Exploits, java Viren, Trojaner gefunden.

verwinkelt · 28.02.2013, 21:45

Salut.

Vor zwei Tagen machte mein Mozilla Firefox zicken. nach dem starten(falls es das überhaupt gemacht hat) fror das Programm immer nach wenigen Sekunden ein.
Das machte mich stutzig. funktionierte es doch grade noch.
Nachdem Neustarten auch keine Linderung brachte habe ich den Task Manager geöffnet und mal geschaut. 2 Prozesse die ich nicht zuordnen konnte liefen.
der eine lautete Woohqyyn
der andere xozea.exe32

Ich habe beide aus dem autostart geschmissen und xozea.exe dann in den Papierkorb verfrachtet. ohne genau zu wissen ob das schädlich ist. Firefox lief daraufhin wieder.
Unter Appdata/Roaming habe ich diese datei aufgefunden. änderungsdatum war da der zu dem Zeitpunkt aktuelle tag.

Dann habe ich mir Malwarebytes runtergeladen.

Der meldete dann einen Trojaner:

C:\Users\Niklas\Downloads\d2a536_4e9f41d77e009\World of Goo Trainer +3.exe (HackTool.GamesCheat.Gen)
Log im Anhang

gefunden in einem trainer für ein Spiel. dessen download lag aber schon monate zurück.

Dann am nächsten Tag Avira durchlaufen lassen. auf Anhieb fand er 16 Schädlinge.

Siehe Log

Heute 28.02.12 hat der Avira Echtzeitscanner dann nochmal was gefunden. die oben genannte xozea.exe

"In der Datei 'C:\$RECYCLE.BIN\S-1-5-21-4029133945-3299104507-864066367-1000\$RQIW3FH\xozea.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Zbot.266240.74' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern"

Weil ich die noch im Papierkorb hatte(inzwischen gelöscht) ?

Hier die Datei Extras : zum hochladen leider zu groß

OTL Extras logfile created on: 28.02.2013 19:45:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Niklas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

