TR/Agent.10512429.1 und Win32/Agent.SZW trojan

MaBase66 · 16.02.2013, 12:02

Hallo cosinus,

ein TDSSKiller-Logfile befindet sich bereits in meinem Eröffnungspost. Falls das nicht ausreicht, gibt mir bitte eine Info.

cosinus · 16.02.2013, 18:31

Reicht nicht aus, weil es eine veraltete Version vom TDSSK war. Die Tools bitte nach Möglichkeit immer neu runterladen und dann ausführen, damit man auch wirklich die aktuelle Version benutzt.

MaBase66 · 20.02.2013, 16:54

Hallo cosinus,

sorry für die späte Antwort, aber ich zur Zeit beruflich sehr eingespannt.

Ich habe mir die neuste TDDSKiller-Version herunter geladen und einen Scan gemäß Beschreibung durchgeführt:

Code:

ATTFilter

16:47:48.0467 4892  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:47:48.0999 4892  ============================================================
16:47:48.0999 4892  Current date / time: 2013/02/20 16:47:48.0999
16:47:48.0999 4892  SystemInfo:
16:47:48.0999 4892  
16:47:48.0999 4892  OS Version: 6.1.7601 ServicePack: 1.0
16:47:48.0999 4892  Product type: Workstation
16:47:48.0999 4892  ComputerName: GOLLUM
16:47:48.0999 4892  UserName: Marcus
16:47:48.0999 4892  Windows directory: C:\Windows
16:47:48.0999 4892  System windows directory: C:\Windows
16:47:48.0999 4892  Running under WOW64
16:47:48.0999 4892  Processor architecture: Intel x64
16:47:48.0999 4892  Number of processors: 2
16:47:48.0999 4892  Page size: 0x1000
16:47:48.0999 4892  Boot type: Normal boot
16:47:48.0999 4892  ============================================================
16:47:49.0170 4892  Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:47:49.0170 4892  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C100DE00 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:47:49.0170 4892  ============================================================
16:47:49.0170 4892  \Device\Harddisk0\DR0:
16:47:49.0170 4892  MBR partitions:
16:47:49.0170 4892  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A351800
16:47:49.0170 4892  \Device\Harddisk1\DR1:
16:47:49.0170 4892  MBR partitions:
16:47:49.0170 4892  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
16:47:49.0170 4892  ============================================================
16:47:49.0202 4892  C: <-> \Device\Harddisk0\DR0\Partition1
16:47:49.0202 4892  D: <-> \Device\Harddisk1\DR1\Partition1
16:47:49.0202 4892  ============================================================
16:47:49.0202 4892  Initialize success
16:47:49.0202 4892  ============================================================
16:47:54.0936 4320  ============================================================
16:47:54.0936 4320  Scan started
16:47:54.0936 4320  Mode: Manual; SigCheck; TDLFS; 
16:47:54.0936 4320  ============================================================
16:47:55.0749 4320  ================ Scan system memory ========================
16:47:55.0749 4320  System memory - ok
16:47:55.0749 4320  ================ Scan services =============================
16:47:55.0874 4320  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:47:55.0920 4320  1394ohci - ok
16:47:55.0952 4320  [ 6CE02D42183CDF31315F208AE35F153F ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
16:47:55.0983 4320  acedrv11 - ok
16:47:56.0014 4320  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:47:56.0030 4320  ACPI - ok
16:47:56.0045 4320  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:47:56.0061 4320  AcpiPmi - ok
16:47:56.0124 4320  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:47:56.0139 4320  AdobeARMservice - ok
16:47:56.0264 4320  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:47:56.0280 4320  AdobeFlashPlayerUpdateSvc - ok
16:47:56.0311 4320  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:47:56.0327 4320  adp94xx - ok
16:47:56.0358 4320  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:47:56.0374 4320  adpahci - ok
16:47:56.0389 4320  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:47:56.0405 4320  adpu320 - ok
16:47:56.0420 4320  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:47:56.0452 4320  AeLookupSvc - ok
16:47:56.0499 4320  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:47:56.0514 4320  AFD - ok
16:47:56.0530 4320  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:47:56.0545 4320  agp440 - ok
16:47:56.0545 4320  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:47:56.0561 4320  ALG - ok
16:47:56.0561 4320  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:47:56.0577 4320  aliide - ok
16:47:56.0608 4320  [ D45D3540C5AE2A48C6112DF03F06F374 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:47:56.0624 4320  AMD External Events Utility - ok
16:47:56.0686 4320  AMD FUEL Service - ok
16:47:56.0702 4320  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:47:56.0702 4320  amdide - ok
16:47:56.0733 4320  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
16:47:56.0749 4320  amdiox64 - ok
16:47:56.0764 4320  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:47:56.0764 4320  AmdK8 - ok
16:47:57.0014 4320  [ 5B871F3E4A4A6C4693A413E3138B51D0 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:47:57.0139 4320  amdkmdag - ok
16:47:57.0170 4320  [ 9BE1140CE8D2C5E878F136A7B85D41B3 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:47:57.0170 4320  amdkmdap - ok
16:47:57.0186 4320  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:47:57.0202 4320  AmdPPM - ok
16:47:57.0217 4320  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:47:57.0217 4320  amdsata - ok
16:47:57.0249 4320  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:47:57.0249 4320  amdsbs - ok
16:47:57.0264 4320  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:47:57.0264 4320  amdxata - ok
16:47:57.0327 4320  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:47:57.0342 4320  AntiVirSchedulerService - ok
16:47:57.0374 4320  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:47:57.0389 4320  AntiVirService - ok
16:47:57.0467 4320  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:47:57.0499 4320  AppID - ok
16:47:57.0514 4320  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:47:57.0545 4320  AppIDSvc - ok
16:47:57.0592 4320  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:47:57.0624 4320  Appinfo - ok
16:47:57.0655 4320  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:47:57.0670 4320  Apple Mobile Device - ok
16:47:57.0670 4320  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:47:57.0686 4320  arc - ok
16:47:57.0702 4320  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:47:57.0717 4320  arcsas - ok
16:47:57.0780 4320  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:47:57.0780 4320  aspnet_state - ok
16:47:57.0811 4320  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:47:57.0827 4320  AsyncMac - ok
16:47:57.0858 4320  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:47:57.0858 4320  atapi - ok
16:47:57.0889 4320  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:47:57.0889 4320  AtiHDAudioService - ok
16:47:58.0077 4320  [ 5B871F3E4A4A6C4693A413E3138B51D0 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:47:58.0186 4320  atikmdag - ok
16:47:58.0233 4320  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:47:58.0264 4320  AudioEndpointBuilder - ok
16:47:58.0295 4320  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:47:58.0327 4320  AudioSrv - ok
16:47:58.0358 4320  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:47:58.0358 4320  avgntflt - ok
16:47:58.0389 4320  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:47:58.0389 4320  avipbb - ok
16:47:58.0420 4320  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:47:58.0420 4320  avkmgr - ok
16:47:58.0452 4320  [ BD39D7CFD9D6A73396B618113A8E8D57 ] avmaudio        C:\Windows\system32\DRIVERS\avmaudio.sys
16:47:58.0452 4320  avmaudio - ok
16:47:58.0514 4320  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:47:58.0530 4320  AxInstSV - ok
16:47:58.0577 4320  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:47:58.0592 4320  b06bdrv - ok
16:47:58.0608 4320  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:47:58.0624 4320  b57nd60a - ok
16:47:58.0639 4320  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:47:58.0655 4320  BDESVC - ok
16:47:58.0655 4320  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:47:58.0686 4320  Beep - ok
16:47:58.0749 4320  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:47:58.0780 4320  BFE - ok
16:47:58.0795 4320  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:47:58.0827 4320  BITS - ok
16:47:58.0842 4320  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:47:58.0858 4320  blbdrive - ok
16:47:58.0920 4320  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:47:58.0920 4320  Bonjour Service - ok
16:47:58.0952 4320  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:47:58.0952 4320  bowser - ok
16:47:58.0983 4320  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:47:58.0983 4320  BrFiltLo - ok
16:47:58.0999 4320  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:47:59.0014 4320  BrFiltUp - ok
16:47:59.0030 4320  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:47:59.0045 4320  Browser - ok
16:47:59.0061 4320  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:47:59.0077 4320  Brserid - ok
16:47:59.0092 4320  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:47:59.0108 4320  BrSerWdm - ok
16:47:59.0124 4320  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:47:59.0124 4320  BrUsbMdm - ok
16:47:59.0155 4320  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:47:59.0155 4320  BrUsbSer - ok
16:47:59.0170 4320  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:47:59.0186 4320  BTHMODEM - ok
16:47:59.0202 4320  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:47:59.0233 4320  bthserv - ok
16:47:59.0233 4320  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:47:59.0264 4320  cdfs - ok
16:47:59.0280 4320  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:47:59.0295 4320  cdrom - ok
16:47:59.0327 4320  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:47:59.0358 4320  CertPropSvc - ok
16:47:59.0374 4320  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:47:59.0389 4320  circlass - ok
16:47:59.0420 4320  [ 125327DF629324FAD78D9A95CCD0F425 ] CLBStor         C:\Windows\system32\DRIVERS\CLBStor.sys
16:47:59.0436 4320  CLBStor - ok
16:47:59.0452 4320  [ 9C0CD75FEA24E7E0E835EEE7F14406F7 ] CLBUDF          C:\Windows\system32\drivers\CLBUDF.sys
16:47:59.0467 4320  CLBUDF - ok
16:47:59.0483 4320  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:47:59.0499 4320  CLFS - ok
16:47:59.0577 4320  [ 4642B5A3E0D2E61D08163DE95FC5B949 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
16:47:59.0592 4320  CLKMSVC10_9EC60124 - ok
16:47:59.0639 4320  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:47:59.0655 4320  clr_optimization_v2.0.50727_32 - ok
16:47:59.0670 4320  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:47:59.0686 4320  clr_optimization_v2.0.50727_64 - ok
16:47:59.0717 4320  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:47:59.0733 4320  clr_optimization_v4.0.30319_32 - ok
16:47:59.0733 4320  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:47:59.0749 4320  clr_optimization_v4.0.30319_64 - ok
16:47:59.0764 4320  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:47:59.0780 4320  CmBatt - ok
16:47:59.0795 4320  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:47:59.0811 4320  cmdide - ok
16:47:59.0827 4320  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:47:59.0842 4320  CNG - ok
16:47:59.0858 4320  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:47:59.0874 4320  Compbatt - ok
16:47:59.0905 4320  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:47:59.0920 4320  CompositeBus - ok
16:47:59.0920 4320  COMSysApp - ok
16:47:59.0920 4320  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:47:59.0936 4320  crcdisk - ok
16:47:59.0967 4320  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:47:59.0983 4320  CryptSvc - ok
16:48:00.0030 4320  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:48:00.0077 4320  DcomLaunch - ok
16:48:00.0108 4320  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:48:00.0139 4320  defragsvc - ok
16:48:00.0170 4320  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:48:00.0202 4320  DfsC - ok
16:48:00.0249 4320  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:48:00.0264 4320  Dhcp - ok
16:48:00.0311 4320  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:48:00.0327 4320  discache - ok
16:48:00.0342 4320  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:48:00.0342 4320  Disk - ok
16:48:00.0358 4320  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:48:00.0374 4320  Dnscache - ok
16:48:00.0420 4320  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:48:00.0452 4320  dot3svc - ok
16:48:00.0499 4320  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:48:00.0514 4320  DPS - ok
16:48:00.0545 4320  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:48:00.0561 4320  drmkaud - ok
16:48:00.0624 4320  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:48:00.0639 4320  DXGKrnl - ok
16:48:00.0670 4320  EagleX64 - ok
16:48:00.0686 4320  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:48:00.0717 4320  EapHost - ok
16:48:00.0780 4320  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:48:00.0811 4320  ebdrv - ok
16:48:00.0827 4320  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:48:00.0842 4320  EFS - ok
16:48:00.0874 4320  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:48:00.0889 4320  ehRecvr - ok
16:48:00.0905 4320  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:48:00.0920 4320  ehSched - ok
16:48:00.0936 4320  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:48:00.0952 4320  elxstor - ok
16:48:00.0967 4320  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:48:00.0983 4320  ErrDev - ok
16:48:01.0014 4320  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:48:01.0045 4320  EventSystem - ok
16:48:01.0061 4320  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:48:01.0092 4320  exfat - ok
16:48:01.0108 4320  Fabs - ok
16:48:01.0108 4320  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:48:01.0139 4320  fastfat - ok
16:48:01.0186 4320  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:48:01.0217 4320  Fax - ok
16:48:01.0217 4320  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:48:01.0233 4320  fdc - ok
16:48:01.0233 4320  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:48:01.0264 4320  fdPHost - ok
16:48:01.0280 4320  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:48:01.0311 4320  FDResPub - ok
16:48:01.0311 4320  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:48:01.0327 4320  FileInfo - ok
16:48:01.0342 4320  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:48:01.0374 4320  Filetrace - ok
16:48:01.0374 4320  FirebirdServerMAGIXInstance - ok
16:48:01.0389 4320  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:48:01.0389 4320  flpydisk - ok
16:48:01.0436 4320  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:48:01.0452 4320  FltMgr - ok
16:48:01.0499 4320  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
16:48:01.0514 4320  FontCache - ok
16:48:01.0545 4320  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:48:01.0561 4320  FontCache3.0.0.0 - ok
16:48:01.0561 4320  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:48:01.0577 4320  FsDepends - ok
16:48:01.0592 4320  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:48:01.0608 4320  Fs_Rec - ok
16:48:01.0624 4320  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:48:01.0639 4320  fvevol - ok
16:48:01.0655 4320  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:48:01.0670 4320  gagp30kx - ok
16:48:01.0702 4320  [ 5EA3B256225D79A4B07A2CAC6276B23D ] gdrv            C:\Windows\gdrv.sys
16:48:01.0717 4320  gdrv - ok
16:48:01.0733 4320  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:48:01.0733 4320  GEARAspiWDM - ok
16:48:01.0764 4320  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:48:01.0811 4320  gpsvc - ok
16:48:01.0842 4320  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:48:01.0858 4320  gupdate - ok
16:48:01.0874 4320  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:48:01.0874 4320  gupdatem - ok
16:48:01.0920 4320  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
16:48:01.0920 4320  hamachi - ok
16:48:01.0936 4320  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:48:01.0936 4320  hcw85cir - ok
16:48:01.0983 4320  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:48:01.0999 4320  HdAudAddService - ok
16:48:01.0999 4320  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:48:02.0014 4320  HDAudBus - ok
16:48:02.0030 4320  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:48:02.0045 4320  HidBatt - ok
16:48:02.0045 4320  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:48:02.0061 4320  HidBth - ok
16:48:02.0077 4320  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:48:02.0092 4320  HidIr - ok
16:48:02.0108 4320  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:48:02.0139 4320  hidserv - ok
16:48:02.0170 4320  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:48:02.0186 4320  HidUsb - ok
16:48:02.0217 4320  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:48:02.0249 4320  hkmsvc - ok
16:48:02.0280 4320  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:48:02.0295 4320  HomeGroupListener - ok
16:48:02.0327 4320  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:48:02.0342 4320  HomeGroupProvider - ok
16:48:02.0374 4320  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:48:02.0389 4320  HpSAMD - ok
16:48:02.0452 4320  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:48:02.0483 4320  HTTP - ok
16:48:02.0530 4320  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:48:02.0530 4320  hwpolicy - ok
