.15 17:13:14 | 004,762,808 | ---- | C] () -- C:\Users\User\Casper- Michael X.mp3
[2011.09.15 17:13:14 | 004,494,472 | ---- | C] () -- C:\Users\User\Casper - So perfekt.mp3
[2011.07.02 02:13:10 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.04.01 06:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.04.01 06:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.04.01 06:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.04.01 05:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.03.22 22:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.10.01 20:25:49 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.09.11 18:15:25 | 000,000,099 | ---- | C] () -- C:\Users\User\jagex_runescape_preferences2.dat
[2010.09.11 18:14:15 | 000,000,046 | ---- | C] () -- C:\Users\User\jagex_runescape_preferences.dat
[2010.06.16 22:33:13 | 000,000,157 | ---- | C] () -- C:\Users\User\AppData\Roaming\default.rss
[2010.06.01 20:02:18 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:30376ACC
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

--- --- ---

Belatucradus · 09.12.2012, 16:48

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.12.2012 16:16:46 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,59% Memory free
4,00 Gb Paging File | 2,78 Gb Available in Paging File | 69,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 240,67 Gb Total Space | 42,47 Gb Free Space | 17,65% Space Free | Partition Type: NTFS
Drive D: | 225,00 Gb Total Space | 33,52 Gb Free Space | 14,90% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465,76 Gb Total Space | 198,64 Gb Free Space | 42,65% Space Free | Partition Type: NTFS
 
Computer Name: MANUU-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Users\User\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Steam\sdl.dll ()
MOD - C:\Programme\Steam\bin\libcef.dll ()
MOD - C:\Programme\Steam\bin\chromehtml.dll ()
MOD - C:\Programme\Steam\bin\avutil-51.dll ()
MOD - C:\Programme\Steam\bin\avformat-53.dll ()
MOD - C:\Programme\Steam\bin\avcodec-53.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
MOD - C:\Programme\Creative\Sync Manager Unicode\CTSyncRs.crl ()
MOD - C:\Programme\Common Files\Adobe\Shell\psicon.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cpuz132) -- C:\Users\User\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\LVUVC.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD 2A 9E 8C EC 00 CB 01  [binary data]
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\URLSearchHook: {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1006\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.order.1: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227980&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\User\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.14 17:54:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.08 15:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.02 13:27:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 11:47:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\User\Program Files\DNA [2012.12.09 16:14:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.02 13:27:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 11:47:23 | 000,000,000 | ---D | M]
 
[2010.05.31 18:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.12.08 15:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions
[2011.06.02 18:06:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.11.17 18:59:19 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012.11.07 21:11:06 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.10.30 13:02:46 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.11.23 13:43:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.11.19 17:23:19 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\crossriderapp5060@crossrider.com
[2012.10.07 17:07:17 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\fbdislike@doweb.fr
[2012.09.15 19:13:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\ich@maltegoetz.de
[2012.09.12 14:23:14 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\specialsavings@superfish.com
[2012.11.19 17:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode
[2012.10.07 17:07:16 | 000,215,605 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\extensions\fbdislike@doweb.fr.xpi
[2012.12.07 14:14:39 | 000,035,624 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.23 13:43:03 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010.05.31 20:09:46 | 000,001,819 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\bing.xml
[2010.08.08 18:44:12 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\bProtect.xml
[2010.08.08 18:44:12 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\conduit.xml
[2012.12.08 13:18:36 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin-1.xml
[2012.02.07 13:56:09 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin-2.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin.xml
[2010.08.05 16:09:41 | 000,002,057 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\youtube-videosuche.xml
[2010.05.31 18:21:26 | 000,004,140 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\youtube.xml
[2012.11.22 15:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.02 13:27:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.12.07 13:52:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DVD Video Soft Toolbar) - {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (DVD Video Soft Toolbar) - {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [BitTorrent DNA] C:\Users\User\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3593604086-429341408-3109665741-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{322C8882-CB42-4C6F-8D80-95B407A70B65}: DhcpNameServer = 194.183.128.35 194.183.128.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80308457-6C55-456A-B170-30378499DEDA}: DhcpNameServer = 194.48.139.254 194.48.124.200
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~2\PCPERF~1\22558~1.177\{16CDF~1\%Protector Process Name%.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.08 22:07:45 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MAGIX
[2012.12.08 22:06:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\MAGIX
[2012.12.08 22:06:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Xara
[2012.12.08 22:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.12.08 22:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2012.12.08 22:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.12.08 22:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2012.12.08 15:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.12.08 15:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.12.07 13:56:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.07 13:56:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.07 13:52:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2012.12.07 13:32:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.07 13:32:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.07 13:32:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.07 13:32:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.07 13:30:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.07 13:18:42 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012.12.06 01:24:34 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Grumpy Cat !
[2012.12.04 20:40:18 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\wichtig
[2012.11.30 16:51:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.11.27 19:33:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.11.27 19:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.27 19:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.27 19:29:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.27 19:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.22 17:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.22 17:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.11.22 15:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.11.20 23:40:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NVIDIA
[2012.11.19 14:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.11.19 13:49:44 | 002,557,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2012.11.19 13:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.11.16 13:34:47 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.16 13:34:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.16 13:33:05 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.16 13:32:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.16 13:32:52 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.15 21:30:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.15 21:30:48 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.15 21:30:47 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.15 21:30:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.15 21:30:41 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.15 21:25:16 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.15 21:25:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.15 00:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012.11.15 00:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.11.15 00:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012.11.14 22:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.11.14 17:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.14 17:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.14 17:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.11.14 17:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.11.14 17:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.09 16:20:24 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 16:20:24 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 16:13:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.09 16:13:06 | 1609,371,648 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.09 15:41:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.09 15:11:37 | 000,434,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.08 22:06:22 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Foto & Grafik Designer 6 SE.lnk
[2012.12.07 21:16:15 | 000,540,743 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012.12.07 13:52:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.07 13:20:05 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012.11.30 16:51:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.11.22 15:22:15 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 14:05:31 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.16 14:05:30 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.16 13:46:52 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.16 13:46:52 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.16 13:46:52 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.16 13:46:52 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 00:11:58 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.11.14 22:18:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
 
========== Files Created - No Company Name ==========
 
[2012.12.08 22:06:22 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Foto & Grafik Designer 6 SE.lnk
[2012.12.07 21:15:58 | 000,540,743 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012.12.07 13:32:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.07 13:32:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.07 13:32:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.07 13:32:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.07 13:32:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.22 15:22:15 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.22 15:22:15 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 13:35:01 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 13:32:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 00:11:58 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.06.30 14:04:27 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2011.09.15 17:13:14 | 004,762,808 | ---- | C] () -- C:\Users\User\Casper- Michael X.mp3
[2011.09.15 17:13:14 | 004,494,472 | ---- | C] () -- C:\Users\User\Casper - So perfekt.mp3
[2011.07.02 02:13:10 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.04.01 06:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.04.01 06:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.04.01 06:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.04.01 05:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.03.22 22:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.10.01 20:25:49 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.09.11 18:15:25 | 000,000,099 | ---- | C] () -- C:\Users\User\jagex_runescape_preferences2.dat
[2010.09.11 18:14:15 | 000,000,046 | ---- | C] () -- C:\Users\User\jagex_runescape_preferences.dat
[2010.06.16 22:33:13 | 000,000,157 | ---- | C] () -- C:\Users\User\AppData\Roaming\default.rss
[2010.06.01 20:02:18 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:30376ACC
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

--- --- ---

cosinus · 09.12.2012, 18:08

Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Belatucradus · 09.12.2012, 20:44

Hallo, cosinus.
Hier die logfile:

Code:

ATTFilter

# AdwCleaner v2.011 - Datei am 09/12/2012 um 20:41:31 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : User - MANUU-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~2\PCPERF~1\22558~1.177\{16CDF~1\%Protector
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\bProtector
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

-\\ Google Chrome v21.0.1180.79

*************************

AdwCleaner[R1].txt - [20722 octets] - [07/12/2012 21:18:28]
AdwCleaner[R2].txt - [1122 octets] - [09/12/2012 20:41:31]
AdwCleaner[S1].txt - [20032 octets] - [09/12/2012 16:10:37]

cosinus · 10.12.2012, 11:54

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Belatucradus · 10.12.2012, 19:27

Hallo & Cosinus, und danke
Hier die files:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.12.2012 18:24:15 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,01% Memory free
4,00 Gb Paging File | 2,81 Gb Available in Paging File | 70,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 240,67 Gb Total Space | 53,24 Gb Free Space | 22,12% Space Free | Partition Type: NTFS
Drive D: | 225,00 Gb Total Space | 28,92 Gb Free Space | 12,85% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465,76 Gb Total Space | 198,64 Gb Free Space | 42,65% Space Free | Partition Type: NTFS
 
Computer Name: MANUU-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Users\User\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Steam\sdl.dll ()
MOD - C:\Programme\Steam\bin\libcef.dll ()
MOD - C:\Programme\Steam\bin\chromehtml.dll ()
MOD - C:\Programme\Steam\bin\avutil-51.dll ()
MOD - C:\Programme\Steam\bin\avformat-53.dll ()
MOD - C:\Programme\Steam\bin\avcodec-53.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
MOD - C:\Programme\Creative\Sync Manager Unicode\CTSyncRs.crl ()
MOD - C:\Programme\Common Files\Adobe\Shell\psicon.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cpuz132) -- C:\Users\User\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\LVUVC.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD 2A 9E 8C EC 00 CB 01  [binary data]
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\URLSearchHook: {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1006\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.order.1: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227980&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\User\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.14 17:54:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.08 15:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.02 13:27:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 11:47:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\User\Program Files\DNA [2012.12.10 18:22:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.02 13:27:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 11:47:23 | 000,000,000 | ---D | M]
 
