Win8 Firwall + Defender nicht mehr aktivierbar

MHO · 16.01.2013, 20:00

Hallo Leute,

ich hoffe es kann mir hier jemand mit meinem folgenden Problem helfen.

Ich hab mich vorab schon selbst einmal bemüht via Google das Problem selbst zu beheben, bzw. die möglich Schadsofware mit den folgenden Tools zu killen (Malwarebytes, OTL, Rogue Killer) aber leider vegeblich.
Es wurden ein paar Einträge zu funmoods gefunden und gelöscht, aber ansonsten nichts weiter gelöscht.

Seit einigen Tagen lässt sich bei mir die Windows Firewall und Windows Defender nicht mehr aktivieren.

Nach einigen Recherchen und dem Selbstversuch wende ich mich mit diesem Problem an euch und hoffe es kann mir hier jemand helfen.

Nun zur Abarbeitung der empfohlenen Punkte:

1.) defogger meldet keinen Fehler

2.) OTL
otl.txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.01.2013 19:44:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,39% Memory free
9,15 Gb Paging File | 7,07 Gb Available in Paging File | 77,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1848,03 Gb Total Space | 1657,90 Gb Free Space | 89,71% Space Free | Partition Type: NTFS
Drive D: | 3,96 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 14,65 Gb Total Space | 9,12 Gb Free Space | 62,29% Space Free | Partition Type: NTFS
 