16:48:02.0561 4320  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:48:02.0577 4320  i8042prt - ok
16:48:02.0608 4320  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:48:02.0624 4320  iaStorV - ok
16:48:02.0670 4320  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:48:02.0686 4320  idsvc - ok
16:48:02.0733 4320  [ AC9EBDE25DB39A35E1CEB0441BA7A464 ] IGDCTRL         C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
16:48:02.0749 4320  IGDCTRL - ok
16:48:02.0764 4320  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:48:02.0764 4320  iirsp - ok
16:48:02.0842 4320  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:48:02.0874 4320  IKEEXT - ok
16:48:02.0967 4320  [ A4A57A57020849117EF7B1D905F2A16A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:48:03.0030 4320  IntcAzAudAddService - ok
16:48:03.0045 4320  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:48:03.0061 4320  intelide - ok
16:48:03.0061 4320  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:48:03.0077 4320  intelppm - ok
16:48:03.0092 4320  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:48:03.0124 4320  IPBusEnum - ok
16:48:03.0155 4320  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:03.0186 4320  IpFilterDriver - ok
16:48:03.0217 4320  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:48:03.0233 4320  iphlpsvc - ok
16:48:03.0249 4320  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:48:03.0264 4320  IPMIDRV - ok
16:48:03.0280 4320  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:48:03.0311 4320  IPNAT - ok
16:48:03.0358 4320  [ B474C756C13960793C7583B766F904C4 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:48:03.0374 4320  iPod Service - ok
16:48:03.0405 4320  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:48:03.0420 4320  IRENUM - ok
16:48:03.0436 4320  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:48:03.0436 4320  isapnp - ok
16:48:03.0452 4320  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:48:03.0467 4320  iScsiPrt - ok
16:48:03.0499 4320  [ 0C6635413077E415CA31AD2F4E648FC1 ] IT9135BDA       C:\Windows\system32\Drivers\IT9135BDA.sys
16:48:03.0499 4320  IT9135BDA - ok
16:48:03.0530 4320  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:48:03.0530 4320  kbdclass - ok
16:48:03.0545 4320  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:48:03.0545 4320  kbdhid - ok
16:48:03.0561 4320  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:48:03.0577 4320  KeyIso - ok
16:48:03.0592 4320  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:48:03.0592 4320  KSecDD - ok
16:48:03.0608 4320  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:48:03.0624 4320  KSecPkg - ok
16:48:03.0639 4320  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:48:03.0670 4320  ksthunk - ok
16:48:03.0670 4320  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:48:03.0702 4320  KtmRm - ok
16:48:03.0733 4320  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:48:03.0764 4320  LanmanServer - ok
16:48:03.0795 4320  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:48:03.0827 4320  LanmanWorkstation - ok
16:48:03.0842 4320  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
16:48:03.0858 4320  LGBusEnum - ok
16:48:03.0874 4320  [ 14179E7B64F8A17AEA464D4E2D271FAA ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
16:48:03.0874 4320  LGSHidFilt - ok
16:48:03.0905 4320  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
16:48:03.0905 4320  LGVirHid - ok
16:48:03.0920 4320  [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:48:03.0936 4320  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:48:03.0936 4320  LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:48:03.0952 4320  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:48:03.0983 4320  lltdio - ok
16:48:03.0999 4320  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:48:04.0030 4320  lltdsvc - ok
16:48:04.0045 4320  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:48:04.0077 4320  lmhosts - ok
16:48:04.0092 4320  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:48:04.0108 4320  LSI_FC - ok
16:48:04.0124 4320  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:48:04.0124 4320  LSI_SAS - ok
16:48:04.0155 4320  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:48:04.0155 4320  LSI_SAS2 - ok
16:48:04.0170 4320  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:48:04.0186 4320  LSI_SCSI - ok
16:48:04.0202 4320  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:48:04.0233 4320  luafv - ok
16:48:04.0264 4320  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:48:04.0280 4320  MBAMProtector - ok
16:48:04.0389 4320  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   D:\050 Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:48:04.0405 4320  MBAMScheduler - ok
16:48:04.0420 4320  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     D:\050 Programme\Malwarebytes' Anti-Malware\mbamservice.exe
16:48:04.0436 4320  MBAMService - ok
16:48:04.0483 4320  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:48:04.0499 4320  Mcx2Svc - ok
16:48:04.0499 4320  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:48:04.0514 4320  megasas - ok
16:48:04.0530 4320  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:48:04.0545 4320  MegaSR - ok
16:48:04.0577 4320  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:48:04.0608 4320  MMCSS - ok
16:48:04.0624 4320  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:48:04.0655 4320  Modem - ok
16:48:04.0670 4320  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:48:04.0686 4320  monitor - ok
16:48:04.0702 4320  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:48:04.0717 4320  mouclass - ok
16:48:04.0733 4320  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:48:04.0749 4320  mouhid - ok
16:48:04.0764 4320  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:48:04.0780 4320  mountmgr - ok
16:48:04.0874 4320  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:48:04.0874 4320  MozillaMaintenance - ok
16:48:04.0920 4320  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:48:04.0920 4320  mpio - ok
16:48:04.0952 4320  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:48:04.0983 4320  mpsdrv - ok
16:48:05.0124 4320  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:48:05.0155 4320  MpsSvc - ok
16:48:05.0186 4320  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:48:05.0202 4320  MRxDAV - ok
16:48:05.0233 4320  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:05.0233 4320  mrxsmb - ok
16:48:05.0249 4320  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:05.0264 4320  mrxsmb10 - ok
16:48:05.0280 4320  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:05.0295 4320  mrxsmb20 - ok
16:48:05.0295 4320  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:48:05.0311 4320  msahci - ok
16:48:05.0327 4320  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:48:05.0342 4320  msdsm - ok
16:48:05.0358 4320  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:48:05.0374 4320  MSDTC - ok
16:48:05.0389 4320  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:48:05.0420 4320  Msfs - ok
16:48:05.0420 4320  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:48:05.0452 4320  mshidkmdf - ok
16:48:05.0452 4320  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:48:05.0467 4320  msisadrv - ok
16:48:05.0483 4320  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:48:05.0514 4320  MSiSCSI - ok
16:48:05.0514 4320  msiserver - ok
16:48:05.0545 4320  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:48:05.0577 4320  MSKSSRV - ok
16:48:05.0592 4320  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:05.0608 4320  MSPCLOCK - ok
16:48:05.0624 4320  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:48:05.0655 4320  MSPQM - ok
16:48:05.0702 4320  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:48:05.0702 4320  MsRPC - ok
16:48:05.0717 4320  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:48:05.0733 4320  mssmbios - ok
16:48:05.0795 4320  MSSQL$SQLEXPRESS - ok
16:48:05.0842 4320  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
16:48:05.0842 4320  MSSQLServerADHelper100 - ok
16:48:05.0858 4320  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:48:05.0889 4320  MSTEE - ok
16:48:06.0014 4320  [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90       C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
16:48:06.0077 4320  msvsmon90 - ok
16:48:06.0108 4320  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:48:06.0108 4320  MTConfig - ok
16:48:06.0139 4320  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:48:06.0139 4320  Mup - ok
16:48:06.0170 4320  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:48:06.0202 4320  napagent - ok
16:48:06.0233 4320  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:48:06.0249 4320  NativeWifiP - ok
16:48:06.0295 4320  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:48:06.0311 4320  NDIS - ok
16:48:06.0327 4320  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:48:06.0358 4320  NdisCap - ok
16:48:06.0374 4320  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:06.0389 4320  NdisTapi - ok
16:48:06.0436 4320  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:06.0467 4320  Ndisuio - ok
16:48:06.0514 4320  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:06.0530 4320  NdisWan - ok
16:48:06.0577 4320  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:48:06.0608 4320  NDProxy - ok
16:48:06.0608 4320  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:48:06.0639 4320  NetBIOS - ok
16:48:06.0686 4320  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:48:06.0717 4320  NetBT - ok
16:48:06.0733 4320  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:48:06.0733 4320  Netlogon - ok
16:48:06.0764 4320  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:48:06.0795 4320  Netman - ok
16:48:06.0827 4320  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:06.0827 4320  NetMsmqActivator - ok
16:48:06.0858 4320  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:06.0874 4320  NetPipeActivator - ok
16:48:06.0889 4320  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:48:06.0920 4320  netprofm - ok
16:48:06.0936 4320  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:06.0936 4320  NetTcpActivator - ok
16:48:06.0952 4320  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:06.0967 4320  NetTcpPortSharing - ok
16:48:06.0983 4320  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:48:06.0999 4320  nfrd960 - ok
16:48:07.0014 4320  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:48:07.0030 4320  NlaSvc - ok
16:48:07.0077 4320  [ F554C5FD7BD1EFA4DA5CFE2EED86391F ] nm3             C:\Windows\system32\DRIVERS\nm3.sys
16:48:07.0092 4320  nm3 - ok
16:48:07.0092 4320  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:48:07.0124 4320  Npfs - ok
16:48:07.0139 4320  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:48:07.0170 4320  nsi - ok
16:48:07.0186 4320  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:48:07.0202 4320  nsiproxy - ok
16:48:07.0264 4320  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:48:07.0295 4320  Ntfs - ok
16:48:07.0295 4320  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:48:07.0327 4320  Null - ok
16:48:07.0374 4320  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
16:48:07.0374 4320  NVENETFD - ok
16:48:07.0436 4320  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:48:07.0452 4320  nvraid - ok
16:48:07.0467 4320  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:48:07.0483 4320  nvstor - ok
16:48:07.0514 4320  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:48:07.0530 4320  nv_agp - ok
16:48:07.0545 4320  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:48:07.0545 4320  ohci1394 - ok
16:48:07.0624 4320  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:48:07.0639 4320  ose - ok
16:48:07.0764 4320  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:48:07.0827 4320  osppsvc - ok
16:48:07.0858 4320  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:48:07.0874 4320  p2pimsvc - ok
16:48:07.0889 4320  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:48:07.0905 4320  p2psvc - ok
16:48:07.0920 4320  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:48:07.0936 4320  Parport - ok
16:48:07.0952 4320  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:48:07.0967 4320  partmgr - ok
16:48:07.0983 4320  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:48:07.0999 4320  PcaSvc - ok
16:48:08.0014 4320  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:48:08.0014 4320  pci - ok
16:48:08.0030 4320  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:48:08.0045 4320  pciide - ok
16:48:08.0061 4320  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:08.0077 4320  pcmcia - ok
16:48:08.0092 4320  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:48:08.0092 4320  pcw - ok
16:48:08.0124 4320  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:48:08.0155 4320  PEAUTH - ok
16:48:08.0342 4320  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:48:08.0358 4320  PerfHost - ok
16:48:08.0420 4320  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:48:08.0467 4320  pla - ok
16:48:08.0514 4320  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:48:08.0530 4320  PlugPlay - ok
16:48:08.0608 4320  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:48:08.0608 4320  PNRPAutoReg - ok
16:48:08.0639 4320  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:48:08.0655 4320  PNRPsvc - ok
16:48:08.0670 4320  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:48:08.0702 4320  PolicyAgent - ok
16:48:08.0733 4320  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:48:08.0764 4320  Power - ok
16:48:08.0795 4320  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:48:08.0827 4320  PptpMiniport - ok
16:48:08.0842 4320  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:48:08.0842 4320  Processor - ok
16:48:08.0874 4320  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:48:08.0889 4320  ProfSvc - ok
16:48:08.0889 4320  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:48:08.0905 4320  ProtectedStorage - ok
16:48:08.0983 4320  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:48:08.0999 4320  Psched - ok
16:48:09.0045 4320  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:48:09.0077 4320  ql2300 - ok
16:48:09.0077 4320  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:48:09.0092 4320  ql40xx - ok
16:48:09.0108 4320  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:48:09.0124 4320  QWAVE - ok
16:48:09.0124 4320  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:48:09.0139 4320  QWAVEdrv - ok
16:48:09.0155 4320  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:48:09.0186 4320  RasAcd - ok
16:48:09.0202 4320  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:48:09.0217 4320  RasAgileVpn - ok
16:48:09.0233 4320  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:48:09.0264 4320  RasAuto - ok
16:48:09.0280 4320  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:09.0295 4320  Rasl2tp - ok
16:48:09.0311 4320  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:48:09.0342 4320  RasMan - ok
16:48:09.0358 4320  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:09.0374 4320  RasPppoe - ok
16:48:09.0389 4320  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:48:09.0420 4320  RasSstp - ok
16:48:09.0436 4320  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:48:09.0467 4320  rdbss - ok
16:48:09.0467 4320  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:48:09.0483 4320  rdpbus - ok
16:48:09.0483 4320  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:09.0530 4320  RDPCDD - ok
16:48:09.0530 4320  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:48:09.0561 4320  RDPENCDD - ok
16:48:09.0577 4320  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:48:09.0608 4320  RDPREFMP - ok
16:48:09.0624 4320  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:48:09.0639 4320  RDPWD - ok
16:48:09.0655 4320  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:48:09.0670 4320  rdyboost - ok
16:48:09.0686 4320  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:48:09.0717 4320  RemoteAccess - ok
16:48:09.0733 4320  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:48:09.0764 4320  RemoteRegistry - ok
16:48:09.0780 4320  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:48:09.0811 4320  RpcEptMapper - ok
16:48:09.0827 4320  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:48:09.0842 4320  RpcLocator - ok
16:48:09.0874 4320  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:48:09.0905 4320  RpcSs - ok
16:48:09.0920 4320  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:48:09.0952 4320  rspndr - ok
16:48:10.0030 4320  [ C20F64FCD5E2B40310A1774495877ACD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
16:48:10.0030 4320  RTHDMIAzAudService - ok
16:48:10.0077 4320  [ 248ABD858FF7DCC966E5A54529DDD225 ] SaiHA501        C:\Windows\system32\DRIVERS\SaiHA501.sys
16:48:10.0077 4320  SaiHA501 - ok
16:48:10.0092 4320  [ 4E0E0D54F4A812F307BE9A31DAC5E8AB ] SaiLA501        C:\Windows\system32\DRIVERS\SaiLA501.sys
16:48:10.0092 4320  SaiLA501 - ok
16:48:10.0139 4320  [ 296D0CC623EEB6D2B9800AD421F9116A ] SaiMini         C:\Windows\system32\DRIVERS\SaiMini.sys
16:48:10.0139 4320  SaiMini - ok
16:48:10.0202 4320  [ 6A77D63B566DF14DA0E7DD0D2C594EF7 ] SaiNtBus        C:\Windows\system32\drivers\SaiBus.sys
16:48:10.0202 4320  SaiNtBus - ok
16:48:10.0217 4320  [ 547B16D072A3AFCE5807BE20C3F4734B ] SaiUA501        C:\Windows\system32\DRIVERS\SaiUA501.sys
16:48:10.0233 4320  SaiUA501 - ok
16:48:10.0233 4320  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:48:10.0249 4320  SamSs - ok
16:48:10.0264 4320  SANDRA - ok
16:48:10.0295 4320  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:48:10.0295 4320  sbp2port - ok