11,99 Gb Total Physical Memory | 9,15 Gb Available Physical Memory | 76,27% Memory free
23,98 Gb Paging File | 21,12 Gb Available in Paging File | 88,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 342,02 Gb Total Space | 56,14 Gb Free Space | 16,41% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 429,45 Gb Free Space | 61,47% Space Free | Partition Type: NTFS
Drive I: | 341,97 Gb Total Space | 341,86 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Computer Name: FEY-PC | User Name: Niklas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05DC859B-768E-41DF-8993-B7ACA17867E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{166873D3-96DC-4092-87CA-E69D2306B773}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F058C90-F4C6-47C2-8A6A-C59538DA3BF5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{324840BE-A036-4C08-B5B8-008F55D88E89}" = lport=10243 | protocol=6 | dir=in | app=system |
"{37712762-F489-453A-BAF9-6C815D95A1D0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{71176A3E-3D5E-4A40-8F12-C1C8FD82F6AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{746CF977-A600-48A3-8E43-47CDD83E4E59}" = lport=2869 | protocol=6 | dir=in | app=system |
"{77640765-50D7-4E82-9D3F-1A147B0EC4C9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{8983382F-348D-4CB1-93CD-2D4ABF5A43A3}" = lport=25565 | protocol=6 | dir=in | name=minecraft |
"{A7F78B55-EE3D-4148-A8EE-140C0100E00A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B0420F71-9DC8-4C5E-981A-C034B6DF7D2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC02093D-F6E7-4D4B-ABA9-B84D25189096}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E45CE063-327B-4411-89F5-7B86302645AA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8EE3536-1829-4CC9-B6CD-741936222EDA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001AAA08-A302-4711-B634-A9D8E7D7F9BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{00F5430C-4D4E-4EC3-8611-F556909F62E5}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe |
"{019B5E46-4C32-4B06-A858-A5BCA70EC422}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{01B7060F-8F38-4926-80F8-A5F392176262}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{029DEEC7-052E-469F-8009-A142A12B7A94}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{0455641F-1E6C-459B-A387-3FFF74FC514E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0539D63D-71C2-47F7-A4FC-B9349778E317}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{05F9AFB6-A600-4651-88DE-EDAFD02A532E}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe |
"{06581039-5A27-4BC1-836C-BEDC5714D9B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\race driver 3\rd3.exe |
"{074E9486-5DBB-4930-81BD-2C9F16BB02A4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{082278E2-CE4A-4D29-8389-0C8947F1E889}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |
"{089770D5-06F1-4E0E-90C5-72487AB7399E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{08B446C5-608B-4B72-8A44-4CA5B08E194E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{08D7F031-C7DE-46C9-A1C1-DEF5E9D19346}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{08E9F723-BEC0-4186-A3E3-51CEE1E240F2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{09EDFBAD-ADAD-4FDD-91BA-46E4E40349E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{0BF11A9B-CD24-4F52-91DE-32B55D2E4332}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0C8A7B61-FD52-4FFB-A3AC-C73C5D0CEF86}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0CE45476-40E7-4EB2-9B54-15E60E0BFB41}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{0CFC5332-28BF-44B3-B68A-896DC1C8B3A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid\grid.exe |
"{0D311FDE-E6A0-4DCF-93C5-F60F43D0C72C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\driver san francisco\driver.exe |
"{0D34FFC0-BB4F-40F5-893E-64B0433EA364}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{0EEB901F-79FF-4E42-8B38-D7D451F22478}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe |
"{0F961D37-6EAF-4720-AE3F-782D31A348E6}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\half-life\hl.exe |
"{0FE7FA3F-D488-4C21-8771-3A47A7CAC4E2}" = protocol=6 | dir=in | app=c:\program files\openclonk\clonk.exe |
"{0FF099D6-4D60-439B-A5C8-EA7D3518E844}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{1053275D-ABAF-47CB-9FD4-2CA0B8241620}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe |
"{10A51093-8EB8-4787-9AC1-111EE9F2C8FC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{10ADF0E2-2BFC-48E4-9470-72E3AFDD828B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{11B5FA13-2F24-4B94-924B-C0D260C32ADA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
"{127C6CF2-BF90-444D-87C9-8C113EE8EA0B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{13B6675C-1FEE-4015-BC65-106F79391E26}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{14443737-A3FF-4ABE-AAEB-A183DC8F7FB9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{14B14236-9D62-496C-8479-7FDA3D191352}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
"{15062162-4902-48E6-9CA0-0F7E1299D54D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{1668C338-16C5-4D15-90A1-830FD07BE312}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"{16E3708B-72E5-4E4E-B27D-CEA12BCCB156}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |
"{1854CDF9-99DF-4C21-897D-7ACCBC0DA716}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{190AE9CA-46AC-408F-A7A4-B58206CED814}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe |
"{1998CEE0-E1A0-4470-A2E9-41A724466209}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{1AC9E497-F2CE-4B54-A980-26EBFF8744E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cryostasis\cryostasis.exe |
"{1B08C352-5DFC-425D-B8DC-A222AA0CE167}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{1C68F6B2-4A1B-4405-B22C-4FB40E69318D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe |
"{1E9D2F77-2321-4AF8-AFCB-AA274744C791}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{1F63083E-468F-456E-9D56-294E1C2B5985}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe |
"{1FD129D1-1A68-4136-9B24-0E7ED0349C6D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{1FD615E4-D219-4307-9714-87A6EF8A1707}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe |
"{1FFA8F03-EE4B-4404-9B65-246AD80E4822}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{202EAD9C-2AF4-4652-8F15-723668F0BC07}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{20A7D668-971C-4129-A9F2-B4293CEF0E15}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{213B39BB-5FE5-4AA5-99D5-C3D7FDBA5376}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fuel\gamesetup.exe |
"{215A5234-FCBB-439D-AC83-C37DA4F084C0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\half-life\hl.exe |
"{21B4DCB7-EEE9-482D-8124-E125112BD6C0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spore\sporebinep1\sporeapp.exe |
"{21FFECBD-7E61-4EB8-9852-19BA26830C20}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe |
"{2215D2B1-9736-4085-BB08-891221D07A99}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grid\grid.exe |
"{22F9F6A6-677B-4884-8C18-E71209E4D068}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{23273D54-DDF6-4664-AD1F-624067EA8004}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{23F22A80-3128-412C-9B50-E89C211E9F9B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe |
"{2596BF14-D6C1-4784-8E67-B28782CA414D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{26F07911-9E9D-474D-A76F-E87D5A84F249}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |
"{27AD33CC-A4EF-41DB-A784-B7982757E29A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{2964B674-7C52-41EB-945F-B239381BB2D9}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{2C3933FC-B7A2-4202-BE4B-1DA476D84D02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C60C15A-FB8F-4367-BF75-D7ED49B12193}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\driver san francisco\driver.exe |
"{2CC0F0C6-E2CC-406F-A657-6819C73E92FC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{2D316676-7CEB-48C9-83C5-41F4C4716B12}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe |
"{2D6AC3B2-3BE2-4C7C-97DF-868BCDE404C2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\race driver 3\rd3.exe |
"{2E196B48-37B2-4540-BEE4-EECEBE8ECD40}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{2E225662-A2CB-4943-BC0C-F4319749AE17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{2F209233-0383-4DB8-A8DC-BE15EE19D23C}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{30C4AA47-3776-43A4-8ADD-9F891F7D4698}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fuel\gamesetup.exe |
"{322B578C-3D4F-40EF-ABF3-A9130C57E9FE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{332A816E-45A8-4A25-B45F-DF8072E67224}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{3368679B-67C4-4075-BA8E-8C8F3C84442A}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{3389ABBF-859B-4724-A21B-C801D1F31856}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{33AE2FF9-9A0C-4148-B314-1DCBA34DDACB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{346C6121-428B-4C3D-BDEA-5206DDCC98BC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3531E600-4CA9-4D10-8D4C-23AB411D09F8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe |
"{36549DEC-B2D7-47A7-AE11-35C4BDC31B83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{385615EC-AF01-4901-AF5D-79876953EDEB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\garrysmod\hl2.exe |
"{38B2A945-3519-4003-BE30-B1178E75EB70}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{39996F5F-25E3-46B2-B09B-ECD87C66FC5F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grid\grid.exe |
"{3B280A12-2648-4CB8-A83A-BBDF57630695}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{3BA18AAC-D0F6-4C3E-939D-6BA3E937C0FE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe |
"{3CA0A659-BD33-40A8-B3B1-CA1A5EAB9411}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{3D4FB566-6F73-4464-AD4C-F144006CFD1F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3EF71FA2-CE9C-4C95-ABDC-23B477827903}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{3F6FA0CD-0708-42CA-96DE-C0B033026AB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{405FDCF3-528C-4026-BB47-7752ECBB09A0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grid\grid.exe |
"{408B112D-3C1C-4C94-B92D-B5F87EC9F2EC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\ghost master\ghost.exe |
"{40C819F4-4920-45F8-9C6B-6CDB9AD101FE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{40FE5318-ADD3-40DF-8D87-8F496C20ABB9}" = protocol=6 | dir=in | app=d:\program files (x86)\fifa\fifa manager 13\manager13.exe |
"{411BBEBC-9F29-402F-9646-76BC95E5F362}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{4147FD88-5D47-4D0C-8A8D-B8C60F53AC19}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\stacking\stack.exe |
"{41CE9B51-CD15-4D19-B94A-6B200F2954EB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |
"{424A7F5B-3A2B-4E3B-9135-510D2BAD489C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{4268A12F-BDC7-4987-9942-F63EDCC35F45}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{437495D9-2078-488A-8EE1-CF0CA0D3D81C}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dead rising 2\deadrising2.exe |
"{439233B3-B84D-4CFF-9D7D-4DA45673357C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{4396ACF9-7351-4FC4-9CD0-E8B54FD1900C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{444D1819-8975-48C7-AF12-5DAC004F7FC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45489792-8860-43D6-9654-01E979364064}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{45A072B6-59CD-4CA1-83DA-D8BBE26F993E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46232B4F-19C4-40A0-A8EF-071E1C93283D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\race driver 3\rd3.exe |
"{46572FD2-E151-4648-A44A-6EDEFA22DEDC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4826A143-5ED6-4A7C-9C0E-8B449DC4A8A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe |
"{48976C65-1EF4-46B4-9521-47BB6A98D58B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe |
"{4A431243-7DA1-4994-8A1D-77747DE17292}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\costume quest\cq.exe |
"{4A5DB14A-A59F-48D2-AE4E-D08D202366BC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{4A913D78-3AC3-476F-A0FB-7BD1FC4012D8}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{4C7217CC-215F-4000-BDE7-249F06BDF999}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe |
"{4D5A00C0-4A81-4CFB-9E91-F9C0CC0E9336}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{4DF5A1B0-3807-40BB-BA3E-BB4AC33792B6}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{4E8A5AAD-4377-4EF2-B44D-8F5F48919011}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe |
"{4EB76C0E-37DF-4699-ADB0-D565FAE8BC91}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe |
"{4FF6D708-A28D-4721-A009-F06D75B4DA17}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe |
"{4FF96F86-1D94-4E7C-BC15-58C92D60970E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50046CAF-FEDA-4810-8102-A3100CA4366F}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{50405D44-7223-4B54-B626-3CEE43A4DA4F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{5092912C-BB36-4461-96B7-59B9E34912A1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |
"{522913F2-5092-477A-AB28-803E744B6F79}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{52D964F7-D987-4623-B076-5BD54B60E786}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{5473F213-4260-4A4F-BC46-151B5115BC5F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe |
"{54F9E344-D371-4B29-BDFC-3A0AC6052D54}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{55F5A5B4-3986-41B8-8B92-07FA52DDF82A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe |
"{571E7547-427C-4B5E-82F9-86489F22FF70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe |
"{589263C4-2482-46A3-A5D8-D9FFDDE9A639}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe |
"{58A4A606-0D41-4D19-A786-063FB80186E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{58FB031B-8E28-4E26-842C-5F5875931E6A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{596B84C3-521B-4C62-A23A-9A4A73D90F06}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{5999B908-3625-460B-A7E0-83F458ECEA6F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
"{59BD9AB3-B264-4032-B2B7-C856DEC2B4B1}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe |
"{5A2DC787-163F-4FB3-B4B4-F58CADF73DC2}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{5ABF242B-19D1-4C67-8574-EB37F2DD5A58}" = protocol=17 | dir=in | app=c:\users\niklas\appdata\local\temp\update_f092.exe |
"{5AE2C9BD-CF4A-4FD6-B8CE-5B9FD88D5309}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{5B020C34-F161-4FE4-AE4C-C96B79903E45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{5B49D057-A95B-45FA-A2C2-C1B9E2617237}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spore\runme.exe |
"{5B9C1018-E62C-48AB-9A9B-37896A62B993}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
"{5BB478CF-22D0-42D8-9E40-2ADF3B0E47A7}" = protocol=6 | dir=in | app=d:\program files (x86)\fifa\fifa 13\game\fifa13.exe |
"{5C495286-D021-4C99-9C69-C2EAB2840A73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ghost master\ghost.exe |
"{5C82D88D-B34F-4B46-879A-39DC5FD315D0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe |
"{5D1AD4C3-0A00-4273-8832-60E01FC3E364}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt\dirt.exe |
"{5E002F0B-BA15-4138-B65A-092ECB1F179D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe |
"{5E0C2EBF-4CA2-4741-9E11-E36C030BA22F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe |
"{60646E6C-5CC5-4128-91FA-8BDC10D6B8F9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{607898D5-2BD0-4BF5-9FCD-629DCA1C8C93}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{609E9DD4-95BC-4790-B7B0-A49DB2E4D9A1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6130890D-846B-4266-9044-B4F4FDED605E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{6249CD40-DE2A-46F0-A96D-FD07DAFB05A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6337130F-B712-4FE9-94D1-9538809D7EAE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{641A22F8-B9CF-43B6-A941-2F23A1074D2C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{64307F01-24DB-4F08-BA0C-95B7395AA9DB}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{66E74BE8-5DDB-49FA-B710-D947CFC3749A}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{68461D0A-E0E2-4422-9645-92263984754A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe |
"{6978B6F3-7465-48C3-A794-D0160997C18C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{6AAF395D-344B-41C0-B9D7-364DA0EEFAC1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\race driver 3\rd3.exe |
"{6B986B3F-1D4E-410E-90BC-3E55BC63F1DA}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{6CA1FFEA-0FA0-49D7-A9D6-2F5EF203B59A}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fuel\gamesetup.exe |
"{6CCF90BE-7039-4F13-B71C-2B0EAB1E2CC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\help.htm |
"{6D036136-59F2-4089-9C83-7C65DA7FFC91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe |
"{6D45F52F-4365-4121-BAAC-B285E5634F32}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe |
"{6D556E39-98B7-4A58-A2CB-5C2FB4CA6010}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{6E51A24E-31D2-4AE9-8A9E-2BEE523BE988}" = protocol=17 | dir=in | app=c:\program files\openclonk\clonk.exe |
"{6F5EBAA0-9924-43DB-B877-EDE1C93DE132}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |
"{6FEE9ACA-3DAA-4720-BE74-B042158604D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt\dirt.exe |
"{6FFF11EA-EBF6-4ADB-B1B7-148F651A3555}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |
"{7017C635-8EB0-4901-AAD6-2D233C98977E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{70321928-329B-46F7-9172-CB27156B1265}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe |
"{7099AA00-61DF-416E-807F-3974B14EED53}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{71616063-ADDA-4834-BA18-09DBCEBC11AA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cryostasis\cryostasis.exe |
"{71A78C65-62B5-49D5-BDD9-9CFBF55110D9}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{71E58BC6-E2F0-4A01-BE8B-FB802B7748CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid\grid.exe |
"{72D09905-9441-48E8-9AEF-8FFD578FA06F}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{74A5CD2B-935A-479D-B3F2-F33F03603FCF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt\dirt.exe |
"{7504FFED-DA6E-4EBA-A9E4-E38C5D3916D0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{75F27C21-865D-4D8C-A5F8-CEF8AE318588}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
"{76C8C4AC-AC38-49FD-B1A7-3FB21CE910E1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{76F76332-69BD-413F-97B7-2B51DEB55856}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe |
"{77CEABE0-E017-4C7E-ADEA-EA87197F6CCE}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\dark messiah might and magic single player\mm.exe |
"{78DDB48B-561B-42EF-BADF-DFBE6F5B2757}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{78FFC570-A32D-4340-9D54-2560FAA41FB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{7C3AFA70-4CB8-4F4C-AE9F-0A9D351DB54D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe |
"{7C88D3EC-9FBA-4F70-9A74-F2326DC5D895}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe |
"{7D08293B-89B5-418D-9BC7-C9C26BC8BA16}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{7D97590B-91AD-4D55-BF4E-66591ADA0766}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7DC37220-912A-4898-ACD6-DF57AFD9D680}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{7EB00705-5119-4334-9123-901F3A9781CC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fuel\gamesetup.exe |
"{7F1D72C3-3336-4797-8C02-4947545AB7F2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7FACF95B-C904-4CC0-BFE3-636EE37D4DB6}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe |
"{7FD86D9E-AFEE-46AE-953E-6B5CF6B10195}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{80C042F4-2CB0-4C2D-A818-7D22F82CEEF5}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{80C93943-46BA-49FC-BD57-B7839DB76D94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{814CC2BA-BA84-4EEB-8872-BC66C58DA556}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{8169BC55-7E21-404E-A29B-81D6CBCF68F3}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
"{832D586C-8E18-44CB-8695-CE9E9D4B0741}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{8570CEF4-2A4A-41DE-BFF0-96A88D568598}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8589DD52-B859-4C54-AE8E-6AB4B97448F3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\moviemodule.exe |
"{8604C9D1-14E2-47E7-8A42-6B2DAA0F9853}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{861C5018-FBF2-4236-ACFF-CAFE58FB38BD}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe |
"{86560F93-3AEA-4789-957E-2D96BDE5F751}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe |
"{86D1D39B-D30F-448F-8620-D6A92C48043A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{884744A7-99A4-47F2-AC04-830104F81415}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe |
"{88E758D9-4281-48E5-A578-21972B156E2C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{89C7D9FA-0F78-4272-81B2-C264D6A25466}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe |
"{8A848731-CF90-4F6D-93F1-C213E2E8B501}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe |
"{8C331BF3-4C9D-40AC-B7A3-8F432B461F27}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cryostasis\cryostasis.exe |
"{8C5864CD-57AF-42B7-AADB-F6EA49BE6DE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cryostasis\cryostasis.exe |
"{8CDE510E-5FD9-4238-B690-5B1DB01EEE64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{8CE2C97D-FD58-4212-A232-FBF4FA76DDDB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8DD4978C-1017-4E78-B036-A9882CF3D34C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{8F1AE144-C341-4C20-ADFA-73DB175D863A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe |
"{8F34AAAA-7160-4F77-967C-7018C5EDC537}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe |
"{9025C295-45AC-4016-A872-9F46818B9EB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{90698C69-0E36-4B39-A5B2-8561E08405F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{90EEFEC5-4F8A-4512-8329-E577AAC08B94}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{9159CFB1-CD28-4070-BFCA-65508F61F2FA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\dark messiah might and magic single player\mm.exe |
"{91723B09-429F-4BFD-93C8-AB02687A2677}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe |
"{9248DABC-E865-4DDF-A6F2-873D71C51B84}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{92DA46D2-D67E-461C-B012-B1C33CFD2DB4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{92E4B13C-4CCB-4F19-870E-4137DFC34039}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe |
"{933C1543-C0B1-4F13-843A-9ACC0719EA57}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{938B00F3-0F2C-4B79-91E3-BC76C756C8F0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{93E7BCFF-966D-47E6-B467-5C8C69902B95}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe |
"{945C4696-C33C-41E6-AE31-CED056CA4CB7}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\dark messiah might and magic single player\mm.exe |
"{94A4BB39-F2CF-471E-9345-57DA731EDAEB}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe |
"{94BBEFDA-133C-46A9-A86D-741BCD8C2A19}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe |
"{9620BFE2-82F7-45EA-BE1F-C98D4C628FBE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe |
"{96C68B3F-3CF8-45F8-A494-E3B605417831}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{97806E2C-4C10-41C4-AB7D-51686A6E5E76}" = dir=in | app=d:\program files (x86)\cyberlink\powerdvd11\powerdvd11\powerdvd11.exe |
"{991A1574-23F6-4FB6-A214-15756E4F4F64}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{991EF976-E6D6-492E-804D-AAE914A46A59}" = dir=in | app=d:\program files (x86)\cyberlink\powerdvd11\powerdvd11\pdvd11serv.exe |
"{99594536-7EE4-496E-A273-8E82329E0248}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9ACEB5FB-3982-43CD-B37C-9CADE47FAA12}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{9B1061A8-C1A4-45B0-B1B6-A1856D459083}" = protocol=17 | dir=in | app=d:\program files (x86)\fifa\fifa manager 13 demo\manager13demo.exe |
"{9BC5F3EF-E93E-4B6A-B6C8-38E032109FA6}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |
"{9C5B5618-B709-4090-9A09-C40D24A82962}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{9C8A8AAE-C1EC-4E7B-8CA9-8D81AA2EC4B6}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe |
"{9D2E6895-0DBC-4EC2-B236-418B60CE4585}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dead rising 2\deadrising2.exe |
"{9D2EEB6E-1C99-4774-8F78-2A0D5778A000}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fuel\gamesetup.exe |
"{9DA39D59-5851-45AB-A85F-7579A78853EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe |
"{9DF5E9FD-2E09-4025-B44B-91F3C63EF6DB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{9E6C6F1C-BA22-453C-805B-FCD5A04FB39B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{9EC6A1E2-92B2-4F1B-B39B-63FC0BC24828}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{9F3FE630-8165-428E-8A2A-FC5145206434}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0DF638E-FE46-4508-8C08-F8CB09B594B3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{A18D2D82-6A3B-46C4-8288-E6164631BF73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe |
"{A266C0A1-A785-4BCE-9F80-473862445DF5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