[2010.05.31 18:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.12.08 15:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions
[2011.06.02 18:06:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.11.17 18:59:19 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012.11.07 21:11:06 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.10.30 13:02:46 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.11.23 13:43:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.11.19 17:23:19 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\crossriderapp5060@crossrider.com
[2012.10.07 17:07:17 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\fbdislike@doweb.fr
[2012.09.15 19:13:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\ich@maltegoetz.de
[2012.12.09 16:32:42 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\specialsavings@superfish.com
[2012.11.19 17:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode
[2012.10.07 17:07:16 | 000,215,605 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\extensions\fbdislike@doweb.fr.xpi
[2012.12.07 14:14:39 | 000,035,624 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.23 13:43:03 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010.05.31 20:09:46 | 000,001,819 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\bing.xml
[2010.08.08 18:44:12 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\bProtect.xml
[2010.08.08 18:44:12 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\conduit.xml
[2012.12.08 13:18:36 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin-1.xml
[2012.02.07 13:56:09 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin-2.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin.xml
[2010.08.05 16:09:41 | 000,002,057 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\youtube-videosuche.xml
[2010.05.31 18:21:26 | 000,004,140 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\youtube.xml
[2012.11.22 15:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.14 17:54:34 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.12.02 13:27:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.12.07 13:52:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DVD Video Soft Toolbar) - {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (DVD Video Soft Toolbar) - {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [BitTorrent DNA] C:\Users\User\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3593604086-429341408-3109665741-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{322C8882-CB42-4C6F-8D80-95B407A70B65}: DhcpNameServer = 194.183.128.35 194.183.128.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80308457-6C55-456A-B170-30378499DEDA}: DhcpNameServer = 194.48.139.254 194.48.124.200
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (Process Name%.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.09 16:31:37 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\iMacros
[2012.12.08 22:07:45 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MAGIX
[2012.12.08 22:06:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\MAGIX
[2012.12.08 22:06:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Xara
[2012.12.08 22:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.12.08 22:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2012.12.08 22:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.12.08 22:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2012.12.08 15:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.12.08 15:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.12.07 13:56:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.07 13:56:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.07 13:52:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2012.12.07 13:32:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.07 13:32:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.07 13:32:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.07 13:32:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.07 13:30:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.07 13:18:42 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012.12.06 01:24:34 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Grumpy Cat !
[2012.12.04 20:40:18 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\wichtig
[2012.11.30 16:51:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.11.27 19:33:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.11.27 19:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.27 19:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.27 19:29:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.27 19:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.22 17:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.22 17:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.11.22 15:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.11.20 23:40:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NVIDIA
[2012.11.19 14:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.11.19 13:49:44 | 002,557,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2012.11.19 13:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.11.16 13:34:47 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.16 13:34:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.16 13:33:05 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.16 13:32:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.16 13:32:52 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.15 21:30:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.15 21:30:48 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.15 21:30:47 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.15 21:30:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.15 21:30:41 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.15 21:25:16 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.15 21:25:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.15 00:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012.11.15 00:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.11.15 00:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012.11.14 22:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.11.14 17:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.14 17:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.14 17:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.11.14 17:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.11.14 17:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.10 18:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.10 18:21:54 | 1609,371,648 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.10 18:19:28 | 000,545,819 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012.12.10 17:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.10 15:26:18 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.10 15:26:18 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 15:11:37 | 000,434,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.08 22:06:22 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Foto & Grafik Designer 6 SE.lnk
[2012.12.07 13:52:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.07 13:20:05 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012.11.30 16:51:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.11.22 15:22:15 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 14:05:31 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.16 14:05:30 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.16 13:46:52 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.16 13:46:52 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.16 13:46:52 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.16 13:46:52 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 00:11:58 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.11.14 22:18:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
 
========== Files Created - No Company Name ==========
 
[2012.12.10 18:19:23 | 000,545,819 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012.12.08 22:06:22 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Foto & Grafik Designer 6 SE.lnk
[2012.12.07 13:32:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.07 13:32:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.07 13:32:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.07 13:32:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.07 13:32:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.22 15:22:15 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.22 15:22:15 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 13:35:01 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 13:32:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 00:11:58 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.06.30 14:04:27 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2011.09.15 17:13:14 | 004,762,808 | ---- | C] () -- C:\Users\User\Casper- Michael X.mp3
[2011.09.15 17:13:14 | 004,494,472 | ---- | C] () -- C:\Users\User\Casper - So perfekt.mp3
[2011.07.02 02:13:10 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.04.01 06:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.04.01 06:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.04.01 06:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.04.01 05:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.03.22 22:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.10.01 20:25:49 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.09.11 18:15:25 | 000,000,099 | ---- | C] () -- C:\Users\User\jagex_runescape_preferences2.dat
[2010.09.11 18:14:15 | 000,000,046 | ---- | C] () -- C:\Users\User\jagex_runescape_preferences.dat
[2010.06.16 22:33:13 | 000,000,157 | ---- | C] () -- C:\Users\User\AppData\Roaming\default.rss
[2010.06.01 20:02:18 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:30376ACC
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

--- --- ---

-

Code:

ATTFilter

# AdwCleaner v2.100 - Datei am 10/12/2012 um 18:20:19 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : User - MANUU-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~2\PCPERF~1\22558~1.177\{16CDF~1\%Protector
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\bProtector
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\Software\SweetIM

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

-\\ Google Chrome v21.0.1180.79

*************************

AdwCleaner[R1].txt - [20722 octets] - [07/12/2012 21:18:28]
AdwCleaner[R2].txt - [1312 octets] - [09/12/2012 20:41:31]
AdwCleaner[S1].txt - [20032 octets] - [09/12/2012 16:10:37]
AdwCleaner[S2].txt - [1333 octets] - [10/12/2012 18:20:19]

########## EOF - C:\AdwCleaner[S2].txt - [1393 octets] ##########

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10.12.2012 18:24:15 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,01% Memory free
4,00 Gb Paging File | 2,81 Gb Available in Paging File | 70,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 240,67 Gb Total Space | 53,24 Gb Free Space | 22,12% Space Free | Partition Type: NTFS
Drive D: | 225,00 Gb Total Space | 28,92 Gb Free Space | 12,85% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465,76 Gb Total Space | 198,64 Gb Free Space | 42,65% Space Free | Partition Type: NTFS
 