Computer Name: ***| User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.15 20:39:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.30 09:42:28 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2011.12.16 13:08:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.12.16 13:08:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.12.16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2011.09.20 02:02:29 | 000,109,848 | ---- | M] () -- C:\Program Files (x86)\PostgreSQL\UpdateMonitor\bin\UpdManager.exe
PRC - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.08 01:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.08 01:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013.01.08 01:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013.01.08 01:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013.01.08 01:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013.01.08 01:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2011.09.20 02:02:29 | 000,109,848 | ---- | M] () -- C:\Program Files (x86)\PostgreSQL\UpdateMonitor\bin\UpdManager.exe
MOD - [2010.02.22 09:43:32 | 002,730,496 | ---- | M] () -- C:\Program Files (x86)\PostgreSQL\UpdateMonitor\bin\QtCore4.dll
MOD - [2009.06.22 13:51:34 | 011,266,048 | ---- | M] () -- C:\Program Files (x86)\PostgreSQL\UpdateMonitor\bin\QtGui4.dll
MOD - [2009.06.22 13:42:48 | 001,380,352 | ---- | M] () -- C:\Program Files (x86)\PostgreSQL\UpdateMonitor\bin\QtNetwork4.dll
MOD - [2009.06.22 13:42:00 | 000,504,832 | ---- | M] () -- C:\Program Files (x86)\PostgreSQL\UpdateMonitor\bin\QtXml4.dll
MOD - [2007.12.27 17:23:36 | 000,015,964 | ---- | M] () -- C:\Program Files (x86)\PostgreSQL\UpdateMonitor\bin\mingwm10.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.21 09:01:39 | 000,111,104 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe -- (postgresql-x64-9.0)
SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.01.08 20:49:37 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.28 19:43:18 | 000,541,760 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.06.26 19:31:46 | 001,184,312 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2012.06.19 12:20:08 | 000,815,759 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\PgBouncer\bin\pgbouncer.exe -- (pgbouncer)
SRV - [2012.06.19 09:14:03 | 000,382,976 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\pgAgent\bin\pgagent.exe -- (pgAgent)
SRV - [2012.06.05 08:14:26 | 000,025,088 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\PostgreSQL\EnterpriseDB-xDBReplicationServer\scripts\ServiceWrapper.exe -- (Subscription Service)
SRV - [2012.06.05 08:14:26 | 000,025,088 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\PostgreSQL\EnterpriseDB-xDBReplicationServer\scripts\ServiceWrapper.exe -- (Publication Service)
SRV - [2012.05.04 13:37:41 | 000,018,432 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\PostgreSQL\EnterpriseDB-ApachePHP\apache\bin\httpd.exe -- (EnterpriseDBApachePHP)
SRV - [2011.12.16 13:08:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.12.16 13:08:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.12.16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2011.12.08 15:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.08.27 10:01:00 | 000,012,800 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2011.08.27 10:00:20 | 000,512,000 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2011.08.27 09:59:56 | 000,069,632 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2011.08.27 09:58:52 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2011.08.27 09:58:50 | 115,773,440 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)
SRV - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.01.13 15:19:24 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012.11.27 08:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.26 23:36:16 | 000,208,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.10.26 16:42:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.10.26 04:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 08:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.09.17 18:42:06 | 001,576,080 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RTWlanU.sys -- (RtlWlanu)
DRV:64bit: - [2012.09.17 18:42:06 | 001,576,080 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RTWlanU.sys -- (RTL8192cu)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.06.02 15:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.04.20 00:05:00 | 000,104,960 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SDICLx64.sys -- (SDICLx64)
DRV:64bit: - [2011.03.28 23:54:02 | 000,077,568 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SDISCx64.SYS -- (SDISCx64)
DRV:64bit: - [2010.11.11 13:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.11.11 13:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.11.11 13:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.11.11 13:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012.10.16 12:27:43 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyE0ByE0C0A0A0D0FyDtB0DtN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1367593856
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyE0ByE0C0A0A0D0FyDtB0DtN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1367593856
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyE0ByE0C0A0A0D0FyDtB0DtN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1367593856
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 D2 4F BF 0C B6 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyE0ByE0C0A0A0D0FyDtB0DtN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1367593856
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013.01.15 18:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.01.13 01:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2012.11.15 18:30:12 | 000,214,020 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\extensions\socksharedownloader@socksharedownloader.com.xpi
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.01.15 21:23:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\SockshareDownloader\smarterdownloader.dll (TODO: <Company name>)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [UpdateMonitor] C:\Program Files (x86)\PostgreSQL\UpdateMonitor\bin\UpdManager.exe ()
O4 - HKCU..\RunOnce: [Uninstall C:\Users\***\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\***\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\***\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\***\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{135200D2-50A9-4809-A4B8-DC640F9380DA}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DCC822-4029-4242-AFCB-DF84397638B5}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F706041-E5C6-444A-9090-EC85822AA88B}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.13 11:31:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0526f943-1378-11e2-be66-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0526f943-1378-11e2-be66-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\SETUP.EXE" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.15 21:40:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.01.15 21:40:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013.01.15 21:36:41 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013.01.15 21:35:22 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013.01.15 21:34:25 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013.01.15 21:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013.01.15 21:22:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.15 20:29:31 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013.01.15 18:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.15 18:03:23 | 000,000,000 | --SD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.15 17:34:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics
[2013.01.13 18:03:08 | 000,000,000 | ---D | C] -- C:\Users\***\.argouml
[2013.01.13 17:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.01.13 17:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.01.13 15:35:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics
[2013.01.13 15:19:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2013.01.13 15:19:24 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.01.13 15:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013.01.13 15:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013.01.13 15:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.01.13 11:55:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.01.13 11:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.13 11:55:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.01.13 11:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.13 11:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.01.11 12:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.01.09 19:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SockshareDownloader
[2013.01.09 19:28:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PutLockerDownloader
[2013.01.09 19:28:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SockshareDownloader.com
[2013.01.09 19:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SockshareDownloader.com
[2013.01.06 20:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.01.03 18:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2013.01.02 22:07:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2012.12.31 22:38:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2012.12.31 19:12:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\JDownloaderPackages
[2012.12.31 19:12:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.12.29 16:15:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SimCity 4
[2012.12.29 14:29:04 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Telltale Games
[2012.12.17 21:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.17 21:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.17 21:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.17 21:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.17 21:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.17 21:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.16 19:43:45 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.16 19:28:38 | 001,759,726 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.16 19:28:38 | 000,756,654 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.16 19:28:38 | 000,714,808 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.16 19:28:38 | 000,157,652 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.16 19:28:38 | 000,134,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.16 19:26:56 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.16 19:26:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.15 21:47:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.15 21:44:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.01.15 21:44:05 | 2545,082,367 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 21:41:51 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013.01.15 21:35:52 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-***-Microsoft-Windows-8-(64-Bit).dat
[2013.01.15 21:23:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013.01.15 20:49:42 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.14 18:50:27 | 000,004,608 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.13 17:17:55 | 000,005,294 | ---- | M] () -- C:\Windows\wininit.ini
[2013.01.13 15:19:24 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.01.13 15:04:00 | 000,002,255 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2013.01.13 15:02:36 | 000,356,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.13 11:31:00 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.01.11 12:35:48 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.01.06 20:24:23 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.01.06 20:14:59 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013.01.03 20:13:35 | 000,001,049 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.03 20:13:27 | 000,001,023 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2013.01.03 19:28:41 | 000,000,000 | ---- | M] () -- C:\Users\***\Documents\Default.rdp
[2012.12.31 19:12:46 | 000,002,037 | ---- | M] () -- C:\Users\***\Desktop\JDownloader.lnk
[2012.12.29 12:28:29 | 000,000,222 | ---- | M] () -- C:\Users\***\Desktop\The Walking Dead.url
[2012.12.29 12:28:29 | 000,000,221 | ---- | M] () -- C:\Users\***\Desktop\SimCity 4 Deluxe.url
[2012.12.29 12:28:29 | 000,000,219 | ---- | M] () -- C:\Users\***\Desktop\Left 4 Dead 2.url
[2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.29 09:40:11 | 002,923,201 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.12.17 21:38:42 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.16 19:43:45 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.15 21:37:24 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2013.01.15 21:35:52 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-***-Microsoft-Windows-8-(64-Bit).dat
[2013.01.14 18:50:22 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.13 17:17:54 | 000,005,294 | ---- | C] () -- C:\Windows\wininit.ini
[2013.01.13 15:02:31 | 000,356,648 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.13 11:31:00 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.01.06 20:14:59 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013.01.03 19:28:41 | 000,000,000 | ---- | C] () -- C:\Users\***\Documents\Default.rdp
[2012.12.31 1912:46 | 000,002,037 | ---- | C] () -- C:\Users\***\Desktop\JDownloader.lnk
[2012.12.31 19:12:40 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.12.31 19:12:40 | 000,001,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.12.31 19:12:39 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.12.29 12:28:29 | 000,000,222 | ---- | C] () -- C:\Users\***\Desktop\The Walking Dead.url
[2012.12.29 12:28:29 | 000,000,221 | ---- | C] () -- C:\Users\***\Desktop\SimCity 4 Deluxe.url
[2012.12.29 12:28:29 | 000,000,219 | ---- | C] () -- C:\Users\***\Desktop\Left 4 Dead 2.url
[2012.12.17 20:25:16 | 000,385,604 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2012.11.05 21:53:26 | 000,000,154 | ---- | C] () -- C:\Users\***\.appletviewer
[2012.11.03 18:44:06 | 001,781,152 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.29 22:15:53 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2011.12.08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2012.10.11 09:25:11 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2013.01.15 18:42:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2013
[2013.01.13 22:36:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.12.31 19:12:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JDownloaderPackages
[2012.11.03 19:10:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.12.07 19:30:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2012.11.06 20:02:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Postgres Enterprise Manager
[2012.11.06 20:11:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\postgresql
[2012.11.06 19:50:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SQL Developer
[2012.11.06 00:28:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2013.01.15 18:04:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