"{A31955D1-78B7-488F-B590-7F1EEC759A11}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe |
"{A37A7C5B-EF7B-4033-9B28-1EF710D883C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{A482CB91-6114-44AB-91A8-17F3672B84FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe |
"{A541FE8E-4B80-4228-98AC-9D4339D78F05}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{A545347A-115E-48AB-B863-DBE23E5FECE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
"{A55831D4-F7EA-4445-9D7D-2A646F9B6F96}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A58718AE-7E4D-405B-9F64-6827A3913A6D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{A5B904B2-BDF2-42B8-95FE-E8D668F909F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe |
"{A62A7BC7-BE37-4036-897C-5560CED7B112}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{A62FD1C2-D42F-4F37-8656-61D62A5659BA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe |
"{A6541544-3535-43FD-BADA-D0D3AE06526F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A6747480-D774-42F2-BF41-E7A610DBC949}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\help.htm |
"{A6B1C830-1F06-412C-B3C6-540CE48C0C60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{A7B93E92-3723-44AA-95AF-214570103A88}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe |
"{A808CEFA-DB9B-4046-B66B-D94EF1D088EE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A81DB4B9-2960-465C-AF8B-DF0FA4DA77BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A92C7194-7304-42E2-9DF2-35229455B5A1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{ABF79DBD-687E-4CB8-BCE9-6F6F016A1CEF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\half-life\hl.exe |
"{AE931E1F-53B3-4C1F-A54F-A206A668DB17}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\ghost master\ghost.exe |
"{B00FCFBE-8205-4D22-992F-A9BF900A6970}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{B03E6B41-F506-4B66-9741-3C1D2339345D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\dark messiah might and magic single player\mm.exe |
"{B0850F2B-A2C0-48F4-9683-C8290532525E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe |
"{B098C846-D74B-42FA-9C4B-3E5AB7B28B9E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{B1C40C1E-20A0-4F02-B836-8CE0A89D1962}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{B253B5F9-8574-4935-B980-4AC91278171B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cryostasis\cryostasis.exe |
"{B2C8DA3B-6291-48F2-A10E-2FC2DF0BEC04}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{B4021890-7583-4FB5-829F-6F2121F0FF3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{B47DBEAD-824D-4E0F-95FF-7FB85044F0E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B49A1578-C928-44B0-95BA-328E9B2BC8A1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{B64B4E1E-7E48-44CA-84D1-BB1823EA7592}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"{B6631E66-24BB-42BA-B1CE-EE2C6E48D678}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{B6A0B563-CA18-4F69-898C-96C0AB9FE218}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{B7405182-AD1D-4E48-8DBB-9BC7FF7C8E28}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{B7785E8B-2C8A-4A77-8B46-7C5A97955617}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe |
"{B7CCF0C0-8C5A-442C-A76D-1D17FC937850}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe |
"{B87630BE-BDA0-40C0-A063-2422BA433750}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fuel\gamesetup.exe |
"{B98F6B31-8F2D-4CFB-9752-77EAEC66E0E4}" = protocol=17 | dir=in | app=d:\program files (x86)\fifa\fifa manager 13\manager13.exe |
"{B9CBD22F-52B7-48D2-8DF7-AE6D4A55AD2C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{BA3C5470-588F-4BBE-A48E-2E8CB7F8A04D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
"{BA429B14-5170-4EC7-84CB-92253FA2D3A3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BAC04F3D-D334-41AA-9E17-5FCD7E2957E1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BB17CC95-C222-4955-A3D3-A90BA30F5928}" = dir=in | app=d:\program files (x86)\cyberlink\powerdvd11\powerdvd11\movie\moviemodule.exe |
"{BB63B9D2-6643-4063-A63C-59D61A0A92C6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{BBE6832C-BB0B-4A14-9413-87175956FAC1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe |
"{BCBB9E18-08BF-4C57-8EDF-7F957AA2200A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe |
"{BDCA73AF-D69C-49AA-8D68-E428F4C35800}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BDD197D1-8761-4B06-BA6D-4AFC50A28C05}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\garrysmod\hl2.exe |
"{BF577A49-425D-45E8-94AD-9566DA0F6B5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\help.htm |
"{BF83362A-C637-486B-9E79-5F1F123754DD}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{BFA64CAA-E845-4966-8D58-484577292E48}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe |
"{C16C6C2D-B424-4144-A9E0-3763A74AF0EC}" = protocol=6 | dir=out | app=system |
"{C21C38F5-1192-4CED-BD19-84BE32B6ACF7}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe |
"{C3AC605F-98AF-4071-B17D-F1985E2EAC95}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe |
"{C4409269-C4EC-4B67-BB99-FABC32F3CF89}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe |
"{C4AEF974-6EFE-4EB1-8989-05EB82474DF9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{C4CA0855-B9FE-46D8-9E2F-D2983CC0DE05}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{C4EBA5FA-158E-472E-BCF4-86E2694E06BB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\half-life\hl.exe |
"{C545B07D-216B-47DC-9060-68F17BE16DFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe |
"{C549A5B5-B678-4283-8EEF-631AC8CC1944}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe |
"{C54B3BA6-E6DF-49B0-8D85-5F3AC77BE769}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{C736B716-C29D-45EE-941C-511FFD761AB0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\garrysmod\hl2.exe |
"{C762D5D7-6D26-472B-9742-412B0C7CC198}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\race driver 3\rd3.exe |
"{C8606F19-7D8E-4856-B768-184FE7406A3E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\stacking\stack.exe |
"{C8F256DB-4781-40E3-B961-54E0369FE088}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{CA688D55-F0E3-438A-80B7-A4BD2427D3F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{CBF85894-27F6-4965-BDF8-FE496CF64E12}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt\dirt.exe |