Computer Name: MANUU-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02350A75-070B-4EFB-A07B-EABC6F42CC3B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{04FE09EA-910C-463B-B0FF-4748094B67EC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0FE7B969-B5F9-48EC-9820-8E023BB50F34}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{11397179-D745-425F-AFAC-24392CE21BAF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{145D420A-6BA4-429E-BDD1-0076535C3BC1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1F35AB04-9D4E-46D1-852B-6DA325D82D7C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2CC6EA18-8BF8-406A-96C1-93AB4F4AFCDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{33AE105F-294D-4224-95B1-A74116600371}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3FE3EEB0-0B51-4B9F-BF95-7AC9F45BA2EC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4297E87E-EEC8-4038-9B25-EE37ECB192DE}" = lport=54005 | protocol=6 | dir=in | name=akamai netsession interface | 
"{42B3C211-C17F-4425-B589-57DF8EA36EBE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{447E6C30-AAAC-49A7-8ED6-D4BF67A3FCC2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4E5D9453-E13C-469D-98AD-BFC51252FB91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{577F3C01-D4D4-4B27-858F-FDA5CCA403EB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{61A1CEBD-E33C-41D7-8249-583AB5407661}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7165D842-5D97-4012-BC6F-452283598233}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74AA94BE-AB17-4EE4-954E-47EBED24F3D7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{808939EA-B172-497D-9F0C-C1A480F4CC52}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E37CFE0-47D6-4F6D-9161-FDD7C72A3099}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{976337A9-58FE-4CF5-B71E-9847C314A0E9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9BE052C6-0F65-4418-9AB3-C9FC5C6B1843}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A6C8B5C1-4877-4C8E-909C-67ADF1DEF486}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AF988FE6-C0FB-4565-9108-975BB7D3B8B0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BD970FC8-097D-44D8-AA04-C8AA39BFC4E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BE46AF4A-245E-4091-840C-4B11ED26C082}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C00660EB-A99B-431B-8316-CAB756955F54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C20E53B7-ECA8-4C90-910D-FD7D2B128BE0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C417F3FA-F294-4A2D-B4AF-96B0127220B5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CF50C6A8-74C9-40B8-AA62-2F4D230C9C0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D467F531-F6D2-4E51-86C3-7DF49E9FCA63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DEF27483-22CF-4DAD-AF3F-6EA19BDC0DB9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EBE649E8-2603-4D53-9B1F-5DAD8B959A6E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EDBA0EE7-30AD-482B-8172-8C89E78D4C15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EFBADF04-FE52-4C26-9B9A-7AA323BA6F1C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{F0D0BECD-B81D-4498-81FB-D3CED8AA9A6C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F7EFA886-270C-4253-9594-D1DC2251B0A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FFA7C060-5343-48DB-8B22-7B71C009BDD0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FE2B25-7205-47CE-AFBA-3965D4DEDBF3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{068F5F1D-A6F7-4449-BD30-B10AEF9BE7B0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{07C36032-5D43-4358-B9A0-9AD28212AC7D}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{0A625213-F957-4589-83EB-9D1E87F11E69}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{0C060538-554B-4489-AA3B-D39868301863}" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"{0E9D4784-25EA-4511-B020-BB72D41CAB7D}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{0F5CABDE-3544-4393-A7EE-59A876DEF441}" = protocol=17 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
"{1058327F-2192-4B3E-B70B-67B5F32F3C8F}" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.patch.exe | 
"{113B41E0-7325-40FE-ABA3-579E22985ABE}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{145EED5D-ADE4-45F4-8F9B-4021C040360F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1565B434-9365-4EE6-8570-33F3957EE5B5}" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"{16CF084C-BDDC-41EE-9180-806F432DCC86}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{17FF0A15-2B13-46C6-8FF2-7BDD02ACE434}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1840D0C5-0E65-45FD-B2C0-3CE9509FED38}" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.exe | 
"{19609836-6C8D-450A-A8D4-5F15635637D8}" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{1DD64930-C18A-43AB-A88E-C3297CF50560}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{225D3BF8-E7E6-413A-980B-52B1BF9384E9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2473CF2C-5EA0-4235-B2E8-ABAFA4CCE0BF}" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.exe | 
"{268E1E68-6EFC-44DB-9A4B-645DC83C0AAE}" = protocol=17 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"{2D9D18E9-BC3D-4445-9124-278864979636}" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{2FA411E8-A0D1-4EEE-8775-FBD82E8FC001}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3453B1EB-02F8-4426-9622-2A88379C495A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{34AC7C86-D929-4057-B788-07D300AD3156}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{36A6A2EF-1BE5-47FF-AA6B-FCBF4A75D7FA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{37AA4715-1C2C-4695-BE44-CC671E3F0B59}" = protocol=6 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
"{3C0DC04E-AB1F-45EB-AFB2-1DFCB416832C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C8C8279-73F6-4F90-B53E-3C738F86E1BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3D7ED40B-9AB9-4D7A-919F-7D1A1B881208}" = protocol=58 | dir=in | app=system | 
"{3E94AA2C-58A9-47A7-98A0-1C3CA99A47A1}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{413FCCED-2050-44D3-AC5E-FF46275504F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{467858CE-3373-488D-9040-22EEBA88438D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{49965159-D2BD-4AD2-9536-B9DC9EA19F18}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{49E9CD1A-7B26-4891-8D94-7E786B02B100}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{4C514851-E87D-4B0F-B02F-CE437BA30476}" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"{4CA4838B-DB80-4A9E-8946-D4936DD80CDF}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"{55E31247-D83F-4AEB-99CB-16D89DDC74CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{578C5543-06A4-4CB5-AD13-5F3DAF4F908F}" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"{59210A10-7EFD-4A46-95DB-D44CE4A88224}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A4F0906-61D2-4014-8191-D6FC796C7D33}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{5BB2EFBC-88C9-4AB5-B2C6-9FCB366073BF}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{5F4BFCBF-E7DA-49DF-8EB7-40DB2CAC6C86}" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"{63AFC118-4712-4F22-B701-A7A56FBCE3F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64A3F4CF-EBE2-4EAA-83D3-51A3DBEBB7BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6722DE90-BF4F-41D4-977F-747F42960D7D}" = protocol=6 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"{68CDE297-95DA-4DAB-BD1E-EBA5DB4CDB2D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{6BD7C4AA-2711-4AFA-ABE7-8EDA8F8658C4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7247D27A-E634-4345-BA65-E018D0736EF3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{73FD590E-DB46-44C5-AA15-50621DEFDA3D}" = protocol=6 | dir=in | app=c:\program files\dvdvideosofttoolbar\dtuser.exe | 
"{7A36779E-40E6-4660-8019-86ED4AF93C5D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{7B087EF4-5680-48CF-8700-E36860DA4819}" = protocol=17 | dir=in | app=c:\program files\dvdvideosofttoolbar\dtuser.exe | 
"{7BCB57B4-4C01-471E-9BAC-7FEAAF9C9916}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7FC7A608-AC76-4079-878C-429630C2D7BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8581969A-19FA-479B-81A2-A3642B65D349}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{85A04D3F-43D5-485D-BF06-CBD890800AE5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{86A57A34-C77A-4BD6-B4F2-6FB0A850849C}" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.patch.exe | 
"{8836F2E4-FBFF-4C2C-9A53-08DC81F9C5FC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{8CCBC600-E9FE-40A7-B417-B83B5746AA48}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{9004B553-7A14-44A9-BE1E-636CB81A9BEF}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{9D94A85A-20ED-480C-9678-8B5859A80D7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9FFB9C2C-731A-4A79-BB8B-7A6DBD59BD97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A22E8B50-E516-4294-B05D-BFAB107AA54E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{A30B2B40-31B9-462B-A2EA-A13DEB29684E}" = protocol=6 | dir=in | app=c:\users\user\downloads\audioconverter_setup(2).exe | 
"{A4A42F0E-FAD8-423D-8D28-2E0ED1ACABF5}" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.exe | 
"{A6A919D6-D73F-4465-9E7B-38900B02669B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB6B562A-55EA-4E22-B6FD-1199E77B928A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{AD847F00-BEA5-44EC-9843-4D5A8BA9C513}" = protocol=6 | dir=out | app=system | 
"{B044FFC8-25BD-45FB-8906-B4C664E5AA61}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3B185B4-DA03-4A89-873A-B72FE99D1BFC}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{B4110C65-CD34-4633-8C87-988B787E85D3}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{B83BBC01-2B09-49E2-802C-DD63ECC9D9F6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{BC7A6D33-61C3-4F2A-9680-43EEDE7BC356}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{BD3927EA-32C9-4B4C-A4D3-AEAD30CF635A}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{BE2662D0-85E0-46C6-96B5-728A411E3B00}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{BEBCB015-3699-407B-AF8E-FCAD53785C11}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{C2FCA2CC-9A40-4E76-8D5A-28CC68CCB091}" = protocol=17 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe | 
"{C32F2B04-16B4-4A6C-B97D-397887C0418E}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"{C3ACCE8A-5E1F-4B80-B716-07C253648868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6A90593-67DA-4399-8A74-1524D6A3AF29}" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.exe | 
"{CAE017DE-96C7-4325-95D6-4D28D0CB4E69}" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.patch.exe | 
"{CEF517E1-D6B8-4A44-B9B8-8B90A2109C83}" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.patch.exe | 
"{D0FF7BB2-00E8-48A1-9051-1C8C2FEE22EC}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{D311B642-C173-41AD-9D63-B3302D1A57DE}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{DCE78D9F-4463-49B2-9DAE-C5C201A97EFA}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{E01BA4C8-0BEC-46B8-871D-C2869801F47B}" = protocol=17 | dir=in | app=c:\users\user\downloads\audioconverter_setup(2).exe | 
"{E1FD4910-56E5-444E-8F48-456520D18770}" = protocol=6 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe | 
"{E2023BEB-485E-45F6-B22F-D4A6A61DD359}" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{E37FF0EA-1CFE-4A4C-9D48-6FACEAF02D3A}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{E5A4ED21-C344-4E16-91AA-C064037B62B9}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{E5A7AF7B-D8FF-4991-9061-18C967BE826E}" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{EC2B26DF-740F-4926-B3AA-D15E7D92E4A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F0B39AE5-E229-4C8A-86B5-CBCDE77B61B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F526C96C-5560-4D4A-B946-893991EB1535}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F58DE72A-5F92-49A9-88F8-2B4C5A4E31A9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{FC7828A4-386E-4492-961F-793C752293FB}" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{052403D3-1D44-42E8-ACC9-C922C85DFB80}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{08270A47-11AD-4BE7-81F7-54E508373D6E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{11AD4EB7-23B4-48A4-AAFB-DDDD2C6F294B}C:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe | 
"TCP Query User{1D70191E-99FA-4AE0-8E72-CE559CFDF48E}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"TCP Query User{1F455C08-F01B-4593-A221-E68C7024AB9B}C:\program files\prettymaybasic\prettymay.exe" = protocol=6 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"TCP Query User{211F76A6-21C0-4314-BA95-375E4F21574C}F:\world of warcraft 1\launcher.patch.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\launcher.patch.exe | 
"TCP Query User{349A0034-86B2-4C86-A8B8-9CCAB3FBC528}D:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{383840F8-18A3-48F8-A856-B1134679EBF8}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{414EBF0A-8198-4A19-BB93-6A495603BD79}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"TCP Query User{45DF059F-FBF4-47FC-89B6-29150F72740E}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{496F905C-8AFF-46B5-B79C-AA0D6918002E}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"TCP Query User{4C0BBF61-971F-4168-9312-1A7F1823D6CE}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{5D7A01FC-9C8C-4199-825E-609404EEAAB6}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{6B1225D6-898A-47D0-8A9E-90C5C92C8D3D}F:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{6D937413-E0E8-4148-8562-1C41A6AABDED}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{7041B0CA-AFBA-484D-B549-4B4B8FC68C79}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"TCP Query User{729F2CAA-7C36-4290-8E05-215B253DAD2B}C:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"TCP Query User{7869C16E-7158-45C1-BDEC-055197FF34A1}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"TCP Query User{7FDCE5B6-3673-49E2-978F-B8D86BBBCE6F}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{88E6D92A-4C14-4D78-AB9D-3B3B56C146E0}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{A3F23D8C-82C7-4642-9069-103A6A937E21}C:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"TCP Query User{A75A6418-A616-4B4A-B25A-5D599537CD25}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{AA7B47E1-05E5-45CA-9044-1E14B9E6C4B5}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"TCP Query User{AC628CC7-4378-44AE-AEF1-E2E7F78DF1EE}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{AEB12D6E-A0DB-47A6-894E-402515321EE2}F:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{B0F89C1E-BF52-425B-85CA-6A0FF5BB7721}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{B1D5F5EE-8F8F-4736-B9BF-815B985D52C8}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{B48D924C-F7DB-4292-8AF1-C30DDAC20A31}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{B4D27E42-C945-4D74-A957-D347E9049B7D}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{B5F069E8-EEF6-46C6-A65F-CE45334A0013}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"TCP Query User{CF780C53-5EF7-4D04-9F70-AB1FD64264C0}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"TCP Query User{E2BEF478-0365-412E-9623-89C034642F90}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"TCP Query User{E45AFBDA-6D22-42B1-94AB-BAF96F573B5B}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 
"TCP Query User{E6A08B8E-5EDC-47FC-817B-415A3AE2C68B}D:\world of warcraft\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{EBD33C73-CAA0-4F3D-93B1-1537583F3E11}F:\world of warcraft 1\launcher.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
"TCP Query User{EC077C06-6357-4765-84C8-AB570DE96989}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"TCP Query User{F1E0D0F4-F3A3-4C73-916E-C9E5A2A567D5}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{F4ED224C-96DF-4790-894A-EB0157AC0260}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{F52B1F52-3BCB-4FA6-B298-44187FF9B85D}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"TCP Query User{F74F569A-A073-492D-8F15-84E36272638C}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"UDP Query User{048489F3-D172-4A5E-98A8-B08040972D16}D:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{07841906-C7D6-4E0A-91C0-A8652DDB43D0}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{08A4E1E5-50CA-47F6-8C8D-284BC26F7EC3}C:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe | 
"UDP Query User{0C088D93-5C59-4C0D-958F-F58633ECCA43}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{0E104FA0-363B-48B9-8211-02FE1548526C}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"UDP Query User{20B4A484-2F8E-4761-8F62-AB2BC00B82F0}F:\world of warcraft 1\launcher.patch.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\launcher.patch.exe | 
"UDP Query User{2423E96F-4132-42D2-AAE4-5180C5212215}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"UDP Query User{2C73BA71-2310-4466-A0C6-E2F78B1C14C5}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"UDP Query User{3C16588A-F034-4DC7-9EE6-07E3C8827FEB}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{3CF28737-B0FA-4ED2-86AA-7A47A6F4EF64}C:\program files\prettymaybasic\prettymay.exe" = protocol=17 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"UDP Query User{498899E1-4DCD-4857-A529-C71B8B27D7DC}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"UDP Query User{4AE22E10-D105-4C2F-8528-65E9B9BD34C2}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"UDP Query User{5032EFDB-3036-4158-87DA-B9723538AC65}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{5A046992-E3CB-4CBA-B185-F7C942A02127}C:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"UDP Query User{5C443027-4137-49EC-83D8-73D66D2F710E}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"UDP Query User{607040B3-D81F-4D72-AE4B-7621822F43A7}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"UDP Query User{65A82FCA-A52A-4269-8F6F-E482A1AE1BF9}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{680CC033-786E-4C6A-ADEF-0D4A656BE69F}C:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"UDP Query User{6BED1D77-3037-4E75-A69F-CED42B2C2EE2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{6E41EE68-B134-47DF-80AA-353EB1453B02}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{863B56EB-68AD-4C56-AFAA-80B21F326087}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{8B05FA58-7AD0-4072-8098-9F2A8CAE6865}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{8BB9A4AE-0D30-47B0-A313-B13EC11A5146}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{8F8340BA-9652-4820-8F66-9721F17A2470}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{9543A2DE-1A08-4191-8158-0A0648318331}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"UDP Query User{A706D8D8-C137-4667-AFCB-4FDF6FD03BD6}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{BC20D295-DA41-4C63-B010-8F369D3F24CB}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{BD2BCAF3-AA83-4E16-8D2F-2E3FC95EC900}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{C1A04F2D-356B-4ED8-AC3B-EBBE0BA49324}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"UDP Query User{C2F07296-DFDB-4E0A-AB6E-31D18CA3D39F}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{C478B475-C361-43A5-9B38-DAF9F1526A1A}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"UDP Query User{CD308447-38E7-4E40-B4F7-81F5DEECB53C}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{D77B2917-AEA1-49D0-B8AE-8743EADF1A77}F:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{D7C8D59B-6961-43D7-8FE9-6DBB5DA704D6}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"UDP Query User{DA9C1411-5C75-46E9-8A10-E4210888115C}D:\world of warcraft\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{DD436CC3-88ED-42D0-A105-AF68C1AA94EF}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 
"UDP Query User{DD5F5B14-7032-499C-A78B-EF69898BF184}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"UDP Query User{E0CDCB2C-329E-4D2F-BE09-383A52A23C53}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{ED91E705-A9C5-429F-9F96-71C5308194AD}F:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{F6370810-1E80-4FA9-99D1-B71740ECA6CA}F:\world of warcraft 1\launcher.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0a942b37-2a6f-4b9f-9470-0d1d3d2de196}" = Nero 9 Essentials
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = Die Sims™ 3 Diesel Accessoires
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11807553}" = Hotel Dash Suite Success
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = Die Sims™ 3 Supernatural
"{B4CB2C34-E745-4063-9CD6-F54D46F7F4FE}" = Nitro PDF Reader 2
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Creative Removable Disk Manager" = Creative-Manager für Wechseldatenträger
"Defraggler" = Defraggler
"Deponia 2" = Chaos auf Deponia
"DivX Setup" = DivX-Setup
"dvdvideosofttoolbar" = DVD Video Soft Toolbar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"houseworx_is1" = houseworx
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"Logitech Vid" = Logitech Vid HD
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX_{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Picasa 3" = Picasa 3
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.16.2.6
"SysInfo" = Creative-Systeminformationen
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ThumbsPlus 3.21" = ThumbsPlus Version 3.21-R
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
"ZENcast Organizer" = ZENcast Organizer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.12.2012 19:57:49 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8674
 