[QUOTE]

extras.txtOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 15.01.2013 21:11:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,57 Gb Available Physical Memory | 69,96% Memory free
9,15 Gb Paging File | 6,35 Gb Available in Paging File | 69,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1848,03 Gb Total Space | 1656,62 Gb Free Space | 89,64% Space Free | Partition Type: NTFS
Drive D: | 3,96 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 14,65 Gb Total Space | 9,12 Gb Free Space | 62,29% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0357ABAB-14E4-48CF-8D2B-89F6B7E3092B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0AA247D7-9121-4FA5-B5D1-C604E3BAC748}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{115FB716-DC7A-4A63-9127-E8680C7EDA89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1C6722F2-820E-4F20-A92D-FF71749D97D7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2058674F-834A-4B2C-976D-2909CA18E1B0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{207BB347-3B45-4E30-B0D9-D64CD1243708}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{277A11A2-D765-4F5E-AD7A-3C1017A1A1E1}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2E751478-47F4-4664-A11A-B6718839D1A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B8E301E-4EC6-4B91-979D-5731D6B13E7F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{45C0EDFD-24A4-47B4-8673-782563A8B872}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{466C6A1C-73AE-4E11-A821-C997D5A143E9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{492BB118-C86D-4D27-8627-8A6A9DED4CAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BFF8E2D-197A-43A5-9746-EB7872DF6A49}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F42BD3A-A034-4F0F-9F55-446024984B60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{635C4E5A-2443-4E46-A1EE-3B0CE640FA79}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{68D6993D-4D7A-4F6B-A0FC-889BBA536342}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{690966A1-ED19-4A27-B6DE-6961407C6CE6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7072C1EC-F4B5-42FE-AAF4-7888E88C864D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{777CEAFD-2D08-42B7-9F54-3359A90D2054}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8CFAE96D-E477-42A5-B490-71EC1F4441C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E8736AF-CE19-4CCF-A3B2-2F8F11E0AE5B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{98DC933A-108F-43FF-AC71-9AEF5D6D927B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A50E1F2-5731-46E9-B96D-B8A968E309F2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A1C92032-9027-4CB9-8106-F7AC8C832A37}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B2A75925-1015-443D-80FC-B317030E2622}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C1EF6FBB-E5AF-445C-9207-15C17EA0B5A3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C896D7B9-CEC2-49D9-96F3-8F39F564B7C0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CED80065-9957-469E-8150-9CC7A872CA40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D2237AA5-F5F5-4C97-ACFD-41C86BFF1535}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DD7C79A2-2803-4590-8F87-C5F549FA037E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe | 
"{E6D1CE8F-EFD7-4017-BA08-E1CD2864ECBB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F48A7D2B-0ECF-48DA-912A-849BA704DE99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FBBEFCB0-76E0-4A07-8B62-DFE20FE8CE1D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FBC10749-9D5F-4D06-9A5F-A689A25866CA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FC3237C5-43A5-4297-A25C-899153250DDA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00783178-93B9-48F4-A77B-13BC528BE146}" = protocol=6 | dir=out | app=system | 
"{0790EBD9-94F5-4D4A-BEB5-E5380E5BCF59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{0846394C-499A-4347-A7D9-3E32A59A3C13}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{08FD94EB-85FD-47E0-B3CF-9B75484C3EE8}" = dir=out | name=@{12199asparion.asparionclock_1.1.0.2_neutral__f89vgcf3qm37t?ms-resource://12199asparion.asparionclock/resources/spackagename} | 
"{099FF76C-DEE4-4BDE-98B1-8D5BCBC472F2}" = dir=out | name=google search | 
"{0B19A467-240B-48BD-808F-A76495F38AE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CE71AA9-4F0C-41BB-8EA3-0246918E3CB2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0E5EA985-4DDC-4F17-980D-B7F2FCEF443C}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{0E78AF61-44C7-475F-AC18-1CD8CD1510FF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{0FDC1BF4-FB7A-4D50-BD7B-A37BFFCA4762}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{117FBEFB-49F6-483D-8F87-ED608E62D0B4}" = dir=out | name=die presse | 
"{11B7BA7D-E0DD-4119-8064-DE167BD6EC03}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{128347DE-98BA-484E-9A8D-3329C0640950}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{1330259F-F6B6-4CEE-8C54-3C822D1F3331}" = dir=out | name=@{3574gindasoft.to-dos_1.0.10.1_neutral__vhpcp2ef0a8kc?ms-resource://3574gindasoft.to-dos/resources/manifest_appname} | 
"{157419FE-DB16-461F-9546-3B99BD2D2B73}" = dir=out | name=leo | 
"{17527A98-21D7-4BB2-BD83-EB56A06FD7F0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{17E4115F-1DC4-4276-88B6-9562AE815C8F}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{182C4884-FBD8-4E08-83EE-1CE6DA277F49}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{1B440B64-86B9-4643-963F-70D7CB9C9D9C}" = dir=out | name=shazam | 
"{20D0431E-8091-456D-9BC6-BAFEBCE630AF}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{23BFA19B-3775-4821-9428-98AFAB09BE0F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2570FAE9-D122-4796-B161-442507EEB1C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{2ADC2B58-2E50-4B28-AA8B-364B9E5F95B0}" = dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | 
"{2CFA2209-D37E-4ADD-95B9-A34FFE4DB78B}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"{2E448510-7988-47BB-91AC-168AE76A45A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{329DBE26-7FD2-4645-B200-73611AE60C44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{32CFC323-A921-4A8B-81CC-0E467B232547}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{332E7421-4F6A-4570-9098-D084FB4088EC}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{34A3A95D-6933-4336-97FF-85C7D5128D73}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{35379943-74BF-4317-9CE1-CD8A34B4D50E}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{376A56B8-7F3F-4D34-86FF-915936F14B58}" = dir=out | name=@{microsoft.bingsports_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{3B68DCD7-1913-4BD5-A12E-73BDA85B4B48}" = dir=out | name=windows_ie_ac_001 | 