"{CCF8A718-5B0D-4628-A475-5715D4B2C587}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\race driver 3\rd3.exe |
"{CDB1DFB3-0DD5-4568-9111-DBA66A2C386A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe |
"{CF756F56-1B99-4F81-8A0A-7ABFA6575AA5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{D0B491E0-5A61-4892-815C-FD3F275BE461}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{D0F2A967-6B69-4FC0-95ED-4E4051CA1D97}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{D15E747F-0BB7-4123-BFDD-B3D3E24FE88F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe |
"{D179B8AD-6CEC-47FE-BABC-CF382800BB95}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{D3D77462-7584-4D6A-9B9D-0DC35DD641F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{D4A34856-2683-4EC2-AE30-E46D609C3C8B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{D4CE612B-160B-4F7F-B654-AC6E086B9C31}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spore\runme.exe |
"{D55D7737-AF5E-4CEF-9727-FB4A982DF8ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{D6BC73CA-4788-49AB-A6F9-08A6C938BB37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ghost master\ghost.exe |
"{D7C08443-558F-48C9-9940-3193B4853393}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{D824F387-2815-4EC5-81C7-44ACC300BD70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe |
"{DA7DC3E3-CEF1-49D3-B320-BB368EE5F85B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{DAF0B4CB-5456-4165-9ECB-A63F04A1EB05}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{DCD865D9-52C3-4D46-9E81-CA116A74C578}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DCE05267-97C0-46B0-9CB9-EC2380335551}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{DCE9E013-FB0C-4C49-BA54-F43E77E085FF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spore\sporebinep1\sporeapp.exe |
"{DD1A42CD-E190-422B-A5F5-9ED6EECDCA51}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe |
"{DD33144E-8810-4E5C-A6F3-7FDBA5E0F9C9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe |
"{DD84CA44-2350-4521-9DF2-5A1E663FB59C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{DE23C9AC-A02C-418D-A215-F6110141FE58}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DF68811D-A993-421A-ADAE-9D95E79BF74C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\help.htm |
"{DF9606CF-6C48-4DFE-9B89-7AF36DF282EA}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E0824F1D-B931-4793-AA98-BB32B20EDB6F}" = dir=in | app=d:\program files (x86)\cyberlink\powerdvd11\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{E152D157-327F-494A-9501-D7AF4AFB98FF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{E175704E-5D5E-4F8D-9EEC-104E0E127983}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe |
"{E243B75B-37D3-4C50-B813-6176BC21CF30}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{E27DA7E8-53B7-44D2-9AEA-326BFA76A1EF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{E2D4B4CF-9C48-4434-BDE0-70F7A01B444F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E338B5D1-A409-48A8-8E05-0FBE34ACEFB1}" = dir=in | app=d:\program files (x86)\cyberlink\powerdvd11\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{E417C3FC-E3E8-4743-A051-A9A85BA102E4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{E8BE9ECD-11A9-4202-8235-3EB1E1097C79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe |
"{E9D842A3-88DC-430B-BF44-7FB3DDFABD96}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EB04E33E-4DD4-47D3-AA83-1AA07AFD04C3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{ED7D4C15-93CB-4D13-9A10-A5E147F6ED78}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe |
"{EEAA068C-B940-481D-9DA9-6CB5903BF21A}" = protocol=6 | dir=in | app=d:\program files (x86)\fifa\fifa manager 13 demo\manager13demo.exe |
"{EF2011C7-67EC-4A21-B79E-B7C3FC8DAD91}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cryostasis\cryostasis.exe |
"{F0252BD4-583D-46EE-9FB1-E2796207D83A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe |
"{F036309B-E949-4E33-BF14-FA9E40E1AE6A}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F11441A1-CB4F-4F94-8B66-44905A8EE11A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F2162758-1AF5-4F7D-B9FF-11586A35DF41}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe |
"{F3503621-BCC9-43D9-951A-EE4F228D8789}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe |
"{F36C796C-04B8-4CF9-AB16-78FC9925363C}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe |
"{F3B0C80E-545E-4A7F-9CDD-6E776FEA4F4D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
"{F4173463-9B37-468F-9122-2E94EDAF33BF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\costume quest\cq.exe |
"{F46C207C-20B8-4043-B29B-576BCFF4C45A}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe |
"{F495E216-CE1C-4C9D-B88E-72C761F55B9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{F499982D-4183-471F-B541-5A706C2C1998}" = protocol=17 | dir=in | app=d:\program files (x86)\fifa\fifa 13\game\fifa13.exe |
"{F62FA6DC-82F8-44D9-81B3-13C1E650EE42}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe |
"{F9290AA6-7BEC-4CE4-BC2D-1A3B1C2F47F0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\garrysmod\hl2.exe |
"{F9CA4913-D297-44F3-97C6-50DFC0ACECB9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F9EA48D7-D87A-4E42-80B9-C1E5229D0BF1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{FAAD3DCF-031E-4EA7-94B6-72B8026E3C2A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FAAF9792-4F4E-40C6-9AB0-7B2387EA1CC3}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe |
"{FB13340E-85DA-498D-886F-7CA2980D1493}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{FBE92A9B-A643-4ACC-849F-DCD873432556}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grid\grid.exe |
"{FE73CA7A-7C17-437F-8ACC-0B89BC083205}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{FEB209B7-3420-401F-A9BB-750F2E14FC37}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{FED7EA7F-887D-49A6-B35A-9F0096F4603D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{FF151426-AC1C-4355-8ECA-BE5A61A24AF1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{FF437291-8BE6-48A4-A665-2651F0C9461D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
"{FFCD8CB9-6DBF-40DD-8FDA-E660EA2AC3D9}" = protocol=6 | dir=in | app=c:\users\niklas\appdata\local\temp\update_f092.exe |
"TCP Query User{08670DB9-D946-43AE-8416-4C9C6F0A5439}D:\program files (x86)\steam\steamapps\common\gta iv san andreas\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\gta iv san andreas\gtaiv\gtaiv.exe |