Error - 09.12.2012 19:57:50 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.12.2012 19:57:50 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9672
 
Error - 09.12.2012 19:57:50 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9672
 
Error - 09.12.2012 19:57:51 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.12.2012 19:57:51 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10686
 
Error - 09.12.2012 19:57:51 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10686
 
Error - 09.12.2012 19:57:52 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.12.2012 19:57:52 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11856
 
Error - 09.12.2012 19:57:52 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11856
 
[ Media Center Events ]
Error - 28.09.2010 08:21:23 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 14:21:23 - Fehler beim Herstellen der Internetverbindung.  14:21:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.09.2010 08:21:55 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 14:21:52 - Fehler beim Herstellen der Internetverbindung.  14:21:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.09.2010 09:22:27 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 15:22:27 - Fehler beim Herstellen der Internetverbindung.  15:22:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.09.2010 09:22:57 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 15:22:56 - Fehler beim Herstellen der Internetverbindung.  15:22:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.10.2010 04:37:39 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 10:37:35 - Fehler beim Herstellen der Internetverbindung.  10:37:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.10.2010 07:18:23 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 13:18:19 - Fehler beim Herstellen der Internetverbindung.  13:18:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.11.2010 08:08:03 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 13:08:00 - Fehler beim Herstellen der Internetverbindung.  13:08:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.11.2010 08:08:55 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 13:08:38 - Fehler beim Herstellen der Internetverbindung.  13:08:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 09.12.2012 09:19:59 | Computer Name = manuu-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.12.2012 09:20:00 | Computer Name = manuu-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.12.2012 10:03:21 | Computer Name = manuu-PC | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.17.3 
mit dem Computer mit der  Netzwerkhardwareadresse 7C-6D-62-39-22-84 ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
Error - 09.12.2012 10:03:35 | Computer Name = manuu-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 09.12.2012 10:11:48 | Computer Name = manuu-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 09.12.2012 12:13:43 | Computer Name = manuu-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 09.12.2012 12:13:55 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 09.12.2012 17:42:39 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 09.12.2012 19:12:18 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 10.12.2012 11:41:48 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >

--- --- ---

Belatucradus · 10.12.2012, 19:29

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10.12.2012 18:24:15 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,01% Memory free
4,00 Gb Paging File | 2,81 Gb Available in Paging File | 70,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 240,67 Gb Total Space | 53,24 Gb Free Space | 22,12% Space Free | Partition Type: NTFS
Drive D: | 225,00 Gb Total Space | 28,92 Gb Free Space | 12,85% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465,76 Gb Total Space | 198,64 Gb Free Space | 42,65% Space Free | Partition Type: NTFS
 