"{3DF8502D-9499-4BA4-97C8-1C96B340F49C}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3EB5A54C-22A2-485B-9409-540411D966D7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{4061C068-7311-4F5B-8E41-50F2B3100569}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{4191919D-36DF-4218-9542-4232006E89F3}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{41A79980-8F8F-4E7C-B1DE-2579DC248129}" = dir=out | name=wetter.com | 
"{4224D01F-19D5-462E-A04B-AB2A107968AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{436DA07E-13EA-4F5A-B766-49A089E7BEBD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{44574E9C-7A60-4F4D-A91E-7BB9F1431235}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{45DA68C6-A6FA-4E1C-AB88-A22B16703777}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{48AE7C74-35AF-48F3-B161-341DC127C1EA}" = dir=out | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{4B274F51-A91A-44B8-B823-355FB324C2C6}" = dir=out | name=espn fc | 
"{4DCD07CB-BDC6-4B34-B05F-EAC65E41E301}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{4EA18F19-0A0D-40DA-9A8C-4CFB3BB798E0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{4F503118-D0F4-4397-908C-BFF711585310}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{52F7FB6D-743F-408A-9CCB-386FCB2D45B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54182EA9-2205-42C4-A4CC-2DF25F80F3CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{56405CD9-DCC6-487D-B16B-25E9BFB299F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{57A3F3CC-24ED-4475-A3B1-C4963A77E0DA}" = dir=out | name=tunein radio | 
"{5CA31554-321B-47FB-BE47-F893B3AC1F9A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5DFE0BEB-0EC4-48FE-A2EB-A9C2F3289F2D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{62328EE0-D74A-4ADC-AE98-8A8CAEDD6FF7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{647199DC-B26B-44FA-891F-C565C9D28B1F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6649F7C8-75AA-43DC-A78A-F7E2DA7681F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | 
"{67B918C0-1E9B-4E02-9EED-7D5CDF3E2934}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{687817F2-62D2-4B42-B2FD-822CE6F9DBCF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6954D788-1CBE-48A6-9D39-79BD2D0D43C8}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{69CA85C9-4A16-4AD7-9D3E-BF8AC4C27BAE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6C74AB87-81C0-4335-9A2A-CDD3C794A037}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{6F45E930-797E-44EC-8387-F6BF12E931FC}" = dir=out | name=mahjong deluxe free | 
"{6F4C98AB-ECBE-455C-9375-EE6DF5B0DB87}" = dir=out | name=ris bundesrecht österreich | 
"{6FC1CB3F-28F3-4779-93D7-D92715F48F2E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{72264A26-63B1-40D1-AAB6-6297693799ED}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{72E09626-4472-4784-9D32-04414B2BF220}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{74F9D298-FEDF-4299-A0E0-DA627119225D}" = dir=out | name=free online games | 
"{7A26D347-3CDA-4AD2-B9C1-F1AD4AB97684}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E7FF676-1B96-4A5B-A7DE-61075BCD70AB}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"{7EF25D3C-E631-495D-84F6-5F88EEDCC285}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{7F64BF79-8882-41B9-9E18-47A3781AC0EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7F9D4C6A-F342-42D5-A025-01C9DA348D5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{7FBFB8DA-ED9C-4711-B546-0B6DA62602AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{83A0B2DC-904B-44B1-BBB5-258B3B996558}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{8AA4758A-FB4D-4426-ABAA-1E4139AE8E8D}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{8C381E68-16D1-4A1B-80DF-FA479AAB837B}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{8C3A7769-985B-47E6-B1B0-2A35B2AA2636}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{8F35691A-770F-4D79-BFA3-C43F60596C5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football superstars\patchbootstrap.exe | 
"{92BD7346-9AFA-41E9-BC1E-2EEB53794C33}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{93ED0D7C-329F-4F6A-85F7-3DB14DCDF014}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{953FDCEC-571C-466B-A0F8-EA918BE38F9C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{95CE364F-BD5F-4E73-AA3A-E93DEA3D0490}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{97338C0E-D35A-438E-8C87-E00F304F953E}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{98035A81-850A-425A-8EDD-81F0EB5D85FB}" = dir=out | name=business englisch | 
"{98B9A05B-95E8-416D-90FE-81A8FA9DF6E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{990FD54A-C1CA-4A73-B23E-0A2E75C7B3A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football superstars\patchbootstrap.exe | 
"{9C62A784-8F4E-4F59-815E-533D7FF16A9B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{9CE913F4-9CA6-4518-B809-157E6E1C2669}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{9F335F74-ED26-438E-9B9C-DE648FC8EFD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A30A487E-B9C0-447E-9C03-244EA8C3F4F1}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{A4277D1D-5897-4D64-9B1C-6CB5E753616F}" = protocol=6 | dir=in | app=c:\program files (x86)\postgresql\enterprisedb-apachephp\apache\bin\httpd.exe | 
"{A5EB623A-D956-4926-A04F-1A07EB80217C}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{A681699E-CDB5-40F7-A6A2-A048E011AD49}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{A69CA51D-E804-47BC-9061-8EE2764F6C27}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{A78CD7CB-877E-4C6A-B37B-967A08946CA1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A7D92CA8-E413-4BA4-9AAB-022553188D07}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{A94CA109-4145-4DE9-B9A2-40480524F339}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{AA11F892-7D1A-4B29-9667-DDC462D84325}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AFA8304A-0390-4E0E-BE70-D3772DD9B012}" = dir=out | name=@{microsoft.bingfinance_1.7.0.29_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{B0D17B37-3B9A-419E-9A45-F4E28611F560}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{B11DC4AB-83D8-4412-A31A-24C16FE76A5A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{B3ECE232-8098-4F26-8417-2D795B9AD9C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B528A156-FFBA-4234-A2BD-20DFAC47B6BB}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{B66B9336-E75F-4A6A-98A5-F74158C28CDE}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{B776E8EC-78A3-4B13-AE8F-67367A27FC6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{BB0516E1-11F1-43EC-A96D-7CC41480DA32}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{BBE77ADC-5C27-4FB3-BFB9-17A7DF900C77}" = dir=out | name=leo | 