16:48:10.0327 4320  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:48:10.0358 4320  SCardSvr - ok
16:48:10.0389 4320  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:48:10.0405 4320  scfilter - ok
16:48:10.0452 4320  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:48:10.0499 4320  Schedule - ok
16:48:10.0514 4320  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:48:10.0545 4320  SCPolicySvc - ok
16:48:10.0592 4320  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:48:10.0592 4320  SDRSVC - ok
16:48:10.0608 4320  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:48:10.0639 4320  secdrv - ok
16:48:10.0670 4320  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:48:10.0702 4320  seclogon - ok
16:48:10.0702 4320  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:48:10.0733 4320  SENS - ok
16:48:10.0749 4320  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:48:10.0764 4320  SensrSvc - ok
16:48:10.0780 4320  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:48:10.0795 4320  Serenum - ok
16:48:10.0811 4320  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:48:10.0827 4320  Serial - ok
16:48:10.0842 4320  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:48:10.0842 4320  sermouse - ok
16:48:10.0889 4320  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:48:10.0905 4320  SessionEnv - ok
16:48:10.0936 4320  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:48:10.0952 4320  sffdisk - ok
16:48:10.0967 4320  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:48:10.0967 4320  sffp_mmc - ok
16:48:10.0983 4320  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:48:10.0983 4320  sffp_sd - ok
16:48:10.0999 4320  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:48:11.0014 4320  sfloppy - ok
16:48:11.0061 4320  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:48:11.0092 4320  SharedAccess - ok
16:48:11.0124 4320  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:48:11.0155 4320  ShellHWDetection - ok
16:48:11.0170 4320  [ 8EB0727CD8A8F25DD1B3E3936881B860 ] SIoctl          c:\windows\system32\drivers\sioctl.sys
16:48:11.0186 4320  SIoctl - ok
16:48:11.0202 4320  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:48:11.0202 4320  SiSRaid2 - ok
16:48:11.0217 4320  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:48:11.0233 4320  SiSRaid4 - ok
16:48:11.0264 4320  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:48:11.0280 4320  SkypeUpdate - ok
16:48:11.0295 4320  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:48:11.0327 4320  Smb - ok
16:48:11.0342 4320  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:48:11.0342 4320  SNMPTRAP - ok
16:48:11.0358 4320  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:48:11.0374 4320  spldr - ok
16:48:11.0405 4320  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:48:11.0420 4320  Spooler - ok
16:48:11.0499 4320  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:48:11.0561 4320  sppsvc - ok
16:48:11.0577 4320  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:48:11.0608 4320  sppuinotify - ok
16:48:11.0639 4320  [ 51DE15CA5C05BCA46D8B110CD00A02FB ] sptd            C:\Windows\system32\Drivers\sptd.sys
16:48:11.0639 4320  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51DE15CA5C05BCA46D8B110CD00A02FB
16:48:11.0639 4320  sptd ( LockedFile.Multi.Generic ) - warning
16:48:11.0639 4320  sptd - detected LockedFile.Multi.Generic (1)
16:48:11.0717 4320  [ A892134C28777978ECDE8283DC57AC0F ] SQLAgent$SQLEXPRESS C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
16:48:11.0733 4320  SQLAgent$SQLEXPRESS - ok
16:48:11.0780 4320  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:48:11.0780 4320  SQLBrowser - ok
16:48:11.0811 4320  [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:48:11.0811 4320  SQLWriter - ok
16:48:11.0842 4320  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:48:11.0858 4320  srv - ok
16:48:11.0874 4320  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:48:11.0889 4320  srv2 - ok
16:48:11.0889 4320  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:48:11.0905 4320  srvnet - ok
16:48:11.0920 4320  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:48:11.0952 4320  SSDPSRV - ok
16:48:11.0967 4320  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:48:11.0999 4320  SstpSvc - ok
16:48:12.0014 4320  Steam Client Service - ok
16:48:12.0045 4320  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:48:12.0045 4320  stexstor - ok
16:48:12.0092 4320  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:48:12.0124 4320  stisvc - ok
16:48:12.0139 4320  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:48:12.0155 4320  swenum - ok
16:48:12.0170 4320  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:48:12.0202 4320  swprv - ok
16:48:12.0264 4320  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:48:12.0295 4320  SysMain - ok
16:48:12.0327 4320  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:48:12.0342 4320  TabletInputService - ok
16:48:12.0374 4320  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:48:12.0405 4320  TapiSrv - ok
16:48:12.0420 4320  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:48:12.0452 4320  TBS - ok
16:48:12.0499 4320  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:48:12.0530 4320  Tcpip - ok
16:48:12.0577 4320  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:48:12.0608 4320  TCPIP6 - ok
16:48:12.0639 4320  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:48:12.0655 4320  tcpipreg - ok
16:48:12.0670 4320  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:48:12.0670 4320  TDPIPE - ok
16:48:12.0702 4320  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:48:12.0717 4320  TDTCP - ok
16:48:12.0764 4320  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:48:12.0795 4320  tdx - ok
16:48:12.0874 4320  [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:48:12.0905 4320  TeamViewer7 - ok
16:48:12.0920 4320  [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
16:48:12.0936 4320  teamviewervpn - ok
16:48:12.0952 4320  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:48:12.0952 4320  TermDD - ok
16:48:12.0983 4320  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:48:13.0014 4320  TermService - ok
16:48:13.0014 4320  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:48:13.0030 4320  Themes - ok
16:48:13.0045 4320  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:48:13.0077 4320  THREADORDER - ok
16:48:13.0092 4320  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:48:13.0124 4320  TrkWks - ok
16:48:13.0186 4320  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:48:13.0217 4320  TrustedInstaller - ok
16:48:13.0233 4320  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:13.0264 4320  tssecsrv - ok
16:48:13.0295 4320  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:48:13.0295 4320  TsUsbFlt - ok
16:48:13.0342 4320  [ FA1C690B0EFED006D7205670D7320B25 ] TTUSB2BDA_NTAMD64 C:\Windows\system32\DRIVERS\ttusb2bda_amd64.sys
16:48:13.0358 4320  TTUSB2BDA_NTAMD64 - ok
16:48:13.0405 4320  [ 4603D0DC0374A1D3B4D9BB20B7D11FB5 ] TuneUp.Defrag   C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
16:48:13.0420 4320  TuneUp.Defrag - ok
16:48:13.0467 4320  [ FB5DA4174D8D21956E32E99DC20FD008 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
16:48:13.0499 4320  TuneUp.UtilitiesSvc - ok
16:48:13.0530 4320  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
16:48:13.0530 4320  TuneUpUtilitiesDrv - ok
16:48:13.0545 4320  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:48:13.0577 4320  tunnel - ok
16:48:13.0608 4320  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:48:13.0624 4320  uagp35 - ok
16:48:13.0655 4320  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:48:13.0686 4320  udfs - ok
16:48:13.0702 4320  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:48:13.0702 4320  UI0Detect - ok
16:48:13.0733 4320  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:48:13.0733 4320  uliagpkx - ok
16:48:13.0749 4320  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:48:13.0764 4320  umbus - ok
16:48:13.0795 4320  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:48:13.0795 4320  UmPass - ok
16:48:13.0811 4320  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:48:13.0842 4320  upnphost - ok
16:48:13.0858 4320  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:48:13.0874 4320  USBAAPL64 - ok
16:48:13.0920 4320  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:48:13.0936 4320  usbaudio - ok
16:48:13.0952 4320  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:48:13.0967 4320  usbccgp - ok
16:48:13.0983 4320  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:48:13.0999 4320  usbcir - ok
16:48:14.0014 4320  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:48:14.0030 4320  usbehci - ok
16:48:14.0045 4320  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:48:14.0061 4320  usbhub - ok
16:48:14.0061 4320  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:48:14.0077 4320  usbohci - ok
16:48:14.0092 4320  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:48:14.0108 4320  usbprint - ok
16:48:14.0124 4320  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:48:14.0139 4320  usbscan - ok
16:48:14.0155 4320  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:48:14.0170 4320  USBSTOR - ok
16:48:14.0186 4320  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:48:14.0202 4320  usbuhci - ok
16:48:14.0202 4320  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:48:14.0233 4320  UxSms - ok
16:48:14.0249 4320  [ 7EB1E6D0433D61AF1CEAEC31B9C2700C ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
16:48:14.0264 4320  UxTuneUp - ok
16:48:14.0264 4320  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:48:14.0280 4320  VaultSvc - ok
16:48:14.0327 4320  [ 87947A6F7DD5183AABA2CB45CFF0BF26 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
16:48:14.0342 4320  VBoxDrv - ok
16:48:14.0342 4320  [ A502011EB830AD5BF4D30A940614CF4E ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
16:48:14.0358 4320  VBoxNetAdp - ok
16:48:14.0374 4320  [ 9E86BB348A82EC3047D7CC75868B28AA ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
16:48:14.0389 4320  VBoxNetFlt - ok
16:48:14.0420 4320  [ 5E9F3633DDDAF2F1070017DC07044C97 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
16:48:14.0436 4320  VBoxUSBMon - ok
16:48:14.0452 4320  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:48:14.0452 4320  vdrvroot - ok
16:48:14.0514 4320  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:48:14.0545 4320  vds - ok
16:48:14.0561 4320  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:48:14.0561 4320  vga - ok
16:48:14.0577 4320  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:48:14.0608 4320  VgaSave - ok
16:48:14.0624 4320  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:48:14.0624 4320  vhdmp - ok
16:48:14.0655 4320  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:48:14.0670 4320  viaide - ok
16:48:14.0670 4320  VMnetAdapter - ok
16:48:14.0670 4320  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:48:14.0686 4320  volmgr - ok
16:48:14.0702 4320  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:48:14.0717 4320  volmgrx - ok
16:48:14.0733 4320  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:48:14.0733 4320  volsnap - ok
16:48:14.0764 4320  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:48:14.0780 4320  vsmraid - ok
16:48:14.0827 4320  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:48:14.0874 4320  VSS - ok
16:48:14.0874 4320  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:48:14.0889 4320  vwifibus - ok
16:48:14.0905 4320  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:48:14.0936 4320  W32Time - ok
16:48:14.0952 4320  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:48:14.0967 4320  WacomPen - ok
16:48:14.0983 4320  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:48:14.0999 4320  WANARP - ok
16:48:15.0014 4320  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:48:15.0045 4320  Wanarpv6 - ok
16:48:15.0092 4320  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:48:15.0124 4320  wbengine - ok
16:48:15.0139 4320  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:48:15.0155 4320  WbioSrvc - ok
16:48:15.0202 4320  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:48:15.0217 4320  wcncsvc - ok
16:48:15.0217 4320  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:48:15.0233 4320  WcsPlugInService - ok
16:48:15.0233 4320  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:48:15.0249 4320  Wd - ok
16:48:15.0280 4320  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:48:15.0295 4320  Wdf01000 - ok
16:48:15.0311 4320  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:48:15.0327 4320  WdiServiceHost - ok
16:48:15.0342 4320  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:48:15.0358 4320  WdiSystemHost - ok
16:48:15.0374 4320  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:48:15.0389 4320  WebClient - ok
16:48:15.0405 4320  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:48:15.0436 4320  Wecsvc - ok
16:48:15.0452 4320  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:48:15.0483 4320  wercplsupport - ok
16:48:15.0483 4320  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:48:15.0514 4320  WerSvc - ok
16:48:15.0530 4320  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:48:15.0561 4320  WfpLwf - ok
16:48:15.0577 4320  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:48:15.0577 4320  WIMMount - ok
16:48:15.0592 4320  WinDefend - ok
16:48:15.0592 4320  WinHttpAutoProxySvc - ok
16:48:15.0639 4320  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:48:15.0670 4320  Winmgmt - ok
16:48:15.0717 4320  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:48:15.0749 4320  WinRM - ok
16:48:15.0795 4320  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:48:15.0811 4320  WinUsb - ok
16:48:15.0842 4320  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:48:15.0858 4320  Wlansvc - ok
16:48:15.0983 4320  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:48:16.0014 4320  wlidsvc - ok
16:48:16.0045 4320  [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
16:48:16.0061 4320  WmBEnum - ok
16:48:16.0077 4320  [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
16:48:16.0092 4320  WmFilter - ok
16:48:16.0092 4320  [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo         C:\Windows\system32\drivers\WmHidLo.sys
16:48:16.0108 4320  WmHidLo - ok
16:48:16.0139 4320  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:48:16.0155 4320  WmiAcpi - ok
16:48:16.0170 4320  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:48:16.0170 4320  wmiApSrv - ok
16:48:16.0186 4320  WMPNetworkSvc - ok
16:48:16.0202 4320  [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
16:48:16.0202 4320  WmVirHid - ok
16:48:16.0233 4320  [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
16:48:16.0233 4320  WmXlCore - ok
16:48:16.0249 4320  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:48:16.0264 4320  WPCSvc - ok
16:48:16.0280 4320  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:48:16.0295 4320  WPDBusEnum - ok
16:48:16.0295 4320  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:48:16.0327 4320  ws2ifsl - ok
16:48:16.0342 4320  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:48:16.0358 4320  wscsvc - ok
16:48:16.0358 4320  WSearch - ok
16:48:16.0420 4320  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:48:16.0452 4320  wuauserv - ok
16:48:16.0499 4320  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:48:16.0514 4320  WudfPf - ok
16:48:16.0545 4320  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:48:16.0561 4320  WUDFRd - ok
16:48:16.0608 4320  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:48:16.0608 4320  wudfsvc - ok
16:48:16.0624 4320  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:48:16.0655 4320  WwanSvc - ok
16:48:16.0733 4320  X6va008 - ok
16:48:16.0764 4320  X6va009 - ok
16:48:16.0811 4320  [ 74983ADDCA2D9618512C088D856D6615 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
16:48:16.0811 4320  {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
16:48:16.0811 4320  ================ Scan global ===============================
16:48:16.0842 4320  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:48:16.0858 4320  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:48:16.0874 4320  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:48:16.0889 4320  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:48:16.0920 4320  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:48:16.0920 4320  [Global] - ok
16:48:16.0920 4320  ================ Scan MBR ==================================
16:48:16.0936 4320  [ 4C54042F5B2569C9DDCF173120D730F9 ] \Device\Harddisk0\DR0
16:48:17.0030 4320  \Device\Harddisk0\DR0 - ok
16:48:17.0045 4320  [ 4C54042F5B2569C9DDCF173120D730F9 ] \Device\Harddisk1\DR1
16:48:17.0092 4320  \Device\Harddisk1\DR1 - ok
16:48:17.0092 4320  ================ Scan VBR ==================================
16:48:17.0092 4320  [ E24529AF64852A2F7077C1255717EB44 ] \Device\Harddisk0\DR0\Partition1
16:48:17.0092 4320  \Device\Harddisk0\DR0\Partition1 - ok
16:48:17.0092 4320  [ 49401DB2808A37A3C23D2CB170F9E780 ] \Device\Harddisk1\DR1\Partition1
16:48:17.0092 4320  \Device\Harddisk1\DR1\Partition1 - ok
16:48:17.0092 4320  ============================================================
16:48:17.0092 4320  Scan finished
16:48:17.0092 4320  ============================================================
16:48:17.0108 3616  Detected object count: 2
16:48:17.0108 3616  Actual detected object count: 2
16:49:32.0858 3616  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0858 3616  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:32.0874 3616  sptd ( LockedFile.Multi.Generic ) - skipped by user
16:49:32.0874 3616  sptd ( LockedFile.Multi.Generic ) - User select action: Skip