Computer Name: MANUU-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02350A75-070B-4EFB-A07B-EABC6F42CC3B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{04FE09EA-910C-463B-B0FF-4748094B67EC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0FE7B969-B5F9-48EC-9820-8E023BB50F34}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{11397179-D745-425F-AFAC-24392CE21BAF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{145D420A-6BA4-429E-BDD1-0076535C3BC1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1F35AB04-9D4E-46D1-852B-6DA325D82D7C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2CC6EA18-8BF8-406A-96C1-93AB4F4AFCDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{33AE105F-294D-4224-95B1-A74116600371}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3FE3EEB0-0B51-4B9F-BF95-7AC9F45BA2EC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4297E87E-EEC8-4038-9B25-EE37ECB192DE}" = lport=54005 | protocol=6 | dir=in | name=akamai netsession interface | 
"{42B3C211-C17F-4425-B589-57DF8EA36EBE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{447E6C30-AAAC-49A7-8ED6-D4BF67A3FCC2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4E5D9453-E13C-469D-98AD-BFC51252FB91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{577F3C01-D4D4-4B27-858F-FDA5CCA403EB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{61A1CEBD-E33C-41D7-8249-583AB5407661}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7165D842-5D97-4012-BC6F-452283598233}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74AA94BE-AB17-4EE4-954E-47EBED24F3D7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{808939EA-B172-497D-9F0C-C1A480F4CC52}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E37CFE0-47D6-4F6D-9161-FDD7C72A3099}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{976337A9-58FE-4CF5-B71E-9847C314A0E9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9BE052C6-0F65-4418-9AB3-C9FC5C6B1843}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A6C8B5C1-4877-4C8E-909C-67ADF1DEF486}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AF988FE6-C0FB-4565-9108-975BB7D3B8B0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BD970FC8-097D-44D8-AA04-C8AA39BFC4E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BE46AF4A-245E-4091-840C-4B11ED26C082}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C00660EB-A99B-431B-8316-CAB756955F54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C20E53B7-ECA8-4C90-910D-FD7D2B128BE0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C417F3FA-F294-4A2D-B4AF-96B0127220B5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CF50C6A8-74C9-40B8-AA62-2F4D230C9C0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D467F531-F6D2-4E51-86C3-7DF49E9FCA63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DEF27483-22CF-4DAD-AF3F-6EA19BDC0DB9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EBE649E8-2603-4D53-9B1F-5DAD8B959A6E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EDBA0EE7-30AD-482B-8172-8C89E78D4C15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EFBADF04-FE52-4C26-9B9A-7AA323BA6F1C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{F0D0BECD-B81D-4498-81FB-D3CED8AA9A6C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F7EFA886-270C-4253-9594-D1DC2251B0A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FFA7C060-5343-48DB-8B22-7B71C009BDD0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FE2B25-7205-47CE-AFBA-3965D4DEDBF3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{068F5F1D-A6F7-4449-BD30-B10AEF9BE7B0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{07C36032-5D43-4358-B9A0-9AD28212AC7D}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{0A625213-F957-4589-83EB-9D1E87F11E69}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{0C060538-554B-4489-AA3B-D39868301863}" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"{0E9D4784-25EA-4511-B020-BB72D41CAB7D}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{0F5CABDE-3544-4393-A7EE-59A876DEF441}" = protocol=17 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
"{1058327F-2192-4B3E-B70B-67B5F32F3C8F}" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.patch.exe | 
"{113B41E0-7325-40FE-ABA3-579E22985ABE}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{145EED5D-ADE4-45F4-8F9B-4021C040360F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1565B434-9365-4EE6-8570-33F3957EE5B5}" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"{16CF084C-BDDC-41EE-9180-806F432DCC86}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{17FF0A15-2B13-46C6-8FF2-7BDD02ACE434}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1840D0C5-0E65-45FD-B2C0-3CE9509FED38}" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.exe | 
"{19609836-6C8D-450A-A8D4-5F15635637D8}" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{1DD64930-C18A-43AB-A88E-C3297CF50560}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{225D3BF8-E7E6-413A-980B-52B1BF9384E9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2473CF2C-5EA0-4235-B2E8-ABAFA4CCE0BF}" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.exe | 
"{268E1E68-6EFC-44DB-9A4B-645DC83C0AAE}" = protocol=17 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"{2D9D18E9-BC3D-4445-9124-278864979636}" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{2FA411E8-A0D1-4EEE-8775-FBD82E8FC001}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3453B1EB-02F8-4426-9622-2A88379C495A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{34AC7C86-D929-4057-B788-07D300AD3156}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{36A6A2EF-1BE5-47FF-AA6B-FCBF4A75D7FA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{37AA4715-1C2C-4695-BE44-CC671E3F0B59}" = protocol=6 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
"{3C0DC04E-AB1F-45EB-AFB2-1DFCB416832C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C8C8279-73F6-4F90-B53E-3C738F86E1BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3D7ED40B-9AB9-4D7A-919F-7D1A1B881208}" = protocol=58 | dir=in | app=system | 
"{3E94AA2C-58A9-47A7-98A0-1C3CA99A47A1}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{413FCCED-2050-44D3-AC5E-FF46275504F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{467858CE-3373-488D-9040-22EEBA88438D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{49965159-D2BD-4AD2-9536-B9DC9EA19F18}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{49E9CD1A-7B26-4891-8D94-7E786B02B100}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{4C514851-E87D-4B0F-B02F-CE437BA30476}" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"{4CA4838B-DB80-4A9E-8946-D4936DD80CDF}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"{55E31247-D83F-4AEB-99CB-16D89DDC74CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{578C5543-06A4-4CB5-AD13-5F3DAF4F908F}" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"{59210A10-7EFD-4A46-95DB-D44CE4A88224}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A4F0906-61D2-4014-8191-D6FC796C7D33}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{5BB2EFBC-88C9-4AB5-B2C6-9FCB366073BF}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{5F4BFCBF-E7DA-49DF-8EB7-40DB2CAC6C86}" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"{63AFC118-4712-4F22-B701-A7A56FBCE3F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64A3F4CF-EBE2-4EAA-83D3-51A3DBEBB7BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6722DE90-BF4F-41D4-977F-747F42960D7D}" = protocol=6 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"{68CDE297-95DA-4DAB-BD1E-EBA5DB4CDB2D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{6BD7C4AA-2711-4AFA-ABE7-8EDA8F8658C4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7247D27A-E634-4345-BA65-E018D0736EF3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{73FD590E-DB46-44C5-AA15-50621DEFDA3D}" = protocol=6 | dir=in | app=c:\program files\dvdvideosofttoolbar\dtuser.exe | 
"{7A36779E-40E6-4660-8019-86ED4AF93C5D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{7B087EF4-5680-48CF-8700-E36860DA4819}" = protocol=17 | dir=in | app=c:\program files\dvdvideosofttoolbar\dtuser.exe | 
"{7BCB57B4-4C01-471E-9BAC-7FEAAF9C9916}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7FC7A608-AC76-4079-878C-429630C2D7BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8581969A-19FA-479B-81A2-A3642B65D349}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{85A04D3F-43D5-485D-BF06-CBD890800AE5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{86A57A34-C77A-4BD6-B4F2-6FB0A850849C}" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.patch.exe | 
"{8836F2E4-FBFF-4C2C-9A53-08DC81F9C5FC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{8CCBC600-E9FE-40A7-B417-B83B5746AA48}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{9004B553-7A14-44A9-BE1E-636CB81A9BEF}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{9D94A85A-20ED-480C-9678-8B5859A80D7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9FFB9C2C-731A-4A79-BB8B-7A6DBD59BD97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A22E8B50-E516-4294-B05D-BFAB107AA54E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{A30B2B40-31B9-462B-A2EA-A13DEB29684E}" = protocol=6 | dir=in | app=c:\users\user\downloads\audioconverter_setup(2).exe | 
"{A4A42F0E-FAD8-423D-8D28-2E0ED1ACABF5}" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.exe | 
"{A6A919D6-D73F-4465-9E7B-38900B02669B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB6B562A-55EA-4E22-B6FD-1199E77B928A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{AD847F00-BEA5-44EC-9843-4D5A8BA9C513}" = protocol=6 | dir=out | app=system | 
"{B044FFC8-25BD-45FB-8906-B4C664E5AA61}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3B185B4-DA03-4A89-873A-B72FE99D1BFC}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{B4110C65-CD34-4633-8C87-988B787E85D3}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{B83BBC01-2B09-49E2-802C-DD63ECC9D9F6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{BC7A6D33-61C3-4F2A-9680-43EEDE7BC356}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{BD3927EA-32C9-4B4C-A4D3-AEAD30CF635A}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{BE2662D0-85E0-46C6-96B5-728A411E3B00}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{BEBCB015-3699-407B-AF8E-FCAD53785C11}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{C2FCA2CC-9A40-4E76-8D5A-28CC68CCB091}" = protocol=17 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe | 
"{C32F2B04-16B4-4A6C-B97D-397887C0418E}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"{C3ACCE8A-5E1F-4B80-B716-07C253648868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6A90593-67DA-4399-8A74-1524D6A3AF29}" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.exe | 
"{CAE017DE-96C7-4325-95D6-4D28D0CB4E69}" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.patch.exe | 
"{CEF517E1-D6B8-4A44-B9B8-8B90A2109C83}" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.patch.exe | 
"{D0FF7BB2-00E8-48A1-9051-1C8C2FEE22EC}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{D311B642-C173-41AD-9D63-B3302D1A57DE}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{DCE78D9F-4463-49B2-9DAE-C5C201A97EFA}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{E01BA4C8-0BEC-46B8-871D-C2869801F47B}" = protocol=17 | dir=in | app=c:\users\user\downloads\audioconverter_setup(2).exe | 
"{E1FD4910-56E5-444E-8F48-456520D18770}" = protocol=6 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe | 
"{E2023BEB-485E-45F6-B22F-D4A6A61DD359}" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{E37FF0EA-1CFE-4A4C-9D48-6FACEAF02D3A}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{E5A4ED21-C344-4E16-91AA-C064037B62B9}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{E5A7AF7B-D8FF-4991-9061-18C967BE826E}" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{EC2B26DF-740F-4926-B3AA-D15E7D92E4A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F0B39AE5-E229-4C8A-86B5-CBCDE77B61B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F526C96C-5560-4D4A-B946-893991EB1535}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F58DE72A-5F92-49A9-88F8-2B4C5A4E31A9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{FC7828A4-386E-4492-961F-793C752293FB}" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{052403D3-1D44-42E8-ACC9-C922C85DFB80}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{08270A47-11AD-4BE7-81F7-54E508373D6E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{11AD4EB7-23B4-48A4-AAFB-DDDD2C6F294B}C:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe | 
"TCP Query User{1D70191E-99FA-4AE0-8E72-CE559CFDF48E}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"TCP Query User{1F455C08-F01B-4593-A221-E68C7024AB9B}C:\program files\prettymaybasic\prettymay.exe" = protocol=6 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"TCP Query User{211F76A6-21C0-4314-BA95-375E4F21574C}F:\world of warcraft 1\launcher.patch.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\launcher.patch.exe | 
"TCP Query User{349A0034-86B2-4C86-A8B8-9CCAB3FBC528}D:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{383840F8-18A3-48F8-A856-B1134679EBF8}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{414EBF0A-8198-4A19-BB93-6A495603BD79}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"TCP Query User{45DF059F-FBF4-47FC-89B6-29150F72740E}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{496F905C-8AFF-46B5-B79C-AA0D6918002E}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"TCP Query User{4C0BBF61-971F-4168-9312-1A7F1823D6CE}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{5D7A01FC-9C8C-4199-825E-609404EEAAB6}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{6B1225D6-898A-47D0-8A9E-90C5C92C8D3D}F:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{6D937413-E0E8-4148-8562-1C41A6AABDED}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{7041B0CA-AFBA-484D-B549-4B4B8FC68C79}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"TCP Query User{729F2CAA-7C36-4290-8E05-215B253DAD2B}C:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"TCP Query User{7869C16E-7158-45C1-BDEC-055197FF34A1}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"TCP Query User{7FDCE5B6-3673-49E2-978F-B8D86BBBCE6F}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{88E6D92A-4C14-4D78-AB9D-3B3B56C146E0}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{A3F23D8C-82C7-4642-9069-103A6A937E21}C:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"TCP Query User{A75A6418-A616-4B4A-B25A-5D599537CD25}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{AA7B47E1-05E5-45CA-9044-1E14B9E6C4B5}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"TCP Query User{AC628CC7-4378-44AE-AEF1-E2E7F78DF1EE}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{AEB12D6E-A0DB-47A6-894E-402515321EE2}F:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{B0F89C1E-BF52-425B-85CA-6A0FF5BB7721}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{B1D5F5EE-8F8F-4736-B9BF-815B985D52C8}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{B48D924C-F7DB-4292-8AF1-C30DDAC20A31}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{B4D27E42-C945-4D74-A957-D347E9049B7D}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{B5F069E8-EEF6-46C6-A65F-CE45334A0013}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"TCP Query User{CF780C53-5EF7-4D04-9F70-AB1FD64264C0}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"TCP Query User{E2BEF478-0365-412E-9623-89C034642F90}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"TCP Query User{E45AFBDA-6D22-42B1-94AB-BAF96F573B5B}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 
"TCP Query User{E6A08B8E-5EDC-47FC-817B-415A3AE2C68B}D:\world of warcraft\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{EBD33C73-CAA0-4F3D-93B1-1537583F3E11}F:\world of warcraft 1\launcher.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
"TCP Query User{EC077C06-6357-4765-84C8-AB570DE96989}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"TCP Query User{F1E0D0F4-F3A3-4C73-916E-C9E5A2A567D5}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{F4ED224C-96DF-4790-894A-EB0157AC0260}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{F52B1F52-3BCB-4FA6-B298-44187FF9B85D}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"TCP Query User{F74F569A-A073-492D-8F15-84E36272638C}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"UDP Query User{048489F3-D172-4A5E-98A8-B08040972D16}D:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{07841906-C7D6-4E0A-91C0-A8652DDB43D0}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{08A4E1E5-50CA-47F6-8C8D-284BC26F7EC3}C:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe | 
"UDP Query User{0C088D93-5C59-4C0D-958F-F58633ECCA43}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{0E104FA0-363B-48B9-8211-02FE1548526C}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"UDP Query User{20B4A484-2F8E-4761-8F62-AB2BC00B82F0}F:\world of warcraft 1\launcher.patch.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\launcher.patch.exe | 
"UDP Query User{2423E96F-4132-42D2-AAE4-5180C5212215}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"UDP Query User{2C73BA71-2310-4466-A0C6-E2F78B1C14C5}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"UDP Query User{3C16588A-F034-4DC7-9EE6-07E3C8827FEB}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{3CF28737-B0FA-4ED2-86AA-7A47A6F4EF64}C:\program files\prettymaybasic\prettymay.exe" = protocol=17 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"UDP Query User{498899E1-4DCD-4857-A529-C71B8B27D7DC}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"UDP Query User{4AE22E10-D105-4C2F-8528-65E9B9BD34C2}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"UDP Query User{5032EFDB-3036-4158-87DA-B9723538AC65}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{5A046992-E3CB-4CBA-B185-F7C942A02127}C:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"UDP Query User{5C443027-4137-49EC-83D8-73D66D2F710E}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"UDP Query User{607040B3-D81F-4D72-AE4B-7621822F43A7}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"UDP Query User{65A82FCA-A52A-4269-8F6F-E482A1AE1BF9}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{680CC033-786E-4C6A-ADEF-0D4A656BE69F}C:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"UDP Query User{6BED1D77-3037-4E75-A69F-CED42B2C2EE2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{6E41EE68-B134-47DF-80AA-353EB1453B02}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{863B56EB-68AD-4C56-AFAA-80B21F326087}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{8B05FA58-7AD0-4072-8098-9F2A8CAE6865}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{8BB9A4AE-0D30-47B0-A313-B13EC11A5146}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{8F8340BA-9652-4820-8F66-9721F17A2470}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{9543A2DE-1A08-4191-8158-0A0648318331}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"UDP Query User{A706D8D8-C137-4667-AFCB-4FDF6FD03BD6}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{BC20D295-DA41-4C63-B010-8F369D3F24CB}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{BD2BCAF3-AA83-4E16-8D2F-2E3FC95EC900}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{C1A04F2D-356B-4ED8-AC3B-EBBE0BA49324}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"UDP Query User{C2F07296-DFDB-4E0A-AB6E-31D18CA3D39F}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{C478B475-C361-43A5-9B38-DAF9F1526A1A}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"UDP Query User{CD308447-38E7-4E40-B4F7-81F5DEECB53C}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{D77B2917-AEA1-49D0-B8AE-8743EADF1A77}F:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{D7C8D59B-6961-43D7-8FE9-6DBB5DA704D6}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"UDP Query User{DA9C1411-5C75-46E9-8A10-E4210888115C}D:\world of warcraft\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{DD436CC3-88ED-42D0-A105-AF68C1AA94EF}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 
"UDP Query User{DD5F5B14-7032-499C-A78B-EF69898BF184}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"UDP Query User{E0CDCB2C-329E-4D2F-BE09-383A52A23C53}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{ED91E705-A9C5-429F-9F96-71C5308194AD}F:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{F6370810-1E80-4FA9-99D1-B71740ECA6CA}F:\world of warcraft 1\launcher.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0a942b37-2a6f-4b9f-9470-0d1d3d2de196}" = Nero 9 Essentials
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = Die Sims™ 3 Diesel Accessoires
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11807553}" = Hotel Dash Suite Success
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = Die Sims™ 3 Supernatural
"{B4CB2C34-E745-4063-9CD6-F54D46F7F4FE}" = Nitro PDF Reader 2
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Creative Removable Disk Manager" = Creative-Manager für Wechseldatenträger
"Defraggler" = Defraggler
"Deponia 2" = Chaos auf Deponia
"DivX Setup" = DivX-Setup
"dvdvideosofttoolbar" = DVD Video Soft Toolbar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"houseworx_is1" = houseworx
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"Logitech Vid" = Logitech Vid HD
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX_{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Picasa 3" = Picasa 3
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.16.2.6
"SysInfo" = Creative-Systeminformationen
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ThumbsPlus 3.21" = ThumbsPlus Version 3.21-R
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
"ZENcast Organizer" = ZENcast Organizer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.12.2012 19:57:49 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8674
 
Error - 09.12.2012 19:57:50 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.12.2012 19:57:50 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9672
 
Error - 09.12.2012 19:57:50 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9672
 
Error - 09.12.2012 19:57:51 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.12.2012 19:57:51 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10686
 