"{BCE19BA9-7FB0-4291-8434-60EDFAA10314}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{BEB7E813-120B-4861-84F0-891E006FC1F5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BF81A1CC-26A8-4CB1-BDF6-E768F089858C}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{C524182F-F99B-4902-8503-2223A7CD0E54}" = dir=out | name=@{microsoft.bingnews_1.7.0.31_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{C588648C-64C7-432B-9964-A448449EA390}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{C5F36C07-5CFC-45E7-B25D-5F20ACD5AB3E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{C679FEB5-C73E-4F2E-A65F-6740CCAC4042}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C7062B14-C957-4136-9315-3E3A5D518FD7}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{C9452AD4-6C45-4CFF-9F50-BCC5BB6F7328}" = dir=out | name=juke | 
"{CC609643-DB6A-48B1-806E-80F4B00F8665}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{CDE1889E-C94F-4574-9684-03BABF70D302}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{CE4B548E-AFC7-4716-AD75-198C4515D47C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{CF327C4E-1CFA-4002-81D2-D35E4912EEF4}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{D056258D-207D-4852-9B14-66DBB234F868}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | 
"{D30A9FF8-B65A-4083-B39C-934953A48889}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D681360E-5B3D-4181-8084-D9F0D1F9ADD0}" = dir=in | name=juke | 
"{DAEBDF01-C7C3-4A0F-9CCE-8103007378B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC786DFF-7073-4863-82A2-C71143A876FD}" = dir=out | name=kindle | 
"{E05934C7-40A0-44C3-B49A-2CB781387ABC}" = dir=out | name=handy-signatur | 
"{E0733A11-0127-4953-A151-5C170213CBFF}" = protocol=17 | dir=in | app=c:\program files (x86)\postgresql\enterprisedb-apachephp\apache\bin\httpd.exe | 
"{E2FC9D84-FAD6-4D66-AE54-06DB4F15B1CD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{E3546478-9C30-4B74-80F2-B8AE00C09150}" = dir=in | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{E3E9B148-5068-4BF4-805F-2CABC81840A1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{E496C7D2-59D3-4831-9433-34A0E21A8DED}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{E7188C6C-1BFA-422C-A30D-86C22BE4B2D1}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EB970495-F691-451D-B655-9CA61AA49A01}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{EDE5F230-E9EE-4542-8C4C-E90B736223D4}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EFA12562-D9D9-4F4C-8B25-A592A8737D40}" = dir=out | name=@{2450bennyneugebauer.informatiktutorials_1.0.0.18_neutral__epyrzm9shc7ng?ms-resource://2450bennyneugebauer.informatiktutorials/resources/appname} | 
"{F09B3BE6-E619-4ED7-9824-F141C99BA211}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{F4DC4CF3-5DEE-43D4-8681-38346BE07512}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{F79387F8-4E22-46A4-848C-D64220305E56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{F9B9AAE7-32F6-4BE5-8579-B14EC803BF51}" = dir=out | name=tunein radio | 
"{FA94A36B-133E-4B83-97E7-81E6176C69FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{FAE41FE1-016F-49D0-91D6-670074D24BE6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{FB61ECEC-35E0-4757-9D09-EF8D23F69144}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{FE3B51C0-967C-440F-BF0D-24434552A5BB}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{FFBFDD04-4C81-4576-9D76-82B74C8B4401}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{4B872A6A-CFB1-45FD-9A8D-BB1700314B6E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{7C8D1157-F5FC-4FED-BF2F-B1B0EF65A848}C:\program files (x86)\postgresql\enterprisedb-apachephp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\postgresql\enterprisedb-apachephp\apache\bin\httpd.exe | 
"TCP Query User{BC60ABB1-1C06-4FF0-8D8C-916B62FDEAB4}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{0B1A9251-689A-4D62-B45A-98D1EB90A774}C:\program files (x86)\postgresql\enterprisedb-apachephp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\postgresql\enterprisedb-apachephp\apache\bin\httpd.exe | 
"UDP Query User{92F7FCBF-1CA8-470C-9C62-CCCBC551C7C0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{B492C6C8-D4EA-4634-885A-C81137435DF9}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{F91E2EF2-CD31-4727-816F-F73F772F5FE6}" = AVG 2013
"AVG" = AVG 2013
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PostgreSQL 9.0" = PostgreSQL 9.0 
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05A7B662-80A3-4EB9-AE1D-89A62449431C}" = Oracle Database 11g Express Edition
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1ACD399C-7F26-43A6-9F16-3AB28F63FDC7}" = TightVNC
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Apache/PHP 2.2.22-5.3.10-1" = Apache/PHP 2.2.22-5.3.10
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Drupal7 7.12-1" = drupal7 7.12
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.06" = GPL Ghostscript
"InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}" = Oracle Database 11g Express Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"mediaWiki 1.17.3-1" = mediaWiki 1.17.3
"MigrationToolkit 1.0-4" = EnterpriseDB MigrationToolkit 1.0
"Notepad++" = Notepad++
"Npgsql 2.0.11-1" = Npgsql 2.0.11
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"pgAgent 3.2.1-1" = pgAgent 3.2.1
"PgBouncer 1.5-1" = PgBouncer 1.5
"pgJDBC 9.1-901-1" = pgJDBC 9.1-901
"phpBB 3.0.10-1" = phpBB 3.0.10
"phpPgAdmin 5.0.4-1" = phpPgAdmin 5.0.4
"Postgres Enterprise Manager Client 2.1.1-2" = Postgres Enterprise Manager Client 2.1.1-2
"psqlODBC 09.01.0100-1" = psqlODBC 09.01.0100
"Steam App 207610" = The Walking Dead
"Steam App 219870" = Football Superstars
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 550" = Left 4 Dead 2
"Steam App 91310" = Dead Island
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 8" = TeamViewer 8
"TuningWizard 1.4-1" = EnterpriseDB TuningWizard 1.4
"UpdateMonitor 1.0-1" = Update Monitor 1.0
"VLC media player" = VLC media player 2.0.4
"VMware_Player" = VMware Player
"WinLiveSuite" = Windows Live Essentials
"xDB Replication Server 2.56-5" = xDB Replication Server 2.56
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"JDownloader Packages" = JDownloader Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.01.2013 16:05:13 | Computer Name = ***| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3484
 