cosinus · 20.02.2013, 21:08

Dann bitte jetzt CF ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

MaBase66 · 23.02.2013, 07:12

Hallo cosinus,

hier das Combofix-Log:
Combofix Logfile:

Code:

ATTFilter

ComboFix 13-02-23.01 - <username> 23.02.2013   6:44.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8192.5876 [GMT 1:00]
ausgeführt von:: c:\users\<username>\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\{30A434F3-08EA-4308-80B8-95255E3760E1}.xps
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\tmp46F2.tmp
c:\windows\SysWow64\tmp4712.tmp
c:\windows\SysWow64\tmp6095.tmp
c:\windows\SysWow64\tmp60B6.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-23 bis 2013-02-23  ))))))))))))))))))))))))))))))
.
.
2013-02-23 05:51 . 2013-02-23 05:51	--------	d-----w-	c:\users\test_me\AppData\Local\temp
2013-02-23 05:51 . 2013-02-23 05:51	--------	d-----w-	c:\users\<username2>\AppData\Local\temp
2013-02-23 05:51 . 2013-02-23 05:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-22 16:38 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{13380314-4358-4CCE-A5BB-966C57202327}\mpengine.dll
2013-02-13 02:02 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 02:02 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 01:48 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 01:48 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 01:48 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 01:48 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 01:48 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 01:48 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 01:48 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 01:48 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 01:48 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 01:48 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 01:48 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 01:48 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-10 06:45 . 2013-02-10 06:45	--------	d-----w-	c:\programdata\ATI
2013-02-10 06:42 . 2013-02-10 06:42	--------	d-----w-	c:\users\<username>\13-1-legacy_vista_win7_win8_64_dd_ccc
2013-02-05 21:37 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-05 21:37 . 2013-02-05 21:37	--------	d-----w-	c:\users\<username>\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 02:05 . 2009-12-07 14:39	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-10 00:05 . 2012-04-05 09:27	697712	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-10 00:05 . 2011-05-15 10:32	74096	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2009-12-07 14:40	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-12 02:30 . 2013-01-22 07:23	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-04 04:43 . 2013-02-13 01:48	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-17 04:04 . 2012-03-18 10:56	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-12-17 04:04 . 2012-03-18 10:56	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-12-16 17:11 . 2012-12-22 02:00	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 02:00	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:00	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:00	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-11 12:21 . 2012-11-06 12:19	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-11 12:21 . 2012-11-06 12:19	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-07 13:20 . 2013-01-09 05:26	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 05:26	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 05:26	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 05:26	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 05:26	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 05:26	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 05:26	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 05:26	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 05:26	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 05:26	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 05:26	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 05:26	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 05:26	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 05:26	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 05:26	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 05:26	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 05:26	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 05:26	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 05:26	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 05:26	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 05:26	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 05:26	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 05:26	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 05:26	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 05:26	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 05:26	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 05:26	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 05:26	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 05:26	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 05:26	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 05:26	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 05:26	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 05:25	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 05:25	243200	----a-w-	c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 05:25	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 05:25	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 05:25	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 05:25	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 05:25	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 05:25	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 05:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Thunderbird"="d:\050 programme\Mozilla Thunderbird\thunderbird.exe" [2013-01-20 389168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
.
c:\users\test_me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\users\<username>\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [2012-11-10 80896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2009-4-17 1105208]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\VRToolCheckOrder.exe [2012-3-5 1136640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\I:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="d:\050 programme\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"InstantBurn"=c:\progra~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
"BDRegion"=c:\program files (x86)\Cyberlink\Shared files\brs.exe
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AMD AVT"=Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files (x86)\AMD AVT\bin\kdbsync.exe" aml
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Lan Messenger"=c:\program files (x86)\Lan Messenger\LANmessenger.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 88888]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [2010-02-03 113280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 SaiHA501;SaiHA501;c:\windows\system32\DRIVERS\SaiHA501.sys [2007-05-01 171144]
R3 SaiLA501;SaiLA501;c:\windows\system32\DRIVERS\SaiLA501.sys [2007-05-01 18048]
R3 SaiUA501;SaiUA501;c:\windows\system32\DRIVERS\SaiUA501.sys [2007-05-01 34304]
R3 SIoctl;SIoctl;c:\windows\system32\drivers\sioctl.sys [2008-04-25 14352]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 CLKMSVC10_9EC60124;CyberLink Product - 2012/09/17 12:53;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R4 MBAMScheduler;MBAMScheduler;d:\050 programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R4 MBAMService;MBAMService;d:\050 programme\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-03-03 828912]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2009-10-07 24560]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 46392]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-02 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-02 130864]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/02/28 15:48];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-01-19 15:10 146928]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 334344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 238080]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-12 86752]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-05-31 1403200]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2011-05-17 116096]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-02-07 66328]
S3 TTUSB2BDA_NTAMD64;TTUSB2BDA USB 2.0 Driver AMD64;c:\windows\system32\DRIVERS\ttusb2bda_amd64.sys [2012-04-14 737312]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-02 147248]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-02 166192]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 10:06	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:05]
.
2012-10-15 c:\windows\Tasks\CMUV.job
- c:\program files (x86)\TT-Viewer\TT-Viewer.exe [2012-10-15 15:01]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 16:59]
.
2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 16:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-05-18 12489360]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://bigsap.mt-ag.com/?sap-client=100&sap-language=DE
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: noventum.de\intranet
Trusted Zone: noventum.de\webmail
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\4vuj4m6d.default-1358689216201\
FF - prefs.js: browser.startup.homepage - hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite
FF - prefs.js: network.proxy.ftp - 77.65.22.245
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 77.65.22.245
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 77.65.22.245
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 77.65.22.245
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-21 15:16; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\4vuj4m6d.default-1358689216201\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-21 15:17; firebug@software.joehewitt.com; c:\users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\4vuj4m6d.default-1358689216201\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-01-21 15:29; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\4vuj4m6d.default-1358689216201\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-01-21 15:29; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; c:\users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\4vuj4m6d.default-1358689216201\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF - ExtSQL: 2013-01-21 15:36; stealthyextension@gmail.com; c:\users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\4vuj4m6d.default-1358689216201\extensions\stealthyextension@gmail.com.xpi
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-Mozilla Firefox (3.5.7) - g:\900 programme\FireFox\uninstall\helper.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_USERS\S-1-5-21-2980863505-4143529224-1025148377-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:95,19,d1,e3,63,32,a7,29,8d,7c,d3,20,64,28,55,5d,3d,c8,6d,60,f9,a9,88,
   c2,65,d4,5a,cd,e6,cb,68,fb,d9,c6,4f,4e,6c,b1,66,d1,34,f9,a8,73,3c,3f,c9,33,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-2980863505-4143529224-1025148377-1001\Software\SecuROM\License information*]
"datasecu"=hex:ee,a1,81,2c,1e,8a,38,79,a5,b4,68,42,97,df,3f,59,fc,e2,35,33,eb,
   74,c2,e1,36,b1,67,bd,91,55,91,cf,de,e4,fd,2f,42,ce,f1,b1,c4,53,ef,a7,c1,d0,\
"rkeysecu"=hex:84,be,e4,62,c5,f9,75,25,5b,d5,43,d9,24,0b,2d,b1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\T*w*o*n*k*y*B*e*a*m*"!\Firefox]
"Path"="c:\\Program Files (x86)\\Twonky\\TwonkyBeam\\Firefox"
"Language"="1031"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-23  06:58:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-23 05:58
.
Vor Suchlauf: 18 Verzeichnis(se), 378.139.512.832 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 377.487.482.880 Bytes frei
.
- - End Of File - - FF407DE8003161FAD24ABD65EFFEE377

--- --- ---

Wäre schön, wenn Du mir einen Hinweis geben könntest, wie gut oder schlecht es für mein System aussieht.