Error - 09.12.2012 19:57:51 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10686
 
Error - 09.12.2012 19:57:52 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.12.2012 19:57:52 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11856
 
Error - 09.12.2012 19:57:52 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11856
 
[ Media Center Events ]
Error - 28.09.2010 08:21:23 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 14:21:23 - Fehler beim Herstellen der Internetverbindung.  14:21:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.09.2010 08:21:55 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 14:21:52 - Fehler beim Herstellen der Internetverbindung.  14:21:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.09.2010 09:22:27 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 15:22:27 - Fehler beim Herstellen der Internetverbindung.  15:22:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.09.2010 09:22:57 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 15:22:56 - Fehler beim Herstellen der Internetverbindung.  15:22:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.10.2010 04:37:39 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 10:37:35 - Fehler beim Herstellen der Internetverbindung.  10:37:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.10.2010 07:18:23 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 13:18:19 - Fehler beim Herstellen der Internetverbindung.  13:18:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.11.2010 08:08:03 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 13:08:00 - Fehler beim Herstellen der Internetverbindung.  13:08:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.11.2010 08:08:55 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 13:08:38 - Fehler beim Herstellen der Internetverbindung.  13:08:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 09.12.2012 09:19:59 | Computer Name = manuu-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.12.2012 09:20:00 | Computer Name = manuu-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.12.2012 10:03:21 | Computer Name = manuu-PC | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.17.3 
mit dem Computer mit der  Netzwerkhardwareadresse 7C-6D-62-39-22-84 ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
Error - 09.12.2012 10:03:35 | Computer Name = manuu-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 09.12.2012 10:11:48 | Computer Name = manuu-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 09.12.2012 12:13:43 | Computer Name = manuu-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 09.12.2012 12:13:55 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 09.12.2012 17:42:39 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 09.12.2012 19:12:18 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 10.12.2012 11:41:48 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >

--- --- ---

cosinus · 10.12.2012, 20:05

Hm, da ist immer noch Toolbar-Müll drin die der adwCleaner eigentlich kenn sollte
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Belatucradus · 11.12.2012, 17:01

Hallo & danke ! =)

Code:

ATTFilter

# AdwCleaner v2.100 - Datei am 11/12/2012 um 09:35:11 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : User - MANUU-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

-\\ Google Chrome v21.0.1180.79

*************************

AdwCleaner[R1].txt - [20722 octets] - [07/12/2012 21:18:28]
AdwCleaner[R2].txt - [1312 octets] - [09/12/2012 20:41:31]
AdwCleaner[R3].txt - [754 octets] - [11/12/2012 09:35:11]
AdwCleaner[S1].txt - [20032 octets] - [09/12/2012 16:10:37]
AdwCleaner[S2].txt - [1462 octets] - [10/12/2012 18:20:19]

########## EOF - C:\AdwCleaner[R3].txt - [934 octets] ##########

cosinus · 11.12.2012, 17:02

Hm... eine neue Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Belatucradus · 12.12.2012, 17:22

Hallöchen =)

Hier bitte!
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11.12.2012 18:05:24 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 75,15% Memory free
4,00 Gb Paging File | 2,85 Gb Available in Paging File | 71,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 240,67 Gb Total Space | 52,40 Gb Free Space | 21,77% Space Free | Partition Type: NTFS
Drive D: | 225,00 Gb Total Space | 28,92 Gb Free Space | 12,85% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465,76 Gb Total Space | 198,43 Gb Free Space | 42,60% Space Free | Partition Type: NTFS
 
Computer Name: MANUU-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Users\User\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Steam\sdl.dll ()
MOD - C:\Programme\Steam\bin\libcef.dll ()
MOD - C:\Programme\Steam\bin\chromehtml.dll ()
MOD - C:\Programme\Steam\bin\avutil-51.dll ()
MOD - C:\Programme\Steam\bin\avformat-53.dll ()
MOD - C:\Programme\Steam\bin\avcodec-53.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
MOD - C:\Programme\Creative\Sync Manager Unicode\CTSyncRs.crl ()
 
 
========== Services (SafeList) ==========
 
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cpuz132) -- C:\Users\User\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\LVUVC.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD 2A 9E 8C EC 00 CB 01  [binary data]
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\URLSearchHook: {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1006\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.order.1: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227980&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\User\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.14 17:54:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.08 15:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.02 13:27:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 11:47:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\User\Program Files\DNA [2012.12.11 16:07:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.02 13:27:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 11:47:23 | 000,000,000 | ---D | M]
 
[2010.05.31 18:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.12.11 08:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions
[2011.06.02 18:06:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.11.23 13:43:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.09.15 19:13:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ijldys6d.default\extensions\ich@maltegoetz.de
[2012.10.07 17:07:16 | 000,215,605 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\extensions\fbdislike@doweb.fr.xpi
[2012.11.23 13:43:03 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010.05.31 20:09:46 | 000,001,819 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\bing.xml
[2010.08.08 18:44:12 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\bProtect.xml
[2010.08.08 18:44:12 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\conduit.xml
[2012.12.08 13:18:36 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin-1.xml
[2012.02.07 13:56:09 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin-2.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin.xml
[2010.08.05 16:09:41 | 000,002,057 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\youtube-videosuche.xml
[2010.05.31 18:21:26 | 000,004,140 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\youtube.xml
[2012.11.22 15:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.14 17:54:34 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.12.08 15:26:12 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
[2012.12.02 13:27:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.12.07 13:52:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DVD Video Soft Toolbar) - {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (DVD Video Soft Toolbar) - {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [BitTorrent DNA] C:\Users\User\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3593604086-429341408-3109665741-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3593604086-429341408-3109665741-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{322C8882-CB42-4C6F-8D80-95B407A70B65}: DhcpNameServer = 194.183.128.35 194.183.128.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80308457-6C55-456A-B170-30378499DEDA}: DhcpNameServer = 194.48.139.254 194.48.124.200
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (Process Name%.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.09 16:31:37 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\iMacros
[2012.12.08 22:07:45 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MAGIX
[2012.12.08 22:06:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\MAGIX
[2012.12.08 22:06:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Xara
[2012.12.08 22:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.12.08 22:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2012.12.08 22:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.12.08 22:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2012.12.08 15:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.12.08 15:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.12.07 13:56:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.07 13:56:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.07 13:52:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2012.12.07 13:32:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.07 13:32:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.07 13:32:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.07 13:32:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.07 13:30:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.07 13:18:42 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012.12.06 01:24:34 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Grumpy Cat !
[2012.12.04 20:40:18 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\wichtig
[2012.11.30 16:51:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.11.27 19:33:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.11.27 19:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.27 19:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.27 19:29:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.27 19:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.22 17:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.22 17:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.11.22 15:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.11.20 23:40:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NVIDIA
[2012.11.19 14:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.11.19 13:49:44 | 002,557,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2012.11.19 13:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.11.16 13:34:47 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.16 13:34:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.16 13:33:05 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.16 13:32:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.16 13:32:52 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.15 21:30:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.15 21:30:48 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.15 21:30:47 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.15 21:30:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.15 21:30:41 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.15 21:25:16 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.15 21:25:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.15 00:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012.11.15 00:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.11.15 00:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012.11.14 22:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.11.14 17:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.14 17:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.14 17:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.11.14 17:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.11.14 17:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.11 17:41:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.11 16:13:50 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 16:13:50 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 16:06:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.11 16:06:27 | 1609,371,648 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.11 08:37:22 | 000,545,819 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012.12.09 15:11:37 | 000,434,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.08 22:06:22 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Foto & Grafik Designer 6 SE.lnk
[2012.12.07 13:52:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.07 13:20:05 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012.11.30 16:51:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.11.22 15:22:15 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 14:05:31 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.16 14:05:30 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.16 13:46:52 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.16 13:46:52 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.16 13:46:52 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.16 13:46:52 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 00:11:58 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.11.14 22:18:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
 
========== Files Created - No Company Name ==========
 
[2012.12.11 08:37:11 | 000,545,819 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012.12.08 22:06:22 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Foto & Grafik Designer 6 SE.lnk
[2012.12.07 13:32:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.07 13:32:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.07 13:32:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.07 13:32:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.07 13:32:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.22 15:22:15 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.22 15:22:15 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 13:35:01 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 13:32:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 00:11:58 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.06.30 14:04:27 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2011.09.15 17:13:14 | 004,762,808 | ---- | C] () -- C:\Users\User\Casper- Michael X.mp3
[2011.09.15 17:13:14 | 004,494,472 | ---- | C] () -- C:\Users\User\Casper - So perfekt.mp3
[2011.07.02 02:13:10 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.04.01 06:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.04.01 06:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.04.01 06:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.04.01 05:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.03.22 22:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.10.01 20:25:49 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.09.11 18:15:25 | 000,000,099 | ---- | C] () -- C:\Users\User\jagex_runescape_preferences2.dat
[2010.09.11 18:14:15 | 000,000,046 | ---- | C] () -- C:\Users\User\jagex_runescape_preferences.dat
[2010.06.16 22:33:13 | 000,000,157 | ---- | C] () -- C:\Users\User\AppData\Roaming\default.rss
[2010.06.01 20:02:18 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:30376ACC
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 11.12.2012 18:05:24 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 75,15% Memory free
4,00 Gb Paging File | 2,85 Gb Available in Paging File | 71,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 240,67 Gb Total Space | 52,40 Gb Free Space | 21,77% Space Free | Partition Type: NTFS
Drive D: | 225,00 Gb Total Space | 28,92 Gb Free Space | 12,85% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465,76 Gb Total Space | 198,43 Gb Free Space | 42,60% Space Free | Partition Type: NTFS
 