Error - 12.01.2013 05:30:13 | Computer Name = ***| Source = pgAgent | ID = 0
Description = Stopping pgAgent: Couldn't establish the primary connection with the
 database server.
 
Error - 12.01.2013 17:04:32 | Computer Name = ***| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.01.2013 17:04:32 | Computer Name = ***| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1204
 
Error - 12.01.2013 17:04:32 | Computer Name = ***| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1204
 
Error - 13.01.2013 05:39:27 | Computer Name = ***| Source = pgAgent | ID = 0
Description = Stopping pgAgent: Couldn't establish the primary connection with the
 database server.
 
Error - 13.01.2013 10:03:50 | Computer Name = ***| Source = pgAgent | ID = 0
Description = Stopping pgAgent: Couldn't establish the primary connection with the
 database server.
 
Error - 13.01.2013 10:03:57 | Computer Name = ***| Source = pgAgent | ID = 0
Description = Stopping pgAgent: Couldn't establish the primary connection with the
 database server.
 
Error - 13.01.2013 10:04:38 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avgidsagent.exe, Version: 13.0.0.2851,
 Zeitstempel: 0x50a556fd  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505aaa82  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000da94f  ID des fehlerhaften
 Prozesses: 0x80c  Startzeit der fehlerhaften Anwendung: 0x01cdf196a6f45ead  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 2a7c858f-5d8a-11e2-be81-902b34b4caad
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 14.01.2013 13:55:56 | Computer Name = ***| Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2147024891. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
[ System Events ]
Error - 12.01.2013 05:29:06 | Computer Name = ***| Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 13.01.2013 05:36:01 | Computer Name = ***| Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2013 05:36:01 | Computer Name = ***| Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2013 05:36:01 | Computer Name = ***| Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2013 05:36:01 | Computer Name = ***| Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2013 05:36:03 | Computer Name = *** | Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2013 05:36:39 | Computer Name = ***| Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 13.01.2013 05:38:16 | Computer Name = ***| Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 13.01.2013 05:38:17 | Computer Name = *** | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 13.01.2013 10:01:31 | Computer Name = ***| Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
 
< End of report >

--- --- ---

Ich hoffe einmal, dass vielleicht jemand von euch etwas damit anfangen kann, danke.

cheers
Matthias

MHO · 19.01.2013, 12:10

Hallo liebe Forenmitglieder,

kann mir denn jemand mit meinem Problem helfen,oder bin ich hier falsch?

Danke für die Hilfe.

Grüße
Matthias

t'john · 19.01.2013, 15:40

wie lautet die Fehlermeldung?

Downloade Dir bitte SecurityCheck von einem der folgenden Links:
LINK1 LINK2

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

MHO · 19.01.2013, 16:36

Hallo.

Ich bekomme keine konkrete Fehlermeldung.

ich kann nur einfach die Windows firewall nicht mehr aktivieren und Windows Defender ist auch deaktiviert und nicht aktivierbar.

Wenn ich versuche die Firewall zu aktivieren dauert es einige Sekunden indem sich scheinbar im Hintergrund etwas tut, aber die Firewall wird nicht aktiviert.

Hier das checkup.txt File

Zitat:

Results of screen317's Security Check version 0.99.57
x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Bitdefender Virenschutz
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader XI
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
Bitdefender Bitdefender 2013 updatesrv.exe
Bitdefender Bitdefender 2013 vsserv.exe
Bitdefender Bitdefender 2013 bdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Grüße
Matthias

t'john · 19.01.2013, 17:23

Zitat:

(AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe

Zitat:

Bitdefender Virenschutz
Antivirus up to date!

Windows Defender wird nur aktiviert, wenn kein Virenschutz vorhanden ist.

Du hast 2 aktive Virenscanner, das ist nicht nur eine Systembremse, sondern sorgt dafuer, dass sie sich gegenseitig blockieren.

Entscheide dich für eines und Deinstalliere den Rest.

MHO · 19.01.2013, 18:22

hallo,

danke für deine rasche Antwort.

Meines Wissens habe ich AVG deinstalliert, es ist vermutlich nur Ordner mit den DLLs und exe vorhanden und wurde hier gefunden.