cosinus · 24.02.2013, 21:02

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

MaBase66 · 27.02.2013, 20:28

Hallo cosinus,

hier die Scan-Ergebnisse:
JRT-Log:
JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by <User> on 27.02.2013 at 19:20:14,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] hkey_classes_root\clsid\{0eedb912-c5fa-486f-8334-57288578c627}
Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{0eedb912-c5fa-486f-8334-57288578c627}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\<User>\AppData\Roaming\opencandy"



~~~ FireFox

Successfully deleted: [File] C:\Users\<User>\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\user.js
Emptied folder: C:\Users\<User>\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.02.2013 at 19:29:26,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

AdwCleaner[R1]:
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.113 - Datei am 27/02/2013 um 19:52:06 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : <User> - GOLLUM
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\<User>\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\<User>\AppData\Roaming\Mozilla\Firefox\Profiles\4vuj4m6d.default-1358689216201\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\test_me\AppData\Roaming\Mozilla\Firefox\Profiles\63c7exmc.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\<User>2\AppData\Roaming\Mozilla\Firefox\Profiles\u9xflth7.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1367 octets] - [27/02/2013 19:52:06]

########## EOF - C:\AdwCleaner[R1].txt - [1427 octets] ##########

--- --- ---

hier das OTL-Log

OTL:

Code:

ATTFilter

OTL logfile created on: 27.02.2013 19:54:49 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = D:\050 Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,49% Memory free
16,00 Gb Paging File | 13,61 Gb Available in Paging File | 85,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 351,65 Gb Free Space | 75,52% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1191,28 Gb Free Space | 63,94% Space Free | Partition Type: NTFS
 
Computer Name: GOLLUM | User Name: <User> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\050 Programme\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- D:\050 Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- D:\050 Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys File not found
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (TTUSB2BDA_NTAMD64) -- C:\Windows\SysNative\drivers\ttusb2bda_amd64.sys (TechnoTrend GmbH)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (nm3) -- C:\Windows\SysNative\drivers\nm3.sys (Microsoft Corporation)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\drivers\IT9135BDA.sys (ITE                      )
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (CLBStor) -- C:\Windows\SysNative\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)
DRV:64bit: - (CLBUDF) -- C:\Windows\SysNative\drivers\CLBUDF.sys (CyberLink Corporation.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (SIoctl) -- C:\Windows\SysNative\drivers\sioctl.sys ()
DRV:64bit: - (SaiUA501) -- C:\Windows\SysNative\drivers\SaiUA501.sys (Saitek)
DRV:64bit: - (SaiHA501) -- C:\Windows\SysNative\drivers\SaiHA501.sys (Saitek)
DRV:64bit: - (SaiLA501) -- C:\Windows\SysNative\drivers\SaiLA501.sys (Saitek)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://bigsap.mt-ag.com/?sap-client=100&sap-language=DE
IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 CB 8A A5 D5 54 CB 01  [binary data]
IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..\SearchScopes\{C91D1007-9645-4E01-9312-1B1241E133FD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite"
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..network.proxy.backup.ftp: "94.242.237.111"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "94.242.237.111"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "94.242.237.111"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "193.17.184.49"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "193.17.184.49"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "193.17.184.49"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "193.17.184.49"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\050 Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\<User>\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\<User>\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\<User>\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: D:\050 Programme\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.11.10 08:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.25 10:25:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 12:47:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: D:\050 Programme\Mozilla Thunderbird\components [2013.01.20 15:54:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.25 10:25:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 12:47:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\050 Programme\Mozilla Thunderbird\components [2013.01.20 15:54:41 | 000,000,000 | ---D | M]
 
[2012.02.15 22:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<User>\AppData\Roaming\mozilla\Extensions
[2010.10.29 08:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<User>\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.02.24 07:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<User>\AppData\Roaming\mozilla\Firefox\Profiles\4vuj4m6d.default-1358689216201\extensions
[2013.02.24 07:15:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\<User>\AppData\Roaming\mozilla\Firefox\Profiles\4vuj4m6d.default-1358689216201\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.24 07:24:05 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\<User>\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\extensions\firebug@software.joehewitt.com.xpi
[2013.02.10 07:51:51 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\<User>\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\extensions\stealthyextension@gmail.com.xpi
[2013.02.14 19:18:40 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\<User>\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.21 15:29:49 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\<User>\AppData\Roaming\mozilla\firefox\profiles\4vuj4m6d.default-1358689216201\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.02.20 07:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.20 07:49:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011.04.25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011.04.25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011.04.25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011.04.25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011.04.25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2013.02.01 20:33:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.01 20:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.01 20:33:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 20:33:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 20:33:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 20:33:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.02.23 06:52:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001..\Run: [Thunderbird] D:\050 Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
O4 - Startup: C:\Users\<User>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\<User>\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
O4 - Startup: C:\Users\test_me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..Trusted Domains: noventum.de ([intranet] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..Trusted Domains: noventum.de ([webmail] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2980863505-4143529224-1025148377-1001\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59935ACC-42F2-49CA-882A-82F442901438}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /r \??\I:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.27 19:20:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.27 19:20:00 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.27 19:13:15 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\<User>\Desktop\JRT.exe
[2013.02.26 11:11:46 | 000,000,000 | ---D | C] -- C:\Users\<User>\AppData\Local\GHISLER
[2013.02.25 10:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2013.02.25 10:26:05 | 000,000,000 | ---D | C] -- C:\Users\<User>\AppData\Roaming\ICAClient
[2013.02.25 10:26:05 | 000,000,000 | ---D | C] -- C:\Users\<User>\AppData\Local\Citrix
[2013.02.25 10:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2013.02.23 06:51:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.23 06:42:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.23 06:42:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.23 06:42:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.23 06:41:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.23 06:41:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.23 06:39:50 | 005,034,320 | R--- | C] (Swearware) -- C:\Users\<User>\Desktop\ComboFix.exe
[2013.02.20 07:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.13 03:00:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 03:00:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 03:00:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 03:00:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 03:00:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 03:00:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 03:00:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 03:00:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 03:00:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 03:00:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 03:00:31 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 03:00:31 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 03:00:30 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 03:00:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 03:00:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 02:48:12 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 02:48:12 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 02:48:12 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 02:48:02 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 02:48:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 02:48:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 02:48:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 02:48:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 02:48:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 02:48:01 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.11 17:09:15 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\<User>\Desktop\aswMBR.exe
[2013.02.10 07:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013.02.10 07:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.02.10 07:42:08 | 000,000,000 | ---D | C] -- C:\Users\<User>\13-1-legacy_vista_win7_win8_64_dd_ccc
[2013.02.07 17:48:23 | 000,000,000 | ---D | C] -- C:\Users\<User>\Desktop\MalwareBytes AntiRootKit
[2013.02.05 22:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.05 22:37:59 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.05 22:37:02 | 000,000,000 | ---D | C] -- C:\Users\<User>\AppData\Local\Programs
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.27 19:17:58 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 19:17:58 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 19:14:49 | 000,594,019 | ---- | M] () -- C:\Users\<User>\Desktop\adwcleaner.exe
[2013.02.27 19:13:29 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\<User>\Desktop\JRT.exe
[2013.02.27 19:10:31 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.27 19:10:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.27 19:10:10 | 2147,131,391 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.26 23:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.26 23:00:34 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.26 17:55:09 | 001,830,996 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.26 17:55:09 | 000,774,056 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.26 17:55:09 | 000,727,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.26 17:55:09 | 000,178,632 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.26 17:55:09 | 000,150,828 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.25 12:46:42 | 000,007,618 | ---- | M] () -- C:\Users\<User>\AppData\Local\Resmon.ResmonCfg
[2013.02.23 06:52:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.23 06:39:33 | 005,034,320 | R--- | M] (Swearware) -- C:\Users\<User>\Desktop\ComboFix.exe
[2013.02.21 17:52:36 | 000,033,280 | ---- | M] () -- C:\Users\<User>\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.13 19:11:01 | 403,985,071 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.13 03:26:52 | 000,527,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.12 20:51:04 | 000,000,512 | ---- | M] () -- C:\Users\<User>\Desktop\MBR.dat
[2013.02.11 17:10:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\<User>\Desktop\aswMBR.exe
[2013.02.11 16:09:58 | 000,365,568 | ---- | M] () -- C:\Users\<User>\Desktop\gmer_2.0.18454.exe
[2013.02.10 01:05:27 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.10 01:05:27 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.08 17:16:06 | 000,000,877 | ---- | M] () -- C:\Users\<User>\Desktop\OTL.lnk
[2013.02.05 19:49:16 | 000,001,409 | ---- | M] () -- C:\Users\<User>\Desktop\Shell.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.27 19:14:43 | 000,594,019 | ---- | C] () -- C:\Users\<User>\Desktop\adwcleaner.exe
[2013.02.23 06:42:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.23 06:42:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.23 06:42:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.23 06:42:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.23 06:42:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.12 20:48:10 | 000,000,512 | ---- | C] () -- C:\Users\<User>\Desktop\MBR.dat
[2013.02.11 16:24:06 | 403,985,071 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.11 16:09:57 | 000,365,568 | ---- | C] () -- C:\Users\<User>\Desktop\gmer_2.0.18454.exe
[2013.02.08 17:16:06 | 000,000,877 | ---- | C] () -- C:\Users\<User>\Desktop\OTL.lnk
[2013.02.05 19:38:31 | 000,001,409 | ---- | C] () -- C:\Users\<User>\Desktop\Shell.lnk
[2012.12.15 00:19:04 | 000,053,248 | ---- | C] () -- C:\Windows\exitwx.exe
[2012.11.05 01:01:54 | 001,482,752 | ---- | C] ( ) -- C:\Windows\SysWow64\pnen3260.dll
[2012.11.05 01:01:54 | 000,548,940 | ---- | C] ( ) -- C:\Windows\SysWow64\raac.dll
[2012.11.05 01:01:54 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\vidsite.dll
[2012.11.05 01:01:54 | 000,184,320 | ---- | C] ( ) -- C:\Windows\SysWow64\rmfformat.dll
[2012.11.05 01:01:54 | 000,159,744 | ---- | C] ( ) -- C:\Windows\SysWow64\rvrender.dll
[2012.11.05 01:01:54 | 000,159,744 | ---- | C] ( ) -- C:\Windows\SysWow64\rarender.dll
[2012.11.05 01:01:54 | 000,086,016 | ---- | C] ( ) -- C:\Windows\SysWow64\smplfsys.dll
[2012.11.05 01:01:54 | 000,077,824 | ---- | C] ( ) -- C:\Windows\SysWow64\ramrender.dll
[2012.11.05 01:01:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\SysWow64\rv40.dll
[2012.11.05 01:01:54 | 000,031,744 | ---- | C] ( ) -- C:\Windows\SysWow64\ramfformat.dll
[2012.11.05 01:01:53 | 000,548,919 | ---- | C] ( ) -- C:\Windows\SysWow64\colorcvt.dll
[2012.11.05 01:01:53 | 000,045,056 | ---- | C] ( ) -- C:\Windows\SysWow64\authmgr.dll
[2012.11.05 01:01:53 | 000,044,032 | ---- | C] ( ) -- C:\Windows\SysWow64\clntxres.dll
[2012.10.27 10:12:28 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012.09.14 13:51:23 | 000,286,720 | ---- | C] ( ) -- C:\Windows\SysWow64\drvc.dll
[2012.09.14 13:51:23 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.08.06 17:09:23 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012.07.18 08:33:31 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.05 23:08:30 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.03.05 23:08:30 | 000,000,342 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.11.06 08:15:29 | 000,000,094 | ---- | C] () -- C:\Users\<User>\AppData\Local\fusioncache.dat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.29 11:53:18 | 000,000,600 | ---- | C] () -- C:\Users\<User>\AppData\Local\PUTTY.RND
[2011.06.23 13:30:58 | 000,000,150 | ---- | C] () -- C:\Windows\Sierra.ini
[2011.06.23 13:27:34 | 000,006,900 | ---- | C] () -- C:\Users\<User>\AppData\Roaming\.freeciv-client-rc-2.2