Computer Name: MANUU-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02350A75-070B-4EFB-A07B-EABC6F42CC3B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{04FE09EA-910C-463B-B0FF-4748094B67EC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0FE7B969-B5F9-48EC-9820-8E023BB50F34}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{11397179-D745-425F-AFAC-24392CE21BAF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{145D420A-6BA4-429E-BDD1-0076535C3BC1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1F35AB04-9D4E-46D1-852B-6DA325D82D7C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2CC6EA18-8BF8-406A-96C1-93AB4F4AFCDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{33AE105F-294D-4224-95B1-A74116600371}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3FE3EEB0-0B51-4B9F-BF95-7AC9F45BA2EC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4297E87E-EEC8-4038-9B25-EE37ECB192DE}" = lport=54005 | protocol=6 | dir=in | name=akamai netsession interface | 
"{42B3C211-C17F-4425-B589-57DF8EA36EBE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{447E6C30-AAAC-49A7-8ED6-D4BF67A3FCC2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4E5D9453-E13C-469D-98AD-BFC51252FB91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{577F3C01-D4D4-4B27-858F-FDA5CCA403EB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{61A1CEBD-E33C-41D7-8249-583AB5407661}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7165D842-5D97-4012-BC6F-452283598233}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74AA94BE-AB17-4EE4-954E-47EBED24F3D7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{808939EA-B172-497D-9F0C-C1A480F4CC52}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E37CFE0-47D6-4F6D-9161-FDD7C72A3099}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{976337A9-58FE-4CF5-B71E-9847C314A0E9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9BE052C6-0F65-4418-9AB3-C9FC5C6B1843}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A6C8B5C1-4877-4C8E-909C-67ADF1DEF486}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AF988FE6-C0FB-4565-9108-975BB7D3B8B0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BD970FC8-097D-44D8-AA04-C8AA39BFC4E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BE46AF4A-245E-4091-840C-4B11ED26C082}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C00660EB-A99B-431B-8316-CAB756955F54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C20E53B7-ECA8-4C90-910D-FD7D2B128BE0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C417F3FA-F294-4A2D-B4AF-96B0127220B5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CF50C6A8-74C9-40B8-AA62-2F4D230C9C0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D467F531-F6D2-4E51-86C3-7DF49E9FCA63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DEF27483-22CF-4DAD-AF3F-6EA19BDC0DB9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EBE649E8-2603-4D53-9B1F-5DAD8B959A6E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EDBA0EE7-30AD-482B-8172-8C89E78D4C15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EFBADF04-FE52-4C26-9B9A-7AA323BA6F1C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{F0D0BECD-B81D-4498-81FB-D3CED8AA9A6C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F7EFA886-270C-4253-9594-D1DC2251B0A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FFA7C060-5343-48DB-8B22-7B71C009BDD0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FE2B25-7205-47CE-AFBA-3965D4DEDBF3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{068F5F1D-A6F7-4449-BD30-B10AEF9BE7B0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{07C36032-5D43-4358-B9A0-9AD28212AC7D}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{0A625213-F957-4589-83EB-9D1E87F11E69}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{0C060538-554B-4489-AA3B-D39868301863}" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"{0E9D4784-25EA-4511-B020-BB72D41CAB7D}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{0F5CABDE-3544-4393-A7EE-59A876DEF441}" = protocol=17 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
"{1058327F-2192-4B3E-B70B-67B5F32F3C8F}" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.patch.exe | 
"{113B41E0-7325-40FE-ABA3-579E22985ABE}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{145EED5D-ADE4-45F4-8F9B-4021C040360F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1565B434-9365-4EE6-8570-33F3957EE5B5}" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"{16CF084C-BDDC-41EE-9180-806F432DCC86}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{17FF0A15-2B13-46C6-8FF2-7BDD02ACE434}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1840D0C5-0E65-45FD-B2C0-3CE9509FED38}" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.exe | 
"{19609836-6C8D-450A-A8D4-5F15635637D8}" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{1DD64930-C18A-43AB-A88E-C3297CF50560}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{225D3BF8-E7E6-413A-980B-52B1BF9384E9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2473CF2C-5EA0-4235-B2E8-ABAFA4CCE0BF}" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.exe | 
"{268E1E68-6EFC-44DB-9A4B-645DC83C0AAE}" = protocol=17 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"{2D9D18E9-BC3D-4445-9124-278864979636}" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{2FA411E8-A0D1-4EEE-8775-FBD82E8FC001}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3453B1EB-02F8-4426-9622-2A88379C495A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{34AC7C86-D929-4057-B788-07D300AD3156}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{36A6A2EF-1BE5-47FF-AA6B-FCBF4A75D7FA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{37AA4715-1C2C-4695-BE44-CC671E3F0B59}" = protocol=6 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
"{3C0DC04E-AB1F-45EB-AFB2-1DFCB416832C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C8C8279-73F6-4F90-B53E-3C738F86E1BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E94AA2C-58A9-47A7-98A0-1C3CA99A47A1}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{413FCCED-2050-44D3-AC5E-FF46275504F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{467858CE-3373-488D-9040-22EEBA88438D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{49965159-D2BD-4AD2-9536-B9DC9EA19F18}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{49E9CD1A-7B26-4891-8D94-7E786B02B100}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{4C514851-E87D-4B0F-B02F-CE437BA30476}" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"{4CA4838B-DB80-4A9E-8946-D4936DD80CDF}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"{55E31247-D83F-4AEB-99CB-16D89DDC74CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{578C5543-06A4-4CB5-AD13-5F3DAF4F908F}" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"{59210A10-7EFD-4A46-95DB-D44CE4A88224}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A4F0906-61D2-4014-8191-D6FC796C7D33}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{5BB2EFBC-88C9-4AB5-B2C6-9FCB366073BF}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{5F4BFCBF-E7DA-49DF-8EB7-40DB2CAC6C86}" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"{63AFC118-4712-4F22-B701-A7A56FBCE3F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64A3F4CF-EBE2-4EAA-83D3-51A3DBEBB7BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{64FC0486-EA48-487D-9248-B05C00320046}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{6722DE90-BF4F-41D4-977F-747F42960D7D}" = protocol=6 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"{68CDE297-95DA-4DAB-BD1E-EBA5DB4CDB2D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{6BD7C4AA-2711-4AFA-ABE7-8EDA8F8658C4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7247D27A-E634-4345-BA65-E018D0736EF3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{73FD590E-DB46-44C5-AA15-50621DEFDA3D}" = protocol=6 | dir=in | app=c:\program files\dvdvideosofttoolbar\dtuser.exe | 
"{7A36779E-40E6-4660-8019-86ED4AF93C5D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{7B087EF4-5680-48CF-8700-E36860DA4819}" = protocol=17 | dir=in | app=c:\program files\dvdvideosofttoolbar\dtuser.exe | 
"{7BCB57B4-4C01-471E-9BAC-7FEAAF9C9916}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7FC7A608-AC76-4079-878C-429630C2D7BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8581969A-19FA-479B-81A2-A3642B65D349}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{85A04D3F-43D5-485D-BF06-CBD890800AE5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{86A57A34-C77A-4BD6-B4F2-6FB0A850849C}" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.patch.exe | 
"{8836F2E4-FBFF-4C2C-9A53-08DC81F9C5FC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{8CCBC600-E9FE-40A7-B417-B83B5746AA48}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{8DFAA063-8DA2-4DEC-8E2D-280E6F950C95}" = protocol=58 | dir=in | app=system | 
"{9004B553-7A14-44A9-BE1E-636CB81A9BEF}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{9D94A85A-20ED-480C-9678-8B5859A80D7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9FFB9C2C-731A-4A79-BB8B-7A6DBD59BD97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A30B2B40-31B9-462B-A2EA-A13DEB29684E}" = protocol=6 | dir=in | app=c:\users\user\downloads\audioconverter_setup(2).exe | 
"{A4A42F0E-FAD8-423D-8D28-2E0ED1ACABF5}" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.exe | 
"{A6A919D6-D73F-4465-9E7B-38900B02669B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB6B562A-55EA-4E22-B6FD-1199E77B928A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{AD847F00-BEA5-44EC-9843-4D5A8BA9C513}" = protocol=6 | dir=out | app=system | 
"{B044FFC8-25BD-45FB-8906-B4C664E5AA61}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3B185B4-DA03-4A89-873A-B72FE99D1BFC}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{B4110C65-CD34-4633-8C87-988B787E85D3}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{B83BBC01-2B09-49E2-802C-DD63ECC9D9F6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{BC7A6D33-61C3-4F2A-9680-43EEDE7BC356}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{BD3927EA-32C9-4B4C-A4D3-AEAD30CF635A}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{BE2662D0-85E0-46C6-96B5-728A411E3B00}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{BEBCB015-3699-407B-AF8E-FCAD53785C11}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{C2FCA2CC-9A40-4E76-8D5A-28CC68CCB091}" = protocol=17 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe | 
"{C32F2B04-16B4-4A6C-B97D-397887C0418E}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"{C3ACCE8A-5E1F-4B80-B716-07C253648868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6A90593-67DA-4399-8A74-1524D6A3AF29}" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\launcher.exe | 
"{CAE017DE-96C7-4325-95D6-4D28D0CB4E69}" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.patch.exe | 
"{CEF517E1-D6B8-4A44-B9B8-8B90A2109C83}" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\launcher.patch.exe | 
"{D0FF7BB2-00E8-48A1-9051-1C8C2FEE22EC}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{D311B642-C173-41AD-9D63-B3302D1A57DE}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{DCE78D9F-4463-49B2-9DAE-C5C201A97EFA}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{E01BA4C8-0BEC-46B8-871D-C2869801F47B}" = protocol=17 | dir=in | app=c:\users\user\downloads\audioconverter_setup(2).exe | 
"{E1FD4910-56E5-444E-8F48-456520D18770}" = protocol=6 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe | 
"{E2023BEB-485E-45F6-B22F-D4A6A61DD359}" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{E37FF0EA-1CFE-4A4C-9D48-6FACEAF02D3A}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{E5A4ED21-C344-4E16-91AA-C064037B62B9}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{E5A7AF7B-D8FF-4991-9061-18C967BE826E}" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{EC2B26DF-740F-4926-B3AA-D15E7D92E4A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F0B39AE5-E229-4C8A-86B5-CBCDE77B61B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F526C96C-5560-4D4A-B946-893991EB1535}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F58DE72A-5F92-49A9-88F8-2B4C5A4E31A9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{FC7828A4-386E-4492-961F-793C752293FB}" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{052403D3-1D44-42E8-ACC9-C922C85DFB80}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{08270A47-11AD-4BE7-81F7-54E508373D6E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{11AD4EB7-23B4-48A4-AAFB-DDDD2C6F294B}C:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe | 
"TCP Query User{1D70191E-99FA-4AE0-8E72-CE559CFDF48E}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"TCP Query User{1F455C08-F01B-4593-A221-E68C7024AB9B}C:\program files\prettymaybasic\prettymay.exe" = protocol=6 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"TCP Query User{211F76A6-21C0-4314-BA95-375E4F21574C}F:\world of warcraft 1\launcher.patch.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\launcher.patch.exe | 
"TCP Query User{349A0034-86B2-4C86-A8B8-9CCAB3FBC528}D:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{383840F8-18A3-48F8-A856-B1134679EBF8}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{414EBF0A-8198-4A19-BB93-6A495603BD79}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"TCP Query User{45DF059F-FBF4-47FC-89B6-29150F72740E}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{496F905C-8AFF-46B5-B79C-AA0D6918002E}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"TCP Query User{4C0BBF61-971F-4168-9312-1A7F1823D6CE}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{5D7A01FC-9C8C-4199-825E-609404EEAAB6}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{6B1225D6-898A-47D0-8A9E-90C5C92C8D3D}F:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{6D937413-E0E8-4148-8562-1C41A6AABDED}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{7041B0CA-AFBA-484D-B549-4B4B8FC68C79}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"TCP Query User{729F2CAA-7C36-4290-8E05-215B253DAD2B}C:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"TCP Query User{7869C16E-7158-45C1-BDEC-055197FF34A1}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"TCP Query User{7FDCE5B6-3673-49E2-978F-B8D86BBBCE6F}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{88E6D92A-4C14-4D78-AB9D-3B3B56C146E0}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{A3F23D8C-82C7-4642-9069-103A6A937E21}C:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"TCP Query User{A75A6418-A616-4B4A-B25A-5D599537CD25}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{AA7B47E1-05E5-45CA-9044-1E14B9E6C4B5}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"TCP Query User{AC628CC7-4378-44AE-AEF1-E2E7F78DF1EE}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{AEB12D6E-A0DB-47A6-894E-402515321EE2}F:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{B0F89C1E-BF52-425B-85CA-6A0FF5BB7721}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{B1D5F5EE-8F8F-4736-B9BF-815B985D52C8}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{B48D924C-F7DB-4292-8AF1-C30DDAC20A31}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{B4D27E42-C945-4D74-A957-D347E9049B7D}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{B5F069E8-EEF6-46C6-A65F-CE45334A0013}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"TCP Query User{CF780C53-5EF7-4D04-9F70-AB1FD64264C0}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"TCP Query User{E2BEF478-0365-412E-9623-89C034642F90}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"TCP Query User{E45AFBDA-6D22-42B1-94AB-BAF96F573B5B}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 
"TCP Query User{E6A08B8E-5EDC-47FC-817B-415A3AE2C68B}D:\world of warcraft\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{EBD33C73-CAA0-4F3D-93B1-1537583F3E11}F:\world of warcraft 1\launcher.exe" = protocol=6 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
"TCP Query User{EC077C06-6357-4765-84C8-AB570DE96989}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"TCP Query User{F1E0D0F4-F3A3-4C73-916E-C9E5A2A567D5}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{F4ED224C-96DF-4790-894A-EB0157AC0260}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{F52B1F52-3BCB-4FA6-B298-44187FF9B85D}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"TCP Query User{F74F569A-A073-492D-8F15-84E36272638C}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"UDP Query User{048489F3-D172-4A5E-98A8-B08040972D16}D:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{07841906-C7D6-4E0A-91C0-A8652DDB43D0}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{08A4E1E5-50CA-47F6-8C8D-284BC26F7EC3}C:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie - kopie\backgrounddownloader.exe | 
"UDP Query User{0C088D93-5C59-4C0D-958F-F58633ECCA43}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{0E104FA0-363B-48B9-8211-02FE1548526C}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"UDP Query User{20B4A484-2F8E-4761-8F62-AB2BC00B82F0}F:\world of warcraft 1\launcher.patch.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\launcher.patch.exe | 
"UDP Query User{2423E96F-4132-42D2-AAE4-5180C5212215}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"UDP Query User{2C73BA71-2310-4466-A0C6-E2F78B1C14C5}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"UDP Query User{3C16588A-F034-4DC7-9EE6-07E3C8827FEB}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{3CF28737-B0FA-4ED2-86AA-7A47A6F4EF64}C:\program files\prettymaybasic\prettymay.exe" = protocol=17 | dir=in | app=c:\program files\prettymaybasic\prettymay.exe | 
"UDP Query User{498899E1-4DCD-4857-A529-C71B8B27D7DC}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"UDP Query User{4AE22E10-D105-4C2F-8528-65E9B9BD34C2}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"UDP Query User{5032EFDB-3036-4158-87DA-B9723538AC65}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{5A046992-E3CB-4CBA-B185-F7C942A02127}C:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\wow - kopie\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"UDP Query User{5C443027-4137-49EC-83D8-73D66D2F710E}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"UDP Query User{607040B3-D81F-4D72-AE4B-7621822F43A7}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"UDP Query User{65A82FCA-A52A-4269-8F6F-E482A1AE1BF9}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{680CC033-786E-4C6A-ADEF-0D4A656BE69F}C:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"UDP Query User{6BED1D77-3037-4E75-A69F-CED42B2C2EE2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{6E41EE68-B134-47DF-80AA-353EB1453B02}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{863B56EB-68AD-4C56-AFAA-80B21F326087}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{8B05FA58-7AD0-4072-8098-9F2A8CAE6865}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{8BB9A4AE-0D30-47B0-A313-B13EC11A5146}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{8F8340BA-9652-4820-8F66-9721F17A2470}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{9543A2DE-1A08-4191-8158-0A0648318331}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"UDP Query User{A706D8D8-C137-4667-AFCB-4FDF6FD03BD6}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{BC20D295-DA41-4C63-B010-8F369D3F24CB}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{BD2BCAF3-AA83-4E16-8D2F-2E3FC95EC900}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{C1A04F2D-356B-4ED8-AC3B-EBBE0BA49324}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"UDP Query User{C2F07296-DFDB-4E0A-AB6E-31D18CA3D39F}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{C478B475-C361-43A5-9B38-DAF9F1526A1A}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"UDP Query User{CD308447-38E7-4E40-B4F7-81F5DEECB53C}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{D77B2917-AEA1-49D0-B8AE-8743EADF1A77}F:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{D7C8D59B-6961-43D7-8FE9-6DBB5DA704D6}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"UDP Query User{DA9C1411-5C75-46E9-8A10-E4210888115C}D:\world of warcraft\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{DD436CC3-88ED-42D0-A105-AF68C1AA94EF}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 
"UDP Query User{DD5F5B14-7032-499C-A78B-EF69898BF184}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 
"UDP Query User{E0CDCB2C-329E-4D2F-BE09-383A52A23C53}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{ED91E705-A9C5-429F-9F96-71C5308194AD}F:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{F6370810-1E80-4FA9-99D1-B71740ECA6CA}F:\world of warcraft 1\launcher.exe" = protocol=17 | dir=in | app=f:\world of warcraft 1\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0a942b37-2a6f-4b9f-9470-0d1d3d2de196}" = Nero 9 Essentials
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = Die Sims™ 3 Diesel Accessoires
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11807553}" = Hotel Dash Suite Success
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = Die Sims™ 3 Supernatural
"{B4CB2C34-E745-4063-9CD6-F54D46F7F4FE}" = Nitro PDF Reader 2
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Creative Removable Disk Manager" = Creative-Manager für Wechseldatenträger
"Defraggler" = Defraggler
"Deponia 2" = Chaos auf Deponia
"DivX Setup" = DivX-Setup
"dvdvideosofttoolbar" = DVD Video Soft Toolbar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"houseworx_is1" = houseworx
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"Logitech Vid" = Logitech Vid HD
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX_{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Picasa 3" = Picasa 3
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.16.2.6
"SysInfo" = Creative-Systeminformationen
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ThumbsPlus 3.21" = ThumbsPlus Version 3.21-R
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
"ZENcast Organizer" = ZENcast Organizer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3593604086-429341408-3109665741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.12.2012 18:53:37 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12449
 