Ich habe mir vor 2 Tagen Bitdefender installiert, da eben die Firewall von Windows nicht mehr aktiviertbar ist.
Das Windows Defender nicht aktivierbar ist, dieses Problem hatte ich aber schon bevor ich mir Bitdefender installiert habe.

Hoffe diese Erläuterung hilft dir, mir weiterzuhelfen.

Meines Wissens sollte ich doch die Windwos Firewall immer manuel einschalten könnnen.

Wodurch kann das noch blockiert werden?

Mein Problem ist, dadurch das die Firewall blockiert ist, lässt mich Windows 8 keine Apps mehr aus dem Store downloaden.

Cheers
Matthias

t'john · 19.01.2013, 19:59

Zitat:

Zitat von MHO

hallo,

danke für deine rasche Antwort.

Meines Wissens habe ich AVG deinstalliert, es ist vermutlich nur Ordner mit den DLLs und exe vorhanden und wurde hier gefunden.

Falsch gedacht, OTL listet AVG hier mit 3 im Speicher laufenden Prozessen:

Code:

ATTFilter

PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

Deinstalliere ALLES was du als Sicherheitssoftware installiert hast!
Und zwar mit den jeweiligen Uninstallern, das ist wichtig!

http://www.bitdefender.de/support/bi...ieren-333.html
http://www.avg.com/ww-en/utilities

MHO · 19.01.2013, 20:50

Hey,

danke für die Erklärung.

Ich habe jetzt BitDefender und AVG so wie du es empfohlen hast deinstalliert.

Nun wird wieder Windows Defender verwendet.

Nur beim Einschalten der Firewall scheitere ich noch immer.
Wenn ich die WIndows Firewall aktivieren will bekomme ich immer den FEhler--> Windows Firwall konnte nicht aktiviert werden.

Woran scheitere ich da?

Grüße
Matthias

t'john · 19.01.2013, 23:16

Windows Repair Tool (AIO)

Downloade Windows repair tool
Entpacke das Zip und starte Repair_Windows.exe
Klicke auf Start repairs Tab dann: Start

folgende Punkte auswählen

Register System Files
Repair WMI
Repair Windows Firewall
Repair Proxy Settings
Repair Windows Updates
Set Windows Services To Default Startup

Auswählen: Restart System When Finished
Dann Start Button klicken.

MHO · 20.01.2013, 00:09

Leider kann ich die Windows Firewall auch danach nicht aktivieren.

t'john · 20.01.2013, 14:10

Auf Laufwerk C: wurde ein Tweaking.com-Log Ordner ersellt, bitte zippen und anhaengen.

Gib es irgendeinen Fehlercode, der angezeigt wird?

MHO · 20.01.2013, 15:50

Hey,

anbei das gezippte Log.

Und nein, leider kein Fehlercode, es steht nur --> Die Windows Firewall konnte nicht aktiviert werden.

Grüße Matthias

t'john · 20.01.2013, 17:52

Was hattest du noch installiert?
Ausser Bitdefender und AVG?

Bitte mal ausfuehren:
http://www.trojaner-board.de/72874-s...eparieren.html

Danach:
- neustarten

MHO · 20.01.2013, 18:53

Hey,

also ich hatte als Antivierensoftware eben AVG und Bitdefender oben.
Außerdem hatte ich kurz einmal Malwarebytes und Rogue Killer oben.

Leider kann ich die Windows Firwall nach dem ausführen von sfc noch nimmer nicht aktivieren.

Anbei findest du das Log.

t'john · 20.01.2013, 21:21

Was passiert, wenn du unter Systemsteuerung\System und Sicherheit\Windows-Firewall -> Standard wiederherstellen ausfuehrst?

20.01.2013, 14:10	#11
t'john /// Helfer-Team	Win8 Firwall + Defender nicht mehr aktivierbar Auf Laufwerk C: wurde ein Tweaking.com-Log Ordner ersellt, bitte zippen und anhaengen. Gib es irgendeinen Fehlercode, der angezeigt wird? __________________ Mfg, t'john Das TB unterstützen

20.01.2013, 17:52	#13
t'john /// Helfer-Team	Win8 Firwall + Defender nicht mehr aktivierbar Was hattest du noch installiert? Ausser Bitdefender und AVG? Bitte mal ausfuehren: http://www.trojaner-board.de/72874-s...eparieren.html Danach: - neustarten __________________ Mfg, t'john Das TB unterstützen

20.01.2013, 21:21	#15
t'john /// Helfer-Team	Win8 Firwall + Defender nicht mehr aktivierbar Was passiert, wenn du unter Systemsteuerung\System und Sicherheit\Windows-Firewall -> Standard wiederherstellen ausfuehrst? __________________ Mfg, t'john Das TB unterstützen

Win8 Firwall + Defender nicht mehr aktivierbar

Log-Analyse und Auswertung: Win8 Firwall + Defender nicht mehr aktivierbar