[2011.05.20 07:20:07 | 000,007,618 | ---- | C] () -- C:\Users\<User>\AppData\Local\Resmon.ResmonCfg
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.06 12:34:03 | 000,000,030 | ---- | C] () -- C:\Windows\Caligari.ini
[2011.03.06 12:22:56 | 000,000,173 | ---- | C] () -- C:\Users\<User>\AppData\Local\msmathematics.qat.<User>
[2011.02.10 19:47:36 | 000,000,080 | ---- | C] () -- C:\Users\<User>\AppData\Local\CrystalDiskMark30.ini
[2011.01.15 21:02:19 | 000,033,280 | ---- | C] () -- C:\Users\<User>\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.05 17:21:32 | 000,117,997 | ---- | C] () -- C:\Users\<User>\GPUObserver36c.gadget
[2010.01.24 23:08:31 | 000,172,052 | ---- | C] () -- C:\Users\<User>\Auftrag_Uebertragung_Konten_Depots_AWD.pdf
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\<User>\Downloads:Shareaza.GUID
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F9819010

< End of report >

--- --- ---

MaBase66 · 27.02.2013, 20:40

und das Extras-Log

OTL Extras:

Code:

ATTFilter

OTL Extras logfile created on: 27.02.2013 19:54:49 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = D:\050 Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,49% Memory free
16,00 Gb Paging File | 13,61 Gb Available in Paging File | 85,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 351,65 Gb Free Space | 75,52% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1191,28 Gb Free Space | 63,94% Space Free | Partition Type: NTFS
 
Computer Name: GOLLUM | User Name: <User> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2980863505-4143529224-1025148377-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- D:\050 Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- D:\050 Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- D:\050 Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AA25DE-D5D0-41B1-A452-DF03949BE235}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0265F650-76AE-4231-A853-977239AC6DE5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{100C0F94-FEEB-44EB-98A9-709E3BEBD2FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{18AFAC61-47AB-45B1-87BD-57756A028176}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{26B16104-4A56-4854-BBA3-67A1518AB802}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{29F7C906-99EF-41AF-89DD-67C71FE68D8D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp5c\wnt500x64\rpcsandrasrv.exe | 
"{2AD5A567-9395-46C2-B85B-468243A0CE97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2EEB4CCD-47F9-4A90-8164-25860C0E0BEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{38D48A0C-5B0F-426F-9D51-C4010D68815E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{437932CF-E479-45EE-9A1C-ABA26FDB7B9A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{456827F3-9AB9-4F36-82D2-DA941BE24231}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4DCC4FD8-6AA8-4D89-92D2-C9AB6EA6382D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{53945C0D-DF86-469C-AB40-834EE0B1E7B5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5FABD89D-642F-434E-B943-1B1C9EB634AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{61328E19-EF26-418C-8B04-FD4A5CCC2128}" = rport=137 | protocol=17 | dir=out | app=system | 
"{65B204E0-95CA-4C20-9E52-8D4298AC54D2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6A7D7DE2-5E25-4D1A-A075-7D5E72948926}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D93B572-261C-416E-9184-1805FA5F05E0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{704FA7C1-7E80-4362-B6AE-B973CD5B7F6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7FD9417A-A8C0-4334-891D-886185073CF7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{84E208C1-27F2-4E3D-AFBD-3EAEC1E23A87}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8A985D90-30FA-4FBF-9EC8-EE45BADF2DFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9593929B-9F55-4D8F-AB1D-E2A877DF73E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{98B6186C-9B9E-4648-B738-C54304831471}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A0BC6458-C04B-44F7-99EA-57AEB3663AA8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AED52D09-5B98-4A0E-A53F-AA84F37D4DA7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B9F88974-11AB-4BA1-AAE3-5878225DE5F8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BC743F4C-70F1-41F5-BD4C-7428F0A75C62}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BD0D79FD-DF0C-47EE-B270-17341A4CD97A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E3381791-3FA7-4EBE-A153-94C6D19AE016}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E34D0333-4284-42BC-A06E-C8B8DF2147AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F2253414-1C28-4F12-AA2C-6AD77296B2E8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{F304F028-E54E-4985-BD1D-1391BAE6425E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F484974A-D6E5-4D09-B507-82D0DE149B56}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FEE7250C-714A-498E-B698-70A2CBD34665}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B45EA1-5F9C-4785-82C5-1863E3EFF803}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{0295CA23-0ACF-4C9C-A2D8-838753075FD0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{03E26364-5C52-406E-A68A-F903C1A1B188}" = protocol=17 | dir=in | app=c:\program files (x86)\lan messenger\lanmessenger.exe | 
"{04023181-226B-4B62-8AA5-A9EADD9EC37D}" = protocol=17 | dir=in | app=d:\dirt2\dirt2_game.exe | 
"{091F7A2F-33B6-430F-8DE5-556B082A5DC6}" = protocol=6 | dir=in | app=d:\dc_universe\unreal3\binaries\win32\dcgame.exe | 
"{0A52CE69-41F4-475C-A9E3-FA463D096800}" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"{0AAB230D-58B6-4CF6-A555-D6DE8F28FD8E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0C9DC57B-FC15-49AE-974E-C6054790F733}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe | 
"{0CDC599A-B83D-488A-A796-B9E6695BB5AE}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{1005835C-17F1-4628-BAC1-4030D526F24E}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{138AAB50-7E00-425C-A74D-F0A888625B9D}" = protocol=6 | dir=in | app=d:\windata\home\windata.exe | 
"{1513F1FA-8BC5-4361-A058-31ECDB617DD6}" = protocol=6 | dir=in | app=c:\program files (x86)\java\bin\javaw.exe | 
"{1D2C6610-2014-49BC-BB31-99FD954DFE21}" = dir=in | app=d:\brickforce\brickforce.exe | 
"{1E4D8F63-CD56-4220-B6CB-F21ACA26DDF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2065086E-B0E0-4D3B-BB65-13BB0FE9E835}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{21658AAC-9B9C-4C16-8C34-F4DE399991E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{225BCEE7-7471-4F72-BB2A-2A81DCC2E9C6}" = protocol=6 | dir=in | app=d:\050 programme\hdro\lotroclient.exe | 
"{2412EC6A-CD81-40AC-AFEA-13AC80803876}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{25452A60-152D-45FA-97CC-3169E5C89E42}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{25A7697F-F415-4D60-9766-209E55161A3F}" = protocol=6 | dir=in | app=c:\program files (x86)\lan messenger\lanmessenger.exe | 
"{25A8E499-5961-42BD-9A5A-E1C4294C7C80}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | 
"{261D4DBE-E765-4EE7-9BB6-E384865A2260}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{2846747E-EE7A-467D-928C-03FDD02424B9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{2BA7032C-8B35-4D43-998A-D4BCF415CFCB}" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"{2EF69720-029D-46AA-B441-A40DDB423CD0}" = protocol=6 | dir=in | app=d:\steam\steamapps\mjoelnir768\counter-strike\hl.exe | 
"{30165FE6-DF1A-458B-B547-AB089A9A1788}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"{30232B65-C786-40B1-941B-16ECA589F5EE}" = protocol=17 | dir=in | app=d:\flatout2\flatout2.exe | 
"{3318A121-D731-47EB-8230-CC46CC01164A}" = protocol=17 | dir=in | app=d:\050 programme\itunes\itunes.exe | 
"{38E567D9-3192-427D-9243-38BB26693B7F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{3C3567FB-A1B5-4055-ABE8-4E75FB20F507}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"{3DCB21E9-D14C-4697-B23E-26D28389846A}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{3F03F0C6-2CC4-440E-B675-31B6B80E3F29}" = protocol=6 | dir=in | app=d:\world_of_tanks\worldoftanks.exe | 
"{3FA15AD9-3FFA-4818-9216-A8FD502E8532}" = protocol=6 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe | 
"{3FEBF336-27DB-4CBA-B6AD-CB2151AA7264}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{45185BED-8073-4979-A7BF-22D8BA41898A}" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"{46B5F0B2-ABEF-4741-836C-FE4FAAE9DD92}" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe | 
"{46C88EE9-3358-4FE1-A7E5-A5D6BB8DF801}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{49B90570-512B-4409-88A2-F2B23D828A23}" = protocol=17 | dir=in | app=d:\wow\launcher.patch.exe | 
"{4AFF7507-76CB-40A1-BA4A-3AFF851E5E32}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4B0E3083-EE6A-459A-BD60-A20E383171DE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{4C7D4DE2-49F7-440C-AA92-A9EEAA5ED5B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4CA0FCBF-B10E-4033-BE75-31A5485D2D6C}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{4D8DA9C3-9DEA-4249-845F-3463F5359DBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4DB835BF-ACA2-4DED-A412-302BA7942626}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{50A11388-B653-4BEE-A2A0-0B838BA03474}" = protocol=17 | dir=in | app=d:\wow\launcher.exe | 
"{5290624B-F829-48E2-A8D7-2BF561BACE3E}" = protocol=6 | dir=in | app=d:\hl\hl.exe | 
"{57BAFF80-4A60-4A3A-A0B6-0CA390133397}" = protocol=17 | dir=in | app=d:\050 programme\hdro\lotroclient.exe | 
"{58005E44-896F-4B79-AF4D-B958DB278190}" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\worldserver.exe | 
"{588552AC-60F2-4B38-AD32-51CB21E229F6}" = protocol=6 | dir=out | app=system | 
"{59E02BF8-8C8A-48D2-A0B6-1662215A9EA1}" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe | 
"{5B1008AA-60BE-4B3D-AD8F-7E955F233FA6}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"{5BA98F6A-D047-4881-9C08-1CBB0E49452F}" = protocol=6 | dir=in | app=d:\world_of_tanks\wotlauncher.exe | 
"{5D270158-F7E9-4F9B-8D86-4584602B9B31}" = protocol=6 | dir=in | app=d:\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{5F646B99-E347-4CCE-BEEC-D77B5913DC65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{60A669B5-5CEC-4934-9991-830D4893FB5F}" = protocol=6 | dir=in | app=d:\medal of honor airborne\unrealengine3\binaries\moha.exe | 
"{61525796-1E92-4CFC-8B0E-29E0E08A7093}" = protocol=6 | dir=in | app=d:\wow\launcher.patch.exe | 
"{63FB482B-89F3-4567-B2C2-9F4F0E645E10}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | 
"{6479E5CA-7348-4B70-8CC5-ABB13533F0C9}" = protocol=6 | dir=in | app=d:\flatout2\flatout2.exe | 
"{664A447D-F2D3-4963-9BC1-BE72A8D67003}" = protocol=6 | dir=in | app=d:\wow\launcher.exe | 
"{66907817-7424-4BE7-9D64-0952E2E35CC8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{66A123D6-93DC-435F-9A16-FDDF0AD7DABB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6706DE52-F488-4290-B2F0-3299A3E294B9}" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe | 
"{6ADE3B63-FF74-49B0-84BB-1232F22FD8EA}" = protocol=6 | dir=in | app=d:\dirt2\dirt2_game.exe | 
"{6C6C1190-6541-4274-B359-2C9C52678CD1}" = protocol=17 | dir=in | app=d:\hl\hl.exe | 
"{6E51F891-5A7F-4F43-9143-2168DC72F19B}" = protocol=17 | dir=in | app=d:\windata\home\windata.exe | 
"{714A1D61-8168-4384-8C6A-6697521DF2EC}" = protocol=17 | dir=in | app=d:\medal of honor airborne\unrealengine3\binaries\moha.exe | 
"{718DD3A7-161C-45A4-A582-9A3C31C4398B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{73AAE0ED-CB8B-4C82-9E23-310545D724B9}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{73E2A49B-0C75-4F5D-8B15-A6A24FCECEAA}" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\worldserver.exe | 
"{757A42DE-EF6E-4E22-849E-CAF90D5D358C}" = protocol=17 | dir=in | app=d:\050 programme\xfire\xfire.exe | 
"{77FF8CB2-844C-4353-A711-72242F89885B}" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"{78B55E3D-2EC1-42F9-94FF-21CF8AB93BE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7EA30FD1-7C05-4BD0-8F8F-51B973E7C7E6}" = protocol=17 | dir=in | app=d:\world_of_tanks\wotlauncher.exe | 
"{8170A411-8F49-4C0E-B936-CC45D246AB13}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{83D99F5E-22F5-4B74-BE59-2AC64945DCF5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{89C72BF1-40E3-4BD5-A23A-3FE803720B6B}" = protocol=17 | dir=in | app=d:\world_of_tanks\worldoftanks.exe | 
"{8DE52DE9-1369-4713-B7A5-87395A56284B}" = protocol=17 | dir=in | app=d:\fear 2\fear2\fear2.exe | 
"{92B763DB-7326-4C47-9BAC-F2F295949E96}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{961C89C5-C095-455B-A121-E70EEBA466A7}" = protocol=17 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe | 
"{97FFBF78-CBBB-41C5-994A-0A2E87782936}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{98BC871F-B7A2-4B46-9A9B-3EAF1AB82F8B}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe | 
"{990D0199-253A-4F48-86E6-1127F873F53C}" = protocol=17 | dir=in | name=minecraft_server | 
"{9A131E4F-87FF-4271-90AF-7ECAED6A3EE7}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{A05324E2-9F71-4351-9CE5-58191CF4734D}" = protocol=6 | dir=in | app=d:\050 programme\xfire\xfire.exe | 
"{A063388E-2AE6-4438-8A2B-8A7D290A6893}" = protocol=6 | dir=in | app=d:\grid\grid.exe | 
"{A233E9F4-D52D-43BF-A610-B2743F5D9912}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"{A35F3293-763C-411B-9F33-8C1F63300B52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A4639949-D15A-426C-AD8E-C56C35AE922F}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{A4BA07D6-B391-412B-9F2A-59AB759A523F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A592B40B-BD13-4A10-ADC4-A82F94E4C70F}" = dir=in | app=d:\minecraft_server\minecraft_server.exe | 
"{A71A1618-4E23-491E-98E4-21B932FAEEA3}" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe | 
"{A7291598-25C4-410B-BD83-424929B6022C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A94C8F11-48A1-457C-B7C1-D9AD62547F94}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{ADEB890D-44C8-41EA-89AF-E8500FB1FD8F}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{AF747E9E-9C10-44D8-A298-01558325D0F9}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{B00C84D4-2257-4040-8842-D0D0799B4F03}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B18F3377-C08C-48D7-99A6-2FFAB1CD0FCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B36971B9-830E-464F-A5B6-5DE119C9B20A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{B7284195-C806-4F2F-B242-CB1E8713BD06}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{B79ACD03-9E05-40D5-A92B-59F312A8C836}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B7FA9588-36EF-4FA2-8D13-5D7751719DD6}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{B8AD7C45-306E-4282-9A08-CB036192562B}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe | 
"{BA55C98F-01CE-472D-B112-D0C0FBA99E57}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{BAB4A6F4-5773-43DA-97DD-93DEA5A1E725}" = protocol=17 | dir=in | app=c:\users\<User>\appdata\local\apps\2.0\0hajvwr9.gnv\4ecqbcb9.dxk\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{BAB93741-B4B2-4B7F-AA20-53762C7377BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBD6C707-2C14-4517-9EEA-9390496188D3}" = protocol=17 | dir=in | app=d:\steam\steamapps\mjoelnir768\counter-strike\hl.exe | 
"{BC68809A-0013-4600-AE35-EF9A81AF856B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe | 
"{BF4C86D1-C10F-46D1-98F1-208325FDB6D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BF64FA80-1393-4CB5-9365-A308B397DDEA}" = protocol=6 | dir=in | app=c:\users\<User>\appdata\local\apps\2.0\0hajvwr9.gnv\4ecqbcb9.dxk\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{C065D43E-73FA-44B8-B564-396BC24C5129}" = protocol=17 | dir=in | app=c:\program files (x86)\java\bin\javaw.exe | 
"{C37B2C36-8013-4CD2-91D0-BB467E5FF259}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{C555EA6E-52C8-4883-8106-7847A412229A}" = dir=out | app=d:\minecraft_server\minecraft_server.exe | 
"{C565C640-198A-4058-A125-DD04875EBC32}" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\logonserver.exe | 
"{C923057B-3789-455F-8B80-1CE2BEE8D699}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{CE1D9D95-B8B0-4D6B-9C0C-642664CF0163}" = protocol=17 | dir=in | app=d:\ut2004\system\ut2004.exe | 
"{CF885602-5034-43CF-8B26-825CD48C5225}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"{D0AD9CDC-2327-41DD-BB13-FB27CDE62C81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D13663D0-DAC7-405F-A96C-0B099C4EC60C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1FDB251-15E3-4679-9FB2-308A1A9D8CC7}" = protocol=17 | dir=in | app=d:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"{D7497291-6EEB-4634-9B0A-3F45F2D7217E}" = protocol=6 | dir=in | app=d:\ut2004\system\ut2004.exe | 