Error - 10.12.2012 18:53:38 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.12.2012 18:53:38 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13463
 
Error - 10.12.2012 18:53:38 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13463
 
Error - 10.12.2012 18:53:39 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.12.2012 18:53:39 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14462
 
Error - 10.12.2012 18:53:39 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14462
 
Error - 10.12.2012 18:53:40 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.12.2012 18:53:40 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15460
 
Error - 10.12.2012 18:53:40 | Computer Name = manuu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15460
 
[ Media Center Events ]
Error - 28.09.2010 08:21:23 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 14:21:23 - Fehler beim Herstellen der Internetverbindung.  14:21:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.09.2010 08:21:55 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 14:21:52 - Fehler beim Herstellen der Internetverbindung.  14:21:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.09.2010 09:22:27 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 15:22:27 - Fehler beim Herstellen der Internetverbindung.  15:22:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.09.2010 09:22:57 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 15:22:56 - Fehler beim Herstellen der Internetverbindung.  15:22:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.10.2010 04:37:39 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 10:37:35 - Fehler beim Herstellen der Internetverbindung.  10:37:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.10.2010 07:18:23 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 13:18:19 - Fehler beim Herstellen der Internetverbindung.  13:18:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.11.2010 08:08:03 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 13:08:00 - Fehler beim Herstellen der Internetverbindung.  13:08:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.11.2010 08:08:55 | Computer Name = manuu-PC | Source = MCUpdate | ID = 0
Description = 13:08:38 - Fehler beim Herstellen der Internetverbindung.  13:08:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 09.12.2012 09:20:00 | Computer Name = manuu-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.12.2012 10:03:21 | Computer Name = manuu-PC | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.17.3 
mit dem Computer mit der  Netzwerkhardwareadresse 7C-6D-62-39-22-84 ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
Error - 09.12.2012 10:03:35 | Computer Name = manuu-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 09.12.2012 10:11:48 | Computer Name = manuu-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 09.12.2012 12:13:43 | Computer Name = manuu-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 09.12.2012 12:13:55 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 09.12.2012 17:42:39 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 09.12.2012 19:12:18 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 10.12.2012 11:41:48 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 11.12.2012 05:56:46 | Computer Name = manuu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >

--- --- ---

cosinus · 13.12.2012, 12:49

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\URLSearchHook: {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
IE - HKU\S-1-5-21-3593604086-429341408-3109665741-1000\..\SearchScopes,DefaultScope = 
FF - prefs.js..browser.search.defaultenginename: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.order.1: "appbario8 Customized Web Search"
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3227980&SearchSource=2&q="
[2010.08.08 18:44:12 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\bProtect.xml
[2010.08.08 18:44:12 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\conduit.xml
[2012.12.08 13:18:36 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin-1.xml
[2012.02.07 13:56:09 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin-2.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin.xml
[2012.12.08 15:26:12 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
O2 - BHO: (DVD Video Soft Toolbar) - {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
O3 - HKLM\..\Toolbar: (DVD Video Soft Toolbar) - {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll ()
O20 - AppInit_DLLs: (Process Name%.dll) -  File not found
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:30376ACC
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Files
C:\Programme\dvdvideosofttoolbar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Belatucradus · 14.12.2012, 15:56

Hallo, hat sie alles richtig ausgeführt ?

Code:

ATTFilter

2All processes killed
========== OTL ==========
HKU\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cd8812d4-e5b8-41c6-94d4-59872a484bf1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd8812d4-e5b8-41c6-94d4-59872a484bf1}\ not found.
File C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll not found.
HKEY_USERS\S-1-5-21-3593604086-429341408-3109665741-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "appbario8 Customized Web Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from browser.search.defaulturl
Prefs.js: "appbario8 Customized Web Search" removed from browser.search.order.1
Prefs.js: ffxtlbr@babylon.com:1.1.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227980&SearchSource=2&q=" removed from keyword.URL
File C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\bProtect.xml not found.
File C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\conduit.xml not found.
File C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin-2.xml not found.
File C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ijldys6d.default\searchplugins\icqplugin.xml not found.
Folder C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cd8812d4-e5b8-41c6-94d4-59872a484bf1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd8812d4-e5b8-41c6-94d4-59872a484bf1}\ not found.
File C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cd8812d4-e5b8-41c6-94d4-59872a484bf1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd8812d4-e5b8-41c6-94d4-59872a484bf1}\ not found.
File C:\Programme\dvdvideosofttoolbar\dvdvideosofttoolbarX.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:Process Name%.dll deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:3AE22B1A .
Unable to delete ADS C:\ProgramData\TEMP:30376ACC .
Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 .
========== FILES ==========
File\Folder C:\Programme\dvdvideosofttoolbar not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Bettina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Herbert
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 225582346 bytes
->Flash cache emptied: 28077 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: User
->Temp folder emptied: 2732561 bytes
->Temporary Internet Files folder emptied: 4416932 bytes
->Java cache emptied: 3576586 bytes
->FireFox cache emptied: 272099828 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 168608 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48534 bytes
RecycleBin emptied: 94581 bytes
 
Total Files Cleaned = 486,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 12132012_173545

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 14.12.2012, 15:57

Eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.