"{D7C927D2-2EC1-4878-ABE1-46DC5A6331EC}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{D9BDEAEE-5AF2-4264-9F24-69553014D42B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DAF46C95-EC44-41E9-8045-1B7B08CF9854}" = protocol=17 | dir=in | app=d:\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{DC2C5783-A061-428F-8DDA-4C5A951E32A3}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{DEE48C86-F4B0-474E-8336-F704CB17D742}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E0386925-C1F9-4E16-BC2A-EAF8779C7947}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{E07D5921-ADCB-4B67-9ABC-E843D3AC485F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{E1846B37-910D-4F5C-B8D4-1D9400E75EA7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{E4F35115-D9A3-41E0-8CD1-B3258A0197B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E6CC1C7A-B847-4209-9B1E-80AB7551C272}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"{E91B782C-4B99-4616-A9A2-53EDBA12E875}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E932379A-77C4-4CF0-8A6A-E3ED25ED93F0}" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"{EA78E41E-DB1C-4FC8-9649-40366965C319}" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"{EFA8DFBE-0B80-4F70-A658-B63077A0A913}" = protocol=6 | dir=in | app=d:\050 programme\itunes\itunes.exe | 
"{F27F72F6-81A4-4964-82C7-B3499EF8EC95}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F3C7580A-B67A-423C-A878-7EA096741276}" = dir=in | app=d:\brickforce\bflauncher.exe | 
"{F6F1F01A-4D06-4457-8404-2185518DC94E}" = protocol=6 | dir=in | app=d:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"{F75BC61D-DBCC-44FA-AB3A-CC0619A9AE0A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{FA1E6BB7-962B-4FE3-BBE1-B5780CA05B52}" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\logonserver.exe | 
"{FB78DD9A-509A-42AA-97EB-62501714170C}" = protocol=17 | dir=in | app=d:\dc_universe\unreal3\binaries\win32\dcgame.exe | 
"{FE5B174E-A31F-4A6E-90E8-428B5A1BAE26}" = protocol=17 | dir=in | app=d:\grid\grid.exe | 
"{FE60BA23-AEFB-438F-9E2F-4C13CA9A9B43}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{FEB4AA64-3D7F-464B-8721-4D27755F78E7}" = protocol=6 | dir=in | app=d:\fear 2\fear2\fear2.exe | 
"TCP Query User{1821DC07-B993-4F85-802B-C89FA6C8EB54}D:\050 programme\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\050 programme\orbitdownloader\orbitnet.exe | 
"TCP Query User{1B387F94-B211-4DB2-A22A-2B47775FDACB}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{25A71E70-D532-4852-AE41-ED1E7A845384}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | 
"TCP Query User{29CFE505-E6B5-402A-A6AA-97AB705F033A}D:\heavy metal - fakk2\fakk2.exe" = protocol=6 | dir=in | app=d:\heavy metal - fakk2\fakk2.exe | 
"TCP Query User{31BC33FE-A281-45C3-9287-36CF2AEF1BBD}D:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\blizzard downloader.exe | 
"TCP Query User{3381785E-EAD9-487D-96DD-F6509771DC75}C:\users\<User>\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\<User>\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
"TCP Query User{3482591E-E341-4A6E-8200-117049DF6DB5}D:\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=d:\freeciv-2.2.5-gtk2\freeciv-server.exe | 
"TCP Query User{355D8B63-DF2B-457B-ABA7-958391982356}C:\program files (x86)\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe | 
"TCP Query User{3EA2891E-2BB7-4A48-99B7-52FEDEB2A67F}D:\wow\novo's easy wow server\0.4.1\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\udrive\usr\local\apache2\bin\apache_16.exe | 
"TCP Query User{3F4A80A7-E02F-420C-9B24-8708E9299FA6}D:\010 data\fritzbox\fritz.box_wlan_7390_84.04.84.recover-image.exe" = protocol=6 | dir=in | app=d:\010 data\fritzbox\fritz.box_wlan_7390_84.04.84.recover-image.exe | 
"TCP Query User{41045E80-47B0-445D-9704-03E54EAD34A9}C:\program files (x86)\qnap\qget\qget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\qget\qget.exe | 
"TCP Query User{41351FF3-094E-4520-9C94-804B171E885F}D:\wow\novo's easy wow server\0.4.1\worldserver.exe" = protocol=6 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\worldserver.exe | 
"TCP Query User{42445A78-9884-499E-9C6C-863FBA24CFB5}D:\hl\hl.exe" = protocol=6 | dir=in | app=d:\hl\hl.exe | 
"TCP Query User{437BB0C2-64B7-4FD7-9E80-A11A6A002A02}D:\wow\0.4.0.5\worldserver.exe" = protocol=6 | dir=in | app=d:\wow\0.4.0.5\worldserver.exe | 
"TCP Query User{4431E5FA-217F-4DC4-A5DB-C88D51AA7046}D:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{4B0E9F51-CE77-49D4-902F-B7C0EAD34CCE}D:\ef2\ef2.exe" = protocol=6 | dir=in | app=d:\ef2\ef2.exe | 
"TCP Query User{4DC73254-862B-49FE-8B91-3EAABB8958C8}D:\dc_universe\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=d:\dc_universe\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{516C74DD-220D-49CE-8242-9375BBF58B44}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe | 
"TCP Query User{5A9EA75B-5152-4564-A439-32E912D3AE64}D:\medal of honor pacific assault(tm)\mohpa.exe" = protocol=6 | dir=in | app=d:\medal of honor pacific assault(tm)\mohpa.exe | 
"TCP Query User{5E9005F6-0EC5-4DB0-BD77-DA61BC915CAF}D:\wow\server\0.3.7.5\diamond-realmserver.exe" = protocol=6 | dir=in | app=d:\wow\server\0.3.7.5\diamond-realmserver.exe | 
"TCP Query User{640CEA43-5D23-4938-B830-A08CFD0FA256}D:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"TCP Query User{6711FDE9-3126-44A9-AAC9-A947DD5A28D2}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{69117C01-48BA-4BAF-995F-FA2374F3B75E}D:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"TCP Query User{6D7623D8-5B86-4908-9E9F-F36057AEB316}D:\wow-server\askyfire x64\authserver.exe" = protocol=6 | dir=in | app=d:\wow-server\askyfire x64\authserver.exe | 
"TCP Query User{6F212778-9578-45D4-9828-9ADFEC8AAA3C}D:\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{7022331F-DA15-470F-9503-C573FCBA54DE}D:\wow\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=d:\wow\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"TCP Query User{7279628F-613E-4BB0-ACEA-1A531C56CF0E}D:\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\world_of_tanks\wotlauncher.exe | 
"TCP Query User{74BA5508-321B-4E8F-9CC9-012D06C85E7A}G:\hendrik\blobby\volley.exe" = protocol=6 | dir=in | app=g:\hendrik\blobby\volley.exe | 
"TCP Query User{772EE8E1-98A9-4759-9FAD-5D77BE342F1A}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"TCP Query User{8143C6A6-C85F-42C8-83D0-8B414FB70977}J:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"TCP Query User{81AAB016-1FE4-41A2-B3CF-6049BFCF0445}D:\wow-server\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\wow-server\server\mysql\bin\mysqld.exe | 
"TCP Query User{82CD20FA-833B-4826-9582-89370ED4CA3D}D:\wow\novo's easy wow server\0.4.1\logonserver.exe" = protocol=6 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\logonserver.exe | 
"TCP Query User{863AF03C-041A-4837-B1F7-84502E07C200}C:\program files (x86)\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\bin\javaw.exe | 
"TCP Query User{873EB20A-10FF-4A0C-81BA-3C1B17FBEA49}C:2\wow-cata\_server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:2\wow-cata\_server\mysql\bin\mysqld.exe | 
"TCP Query User{882FC0D6-E9B2-4D10-A39B-F62162B99824}D:\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\world_of_tanks\worldoftanks.exe | 
"TCP Query User{88A444CD-FEC6-4AF4-816B-86F3AA6EE02B}J:\wow\0.4.0.5\logonserver.exe" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\logonserver.exe | 
"TCP Query User{8A6ACECE-EA06-4AB8-B07D-4537E43C4737}D:\wow\server\0.3.7.5\diamond-worldserver.exe" = protocol=6 | dir=in | app=d:\wow\server\0.3.7.5\diamond-worldserver.exe | 
"TCP Query User{8FAE7203-A0F4-472A-A125-1C001B0913B9}D:\wow\server\0.3.7.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=d:\wow\server\0.3.7.5\udrive\usr\local\apache2\bin\apache_16.exe | 
"TCP Query User{920331A5-3FE8-4750-9FC4-B0A081CB968A}D:\wow\0.4.3\authserver.exe" = protocol=6 | dir=in | app=d:\wow\0.4.3\authserver.exe | 
"TCP Query User{931675D2-EEAF-4A10-9A77-EFF3266E5E31}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"TCP Query User{9AF4FF6A-95F2-4FA8-8DBB-CF98131CE98B}J:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe | 
"TCP Query User{9CA4A17D-DE0C-4669-8B62-94A9304546A1}C:2\wow-cata\skyfireemu\worldserver.exe" = protocol=6 | dir=in | app=c:2\wow-cata\skyfireemu\worldserver.exe | 
"TCP Query User{9E6253FD-4A69-40E6-A562-2BCFB675A2FE}E:\setup\dns-323_c1_fw_v1.08_easysearch_v4.7.0.0.exe" = protocol=6 | dir=in | app=e:\setup\dns-323_c1_fw_v1.08_easysearch_v4.7.0.0.exe | 
"TCP Query User{9ECE2219-496A-4490-84BE-8882B3EB9AF0}D:\wow\server\0.3.7.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=d:\wow\server\0.3.7.5\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"TCP Query User{9F98570F-C36B-43D2-BFCD-E8690C0E387E}C:\program files (x86)\lan messenger\lanmessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lan messenger\lanmessenger.exe | 
"TCP Query User{A04B122F-9960-4C97-96C9-5ED5FAA47411}D:\010 data\downloads\tinyumbrella-4.21.02.exe" = protocol=6 | dir=in | app=d:\010 data\downloads\tinyumbrella-4.21.02.exe | 
"TCP Query User{A12A3207-77EA-49E3-9B7E-3972FEE59DCD}D:\heavy metal - fakk2\fakk2.exe" = protocol=6 | dir=in | app=d:\heavy metal - fakk2\fakk2.exe | 
"TCP Query User{A18F52E6-392D-4D0A-926A-4FC0C3EA9A4F}D:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=d:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"TCP Query User{A5E1DA70-92B4-4F20-9EF4-C06F26A5B0CB}C:\program files (x86)\r2 studios\tonic\tonic.exe" = protocol=6 | dir=in | app=c:\program files (x86)\r2 studios\tonic\tonic.exe | 
"TCP Query User{A6385A6C-D492-4607-A462-DD23F32B058E}D:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{A77784C9-EB7F-4E03-AD65-56B40FD6A8C1}D:\050 programme\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\050 programme\xfire\xfire.exe | 
"TCP Query User{AF791E76-8F06-4ADB-B863-A8450F41688A}J:\wow\0.4.0.5\worldserver.exe" = protocol=6 | dir=in | app=j:\wow\0.4.0.5\worldserver.exe | 
"TCP Query User{B17393EA-59F7-453F-8030-2EF67B60BC94}D:\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=d:\battlefield 1942\bf1942.exe | 
"TCP Query User{B627CD92-7825-4135-A098-5F3F8E48B257}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{B944A103-E136-4FAB-9A28-ED17763F1A2F}C:\users\<User>\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\<User>\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"TCP Query User{BA2746C6-78B8-482F-BD41-38A56FAD7759}D:\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\mozilla firefox\firefox.exe | 
"TCP Query User{BE403DD2-AF1F-48A8-B96E-3B925D6819D2}D:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=d:\unreal tournament 3 (lg)\binaries\ut3.exe | 
"TCP Query User{C5D08BA9-E92F-46E0-9FF0-B62BBA1B9850}D:\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\flatout2\flatout2.exe | 
"TCP Query User{C766B0B2-61D7-4F85-B466-7C2B7C93EEC8}D:\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=d:\planetside 2 psg\planetside2.exe | 
"TCP Query User{CA6B6966-D62F-4729-A801-1B0D353A68BB}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{D7E749AD-59D6-4DB6-85F3-83A6E5E119A9}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{DA438CF3-C8C2-4EB3-8101-6D28E52E1AAA}D:\wow\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=d:\wow\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe | 
"TCP Query User{DC71E5C7-319E-43F8-A606-A610F8CCA463}D:\wow\0.4.3\worldserver.exe" = protocol=6 | dir=in | app=d:\wow\0.4.3\worldserver.exe | 
"TCP Query User{DD00A1CE-DBA3-44D1-A637-4B624188EADF}D:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=d:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe | 
"TCP Query User{DECB31C9-6EED-4F40-8F40-1A4D33158382}D:\wow-server\askyfire x64\worldserver.exe" = protocol=6 | dir=in | app=d:\wow-server\askyfire x64\worldserver.exe | 
"TCP Query User{EA5C2D92-56FE-40E9-BEBC-8B4D6C94F34C}D:\wow\0.4.0.5\logonserver.exe" = protocol=6 | dir=in | app=d:\wow\0.4.0.5\logonserver.exe | 
"TCP Query User{EBAAA559-D6C0-4181-A55F-EFD17DF4D103}D:\cs1.6\hl.exe" = protocol=6 | dir=in | app=d:\cs1.6\hl.exe | 
"TCP Query User{EF644ABC-B02A-47A8-BF8B-EE0A7DFF1F65}C:\program files (x86)\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe | 
"TCP Query User{F20CF55B-8873-4C56-911E-D7A0D8AA532B}D:\ef2\ef2.exe" = protocol=6 | dir=in | app=d:\ef2\ef2.exe | 
"TCP Query User{F3F9C46B-D06B-46B7-8995-159BDD8CFF38}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | 
"TCP Query User{F42CFE0A-0C6C-4493-9017-E263554DBB55}C:2\wow-cata\skyfireemu\authserver.exe" = protocol=6 | dir=in | app=c:2\wow-cata\skyfireemu\authserver.exe | 
"TCP Query User{F55E45A7-1676-4DB0-ADFD-A8B7286156DA}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{F64D7AE5-DFFB-4687-8300-A009F39CF6D6}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{F9B0220F-DE51-4065-9A8E-BE1D0CDC62B7}D:\050 programme\hdro\lotroclient.exe" = protocol=6 | dir=in | app=d:\050 programme\hdro\lotroclient.exe | 
"TCP Query User{FC978267-936B-405A-836E-DB10F90F5A4F}D:\wow\novo's easy wow server\0.4.1\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"UDP Query User{0378FFCC-D9D1-4D6D-9ED9-BF84F651D1A5}D:\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=d:\freeciv-2.2.5-gtk2\freeciv-server.exe | 
"UDP Query User{03B92F12-E738-4F41-8F25-08C26B05E567}C:\users\<User>\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\<User>\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"UDP Query User{03C45C33-5D05-44D9-B255-8D51B377DE14}D:\wow\novo's easy wow server\0.4.1\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\udrive\usr\local\apache2\bin\apache_16.exe | 
"UDP Query User{0945E339-D31C-4ED7-8906-644C71B4929B}C:\program files (x86)\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe | 
"UDP Query User{0A75517C-19AB-45B9-A014-26E1E04DA770}D:\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=d:\battlefield 1942\bf1942.exe | 
"UDP Query User{0BCCA90B-2117-44D7-961C-3BDEED9A03B8}D:\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\world_of_tanks\wotlauncher.exe | 
"UDP Query User{0C84CAB2-4313-471F-89DA-B39A7461C075}D:\wow\0.4.3\authserver.exe" = protocol=17 | dir=in | app=d:\wow\0.4.3\authserver.exe | 
"UDP Query User{1CCC3756-6575-4B65-B446-B5A6BE162488}D:\wow-server\askyfire x64\worldserver.exe" = protocol=17 | dir=in | app=d:\wow-server\askyfire x64\worldserver.exe | 
"UDP Query User{1E57C07B-06DB-4915-8C03-9530110F44C6}D:\wow\server\0.3.7.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=d:\wow\server\0.3.7.5\udrive\usr\local\apache2\bin\apache_16.exe | 
"UDP Query User{1FAD9E8F-FF14-4311-B308-2D5012FB5B31}D:\heavy metal - fakk2\fakk2.exe" = protocol=17 | dir=in | app=d:\heavy metal - fakk2\fakk2.exe | 
"UDP Query User{2014FB02-1FEF-4BFB-ADB0-2A44C36A1929}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{2097710E-D143-43D3-AED8-B9E54D8151EF}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{24C22941-0B32-4E4D-BCBD-DC229E8782B6}D:\wow\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=d:\wow\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe | 
"UDP Query User{2623C2B0-BA29-40A5-85DE-51F9E1B2B2A3}D:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"UDP Query User{276C3019-70B2-487E-BEF4-B3BCAF0E545C}D:\050 programme\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\050 programme\orbitdownloader\orbitnet.exe | 
"UDP Query User{294054E8-6932-47E1-9D5C-96EE191EB83C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{2B15185E-A55F-4615-8545-67B2DA1DCC08}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe | 
"UDP Query User{2D5F13CE-FE2D-4E6E-AFE0-5D38D8FCEBD4}D:\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\world_of_tanks\worldoftanks.exe | 
"UDP Query User{2EC313EA-C5CE-4414-8956-955A11506514}D:\wow-server\askyfire x64\authserver.exe" = protocol=17 | dir=in | app=d:\wow-server\askyfire x64\authserver.exe | 
"UDP Query User{34CBA6A7-267F-4A43-B081-04A387E4ED1F}C:2\wow-cata\skyfireemu\authserver.exe" = protocol=17 | dir=in | app=c:2\wow-cata\skyfireemu\authserver.exe | 
"UDP Query User{3CF59400-CD19-4123-8C8B-D3BBA7041A84}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{3FC1D534-9F05-4AB7-9B07-BF87499FE33D}J:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"UDP Query User{44B8E5F7-41D4-41F9-850E-643BB8C50A32}D:\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=d:\planetside 2 psg\planetside2.exe | 
"UDP Query User{464C7EE4-BDEE-4ABA-9E72-C0A1B7FFE74B}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{4662ADB4-906B-445D-B9CC-6D3BAA157E35}D:\medal of honor pacific assault(tm)\mohpa.exe" = protocol=17 | dir=in | app=d:\medal of honor pacific assault(tm)\mohpa.exe | 
"UDP Query User{4D731572-4E9E-4EDA-91FF-449705B3FA41}C:\program files (x86)\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe | 
"UDP Query User{5143750A-E301-4008-BECD-2C6B35B5C2A1}D:\wow\novo's easy wow server\0.4.1\logonserver.exe" = protocol=17 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\logonserver.exe | 
"UDP Query User{54B2DDC9-3B6E-4394-B1DB-0250526E9E7D}D:\ef2\ef2.exe" = protocol=17 | dir=in | app=d:\ef2\ef2.exe | 
"UDP Query User{5931C5B3-22F2-491B-90A5-63A4AF17F8C7}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | 
"UDP Query User{5A263DD4-FA53-4C47-8277-90CFFEA7EBC4}D:\wow-server\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\wow-server\server\mysql\bin\mysqld.exe | 
"UDP Query User{5BCD487F-C949-4B7C-8584-6CB944970C50}J:\wow\0.4.0.5\logonserver.exe" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\logonserver.exe | 
"UDP Query User{5DC097E9-B931-4D51-8579-25AB02E1760F}D:\wow\server\0.3.7.5\diamond-worldserver.exe" = protocol=17 | dir=in | app=d:\wow\server\0.3.7.5\diamond-worldserver.exe | 
"UDP Query User{6B9289CD-B132-4125-9563-11FC30DD35CB}D:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"UDP Query User{6DB6B6A0-C99F-4279-A594-B9B24D69E658}D:\wow\novo's easy wow server\0.4.1\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"UDP Query User{73C92451-4969-4F26-A2DD-5BD3310943DB}D:\wow\server\0.3.7.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=d:\wow\server\0.3.7.5\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"UDP Query User{7443E884-40AF-45B4-B0FF-9890950F0497}D:\hl\hl.exe" = protocol=17 | dir=in | app=d:\hl\hl.exe | 
"UDP Query User{85AB6BDD-D36B-4793-ADE3-64FED6F728FD}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{85B56604-CE5A-4BB9-9F1D-85909178C8B9}D:\wow\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=d:\wow\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"UDP Query User{8BDAC1B0-D52C-4050-B4CF-994CACB79394}J:\wow\0.4.0.5\worldserver.exe" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\worldserver.exe | 
"UDP Query User{8C453E58-7536-46F8-9D55-1A493E6C01E4}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{90D164C4-2EB1-48DB-A4D2-51A4CBB0FADC}D:\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{93F34585-7769-4C19-B792-B393E057CAC8}D:\heavy metal - fakk2\fakk2.exe" = protocol=17 | dir=in | app=d:\heavy metal - fakk2\fakk2.exe | 
"UDP Query User{9BAD88DB-FE23-4B7C-A395-0E15E0AA0972}D:\wow\novo's easy wow server\0.4.1\worldserver.exe" = protocol=17 | dir=in | app=d:\wow\novo's easy wow server\0.4.1\worldserver.exe | 
"UDP Query User{9D06426D-1433-40A9-B78E-DCB94EA624AD}C:\program files (x86)\lan messenger\lanmessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lan messenger\lanmessenger.exe | 
"UDP Query User{A1421BA6-23D9-456E-A449-837B52EF265F}D:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=d:\wow\0.4.0.5\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"UDP Query User{A28BD07F-88BA-4251-AEDF-56883C43D741}D:\cs1.6\hl.exe" = protocol=17 | dir=in | app=d:\cs1.6\hl.exe | 
"UDP Query User{A3DAAFF4-633C-483D-B312-93B6B2CF1BF9}D:\050 programme\hdro\lotroclient.exe" = protocol=17 | dir=in | app=d:\050 programme\hdro\lotroclient.exe | 
"UDP Query User{A5063601-C1D9-4713-B404-B5601D52D020}D:\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\flatout2\flatout2.exe | 
"UDP Query User{AA066EB1-5D9A-4A81-AD7F-5D386D2FE571}D:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{AC0F8CBE-A15F-47C2-8E2E-1E84A487D58B}G:\hendrik\blobby\volley.exe" = protocol=17 | dir=in | app=g:\hendrik\blobby\volley.exe | 
"UDP Query User{B1028C9F-D566-4D31-81A6-CB4AC03F169B}C:2\wow-cata\skyfireemu\worldserver.exe" = protocol=17 | dir=in | app=c:2\wow-cata\skyfireemu\worldserver.exe | 
"UDP Query User{B6333C6A-F497-4DA1-9270-29B89EFB7506}C:\program files (x86)\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\bin\javaw.exe | 
"UDP Query User{B6D4DDB3-5808-426D-A95B-C7D5961C2060}C:2\wow-cata\_server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:2\wow-cata\_server\mysql\bin\mysqld.exe | 
"UDP Query User{BBE60C33-C971-46BE-A4A7-21DCD9AB5122}D:\ef2\ef2.exe" = protocol=17 | dir=in | app=d:\ef2\ef2.exe | 
"UDP Query User{C4C0BBF3-EDD8-44D4-8FB7-B07B6F78DE93}D:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=d:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe | 
"UDP Query User{C520F9D7-C212-430A-9796-F7A6E93813A6}D:\050 programme\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\050 programme\xfire\xfire.exe | 
"UDP Query User{C66A06E2-F910-40BA-B454-7536E057664C}D:\wow\0.4.0.5\logonserver.exe" = protocol=17 | dir=in | app=d:\wow\0.4.0.5\logonserver.exe | 
"UDP Query User{C6F98C9A-CD4C-4FA3-B220-8D1FB074F361}D:\010 data\downloads\tinyumbrella-4.21.02.exe" = protocol=17 | dir=in | app=d:\010 data\downloads\tinyumbrella-4.21.02.exe | 
"UDP Query User{C8395088-A96E-4B77-A933-28FA29A75620}C:\program files (x86)\r2 studios\tonic\tonic.exe" = protocol=17 | dir=in | app=c:\program files (x86)\r2 studios\tonic\tonic.exe | 
"UDP Query User{CA3312A8-2888-4617-8AB1-FBC6D31F2121}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | 
"UDP Query User{D0F75C32-73CC-4176-B02F-7ACD65F321F0}D:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=d:\unreal tournament 3 (lg)\binaries\ut3.exe | 
"UDP Query User{D1F953A4-2BB3-4033-B1C1-F2575271DA87}D:\wow\server\0.3.7.5\diamond-realmserver.exe" = protocol=17 | dir=in | app=d:\wow\server\0.3.7.5\diamond-realmserver.exe | 
"UDP Query User{D52DA1AC-376F-4B03-9CA0-961793ABF86E}C:\users\<User>\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\<User>\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
"UDP Query User{D5F8CAAF-BBC6-44C4-BB1D-7E93D5F796F8}J:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=j:\wow\0.4.0.5\udrive\usr\local\apache2\bin\apache_16.exe | 
"UDP Query User{DB3D6F39-98E0-4CC4-9C00-2CF8F2F53F34}D:\010 data\fritzbox\fritz.box_wlan_7390_84.04.84.recover-image.exe" = protocol=17 | dir=in | app=d:\010 data\fritzbox\fritz.box_wlan_7390_84.04.84.recover-image.exe | 
"UDP Query User{DF02AA83-A4A3-48E4-8F0A-4FAB9593A8D9}D:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\blizzard downloader.exe | 
"UDP Query User{DF8992F4-FCA8-4B73-A22D-152C3CC7A13C}D:\wow\0.4.3\worldserver.exe" = protocol=17 | dir=in | app=d:\wow\0.4.3\worldserver.exe | 
"UDP Query User{E35F21C2-D74A-4E26-8DBF-62E107F2FF18}E:\setup\dns-323_c1_fw_v1.08_easysearch_v4.7.0.0.exe" = protocol=17 | dir=in | app=e:\setup\dns-323_c1_fw_v1.08_easysearch_v4.7.0.0.exe | 
"UDP Query User{E4C1FC88-1677-4429-B7B2-12EA12135A52}D:\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\mozilla firefox\firefox.exe | 
"UDP Query User{EA9BD6D1-BB17-495D-8262-B4540448DFA6}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"UDP Query User{F04E61F7-B23E-4134-A646-0CB7F5791EE6}C:\program files (x86)\qnap\qget\qget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\qget\qget.exe | 
"UDP Query User{F20E25B7-CF60-46C4-8E4A-962B76D2E939}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"UDP Query User{F4613CB1-47CB-4A45-9980-C9315C9A1487}D:\wow\0.4.0.5\worldserver.exe" = protocol=17 | dir=in | app=d:\wow\0.4.0.5\worldserver.exe | 
"UDP Query User{F7472F85-D99D-4035-8AE9-3CAA14711AA7}D:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\wow\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{F759015D-2D73-4936-8232-BCB4CC87C66E}D:\dc_universe\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=d:\dc_universe\unreal3\binaries\win32\dcgame.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0874D757-6DE9-31B9-BA0B-2299F3A144C0}" = Microsoft Windows SDK .NET Framework Tools (40715)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F6306D6-FB66-10D2-D474-5ADE4D57EE6B}" = AMD Fuel
"{22D02951-5B4C-36FD-801E-ACB3595760B4}" = Microsoft Windows SDK for Windows 7 Samples (40715)
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3607CBFF-3DC7-35E2-A78C-2A3BE1B72022}" = Microsoft Windows SDK for Windows 7 .NET Documentation (40715)
"{361A49FA-59B3-49FB-8C3E-08AF3EA5791A}" = Application Verifier (x64)
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4161341F-AE84-E404-4291-4E0322CCE809}" = AMD Media Foundation Decoders
"{4515E93F-DBE9-3A97-B2C5-AD414A02B261}" = Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5DF57DB1-D971-3DA3-B4BB-F6FC7D73A997}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{698DEE97-5A35-3C60-960F-9FB9C58F4A3B}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{84057C9C-2F85-4C67-A035-FD75FFE2DE88}" = Logitech Gaming Software 5.09
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{965DF723-5688-359E-84D2-417CAFE644B5}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
"{A61AE368-B88C-414C-9118-503EECFC3AC8}_is1" = Photo Toolbox for Windows version 1.12.3.1
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB58402A-43DE-551C-2B40-DD1CF0E21240}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{AF51A2B6-3AAF-46C5-36A7-0E78B2D23E3E}" = ccc-utility64
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8C39B37-502F-5D99-A1A4-1D810CE3112F}" = AMD AVIVO64 Codecs
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D9DF0B85-BEC1-439F-ABFE-76C386A69A05}" = Oracle VM VirtualBox 4.1.12
"{DE2C9D5F-C55C-30E8-9322-2B8E8B5DF87C}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{ED066E02-C49A-D5D9-7ACD-1014EB7571D1}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"HyperCam 2" = HyperCam 2
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0180F30F-52A8-4414-8E3B-931917211845}" = AquaSoft DiaShow Studio 6
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08F86AD1-116C-4105-8A0E-3B6A736448BE}}_is1" = Total Video Player 6.0
"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11D32157-138C-4F8F-96C7-8B3041C17C21}" = 3DCrafter
"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = AMD VISION Engine Control Center
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{394DC0BC-5476-4260-B52C-BDE1BDEFA958}" = Unreal Tournament 2004
"{39B8EE1D-82D5-4DF0-A619-2C84844254D1}_is1" = MCSkin3D version 1.4
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech
"{44D9A2CB-0692-3180-B5E2-26F4E807D067}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4ED980CB-C288-6A80-A3EA-AEECC543058B}" = Application Profiles
"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish
"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix Online Plug-in (DV)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean
"{74D21920-3B72-494F-9042-8C26E1E99FDC}" = Garmin City Navigator Europe NT 2011.10
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789C43A9-4FD7-456B-8E27-5CE442FF3005}_is1" = Split Second Velocity 1.0
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8C06EE31-AE51-4589-B53F-1406F6BBA229}" = F.E.A.R. Ultimate Shooter Edition - F.E.A.R. 2
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B39004-8748-435E-A4C2-BE983B4C737B}" = Heavy Metal - FAKK2
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix Online Plug-in (HDX)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B235AB91-08A9-4DED-9DE0-B9594A5F7DCF}" = UltraEdit 16.20
"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese
"{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix Online Plug-in (USB)
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F33FFAC2-9E40-4DB0-B52D-AF1FF17B3493}" = windata@home
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix Online Plug-in (Web)
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.07.00.8037
"7ADDFD5C-0F12-4D5F-8AFD-BEF43762129D" = Lan Messenger
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Ashampoo Slideshow Studio Elements_is1" = Ashampoo Slideshow Studio Elements 2.0.1
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.50
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BrickForce" = BrickForce 1.9.87
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"FileZilla Client" = FileZilla Client 3.3.5.1
"FormatFactory" = FormatFactory 2.60
"Free Video Dub_is1" = Free Video Dub version 2.0.16.1212
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"IcoFX_is1" = IcoFX 1.6.4
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"MakeMKV" = MakeMKV v1.7.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.46a
"No23 Recorder" = No23 Recorder
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"Origin" = Origin
"Paint Shop Pro 5.01" = Paint Shop Pro 5.01 CD
"Password Safe" = Password Safe
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 10.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PuTTY_is1" = PuTTY version 0.60
"QNAP_FINDER" = QNAP Finder
"RADVideo" = RAD Video Tools
"Scratch" = Scratch
"SMPlayer" = SMPlayer 0.6.9
"Star Trek Elite Force II" = Star Trek Elite Force II
"Steam App 34830" = Sniper: Ghost Warrior
"Steam App 50620" = Darksiders
"Steam App 57900" = Duke Nukem Forever
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"TT-Viewer_is1" = Technotrend Viewer
"TuneUp Utilities" = TuneUp Utilities
"TwonkyBeam for Firefox" = TwonkyBeam for Firefox
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGDB3" = WinGDB3 3.62 
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2980863505-4143529224-1025148377-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"AquaSoft DiaShow Studio 6" = AquaSoft DiaShow Studio 6
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Move Media Player" = Move Media Player
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"SOE-C:/Users/<User>/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live (2)" = DC Universe Online Live (2)
"SOE-DC Universe Online Live PSG (2)" = DC Universe Online Live (2)
"UnityWebPlayer" = Unity Web Player
"XBMC" = XBMC
 
< End of report >

--- --- ---

MaBase66 · 27.02.2013, 20:45

versehentlicher Doppelpost --> gelöscht

cosinus · 27.02.2013, 21:14

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

MaBase66 · 06.03.2013, 13:07

Hallo cosinus,

ich habe es endlich zeitlich einrichten können die Scans zu machen:
MBAM-Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.06.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
<User> :: GOLLUM [Administrator]

06.03.2013 08:31:47
mbam-log-2013-03-06 (08-31-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 275826
Laufzeit: 6 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET-Log

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5ae812ed778f0a4cacefe5f235f2be41
# engine=13309
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-06 11:52:43
# local_time=2013-03-06 12:52:43 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 19170 227990453 11948 0
# compatibility_mode=5893 16776573 100 94 15428 114200613 0 0
# scanned=374108
# found=1
# cleaned=0
# scan_time=14521
sh=7363CBE90B1099467071A0C47E46B579ACFEE24D ft=1 fh=f55ce514080acf3a vn="a variant of Win32/Agent.SZW trojan" ac=I fn="C:\Users\<User>\AppData\Local\TempImages\AutoUpdate.exe"

cosinus · 06.03.2013, 13:31

Zitat:

C:\Users\<User>\AppData\Local\TempImages\AutoUpdate.exe

Bitte diese Datei bei uns hochladen => http://www.trojaner-board.de/54791-a...tml#post349565

MaBase66 · 08.03.2013, 13:09

Hallo cosinus,

ich habe den Upload durchgeführt.

cosinus · 08.03.2013, 14:37

Das ist ein Fehlalarm, die Datei sieht sauber aus

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

MaBase66 · 12.03.2013, 09:50

Hallo cosinus,

mein System funktioniert soweit gut.

VIELEN DANK FÜR DEINE UNTERSTÜTZUNG!!!

Ich habe allerdings noch eine Frage:
Ich habe bisher fritzProtect genutzt, um die von meinem PC ausgehende Kommunikation zu überwachen. Allerdings läuft dieses Programm nicht reibungslos unter Windows 7. Vor Allem die Datei IGDCTRL.exe, die als Dienst gestartet wird macht gelegentlich bösen Stress. Zudem wird für meine Fritzbox das Programm nicht mehr als Download angeboten, was mich vermuten lässt, dass es nicht mehr supportet wird.
Kannst Du mir einen Tipp für eine Alternative Software geben?

16.02.2013, 18:31	#17
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Agent.10512429.1 und Win32/Agent.SZW trojan Reicht nicht aus, weil es eine veraltete Version vom TDSSK war. Die Tools bitte nach Möglichkeit immer neu runterladen und dann ausführen, damit man auch wirklich die aktuelle Version benutzt. __________________ __________________

TR/Agent.10512429.1 und Win32/Agent.SZW trojan

Plagegeister aller Art und deren Bekämpfung: TR/Agent.10512429.1 und Win32/Agent.SZW trojan