"TCP Query User{09F6CA9C-B1E6-4347-9B8C-750E39E1FBFC}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{0A3AEB56-2F0E-40E5-8E70-7E40B6596CC7}C:\program files (x86)\1c company\13th century - death or glory\editor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\editor.exe |
"TCP Query User{0F805DAA-9BFA-47BE-A247-7C03497E4C3D}C:\program files (x86)\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"TCP Query User{19441134-042B-47FE-8D72-20D4F14AF026}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{226FAB2A-A454-4840-A79F-2D9616B4C94B}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{26F948D0-B739-4166-BD7D-F762A9C96D99}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{38A3597B-34F0-4638-906D-C58C986F9CAF}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"TCP Query User{3C30E529-6702-4CCE-B3CB-73C5A868F73D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{3DF0481A-663E-4B81-A0DC-318A6C4DF61C}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"TCP Query User{3F21D474-510C-4EDD-A0E9-CFDAAA935A38}D:\program files (x86)\fallout3\fallout3ng.exe" = protocol=6 | dir=in | app=d:\program files (x86)\fallout3\fallout3ng.exe |
"TCP Query User{409A9EC1-5D60-4BD9-B77F-F964B7F4DB1D}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{46D2735E-E5AE-4840-97A1-7AFD0DF04031}D:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\fouc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\fouc.exe |
"TCP Query User{483025A7-AD11-43C2-853C-D45B14322EC8}C:\program files (x86)\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa online\nfe.exe |
"TCP Query User{50B7B669-F3B1-4906-8BE1-FFC52023A23A}C:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe |
"TCP Query User{55E589B6-8D8A-45C0-A3FA-E53249FA8F78}C:\users\niklas\appdata\roaming\vaez\xozea.exe" = protocol=6 | dir=in | app=c:\users\niklas\appdata\roaming\vaez\xozea.exe |
"TCP Query User{55F153A1-7B40-4CDA-910F-92A70262C90D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{5738A0BC-DCAD-4BE4-9426-A6E2612F85E0}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{57D2361E-7EB8-4231-832C-853DD3F7BEBB}C:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 10\manager10.exe |
"TCP Query User{588BC730-3B6D-472C-84B4-F3A3F20D6F47}D:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe |
"TCP Query User{605395F6-2FCE-44B2-97F6-4DC868032267}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{6261B895-FAE0-4FB9-A536-6AB5E969CD84}C:\program files (x86)\1c company\13th century - death or glory\engine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\engine.exe |
"TCP Query User{638BE8CB-1579-4BEE-8441-CFA07C7BFB3E}D:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe |
"TCP Query User{6867A026-FA27-4D6C-9603-784333938CE6}C:\program files (x86)\ea sports\fussball manager 12\manager12.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 12\manager12.exe |
"TCP Query User{6ACBC5D0-AB30-4DE4-81D6-9B77E3C6C412}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{71049A0B-4AA0-4DCF-B84F-CE8B7EF1963D}C:\program files (x86)\steam\steamapps\common\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
"TCP Query User{71917923-DBFA-4058-8C3D-1431BA5892D1}D:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe |
"TCP Query User{7C514155-166A-46FF-8F68-47CDB4EB9B4C}D:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe |
"TCP Query User{7E4C7B38-36F6-43C9-92C7-F15775F0F1A0}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe |
"TCP Query User{879016EF-642A-4E3E-B943-0F540552C835}C:\users\niklas\appdata\local\temp\rar$ex00.544\volley.exe" = protocol=6 | dir=in | app=c:\users\niklas\appdata\local\temp\rar$ex00.544\volley.exe |
"TCP Query User{8C9F1B84-F1DC-405B-9BDD-9A8429006DF0}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{A016FC6F-1EF9-4CC8-ACA2-BBAEE12E8E5B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{A1E7AA22-0730-4EC5-828F-65EAE89474B3}C:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{A85C632C-D9D0-4B57-9EB0-46BEF35EDD93}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{A9A261B6-5872-415A-BF3B-750FA6611B60}C:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe |
"TCP Query User{B5588EA9-AADB-4EEC-BC98-86D4B0193D2D}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{BA48B815-60FC-4FEB-B9BF-1385CDB2C0E9}C:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe |
"TCP Query User{C0DEF9C7-6F92-41C4-8277-B11C269C01AD}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{C11E9F74-79EE-4787-BD57-673D6D0353E1}G:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=g:\world of warcraft\launcher.exe |
"TCP Query User{C3D80CCB-0643-47DE-96CE-D72F1F777244}C:\program files (x86)\steam\steamapps\common\altitude\altitude.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\altitude\altitude.exe |
"TCP Query User{D19079C8-1EE7-425F-A7D8-153C7F088ED9}C:\program files (x86)\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa online\nfe.exe |
"TCP Query User{D2B0E013-AA81-42BD-8076-4FE43B0D538A}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"TCP Query User{D8FFAE3C-A34A-4B85-AB01-F85026468BA2}C:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe |
"TCP Query User{D9FD1BA7-842D-4EAA-B5F7-EF93D4E770D3}D:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{E40B48A8-6D2D-42B8-9B49-A8B6E14E1C29}D:\program files (x86)\fallout3\fallout3ng.exe" = protocol=6 | dir=in | app=d:\program files (x86)\fallout3\fallout3ng.exe |
"TCP Query User{E49ADC9B-EE65-4044-957D-168B6962742B}C:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe |
"TCP Query User{EBE32898-5FA4-4BFC-B6B7-8CA25FBA721E}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{EF5D4689-BB0A-4E93-925D-18C455F26077}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe |
"TCP Query User{F6351BD3-98A0-4D17-AA9A-7386C9DE57A9}C:\program files (x86)\bohemia interactive\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{F73996D6-CA58-4E01-8FFC-5E428F73FEBE}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe |
"TCP Query User{F9C28359-745E-4462-87A2-6E118DB3219F}C:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{FB989512-BE74-4975-8F66-2A58BD80135E}C:\program files (x86)\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\empire interactive\flatout2\flatout2.exe |
"TCP Query User{FD7ED8B7-F63A-4EC9-900F-B15B254205D2}D:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe |
"UDP Query User{019DB94D-C0D5-4FA9-B7A8-9D5F3BE7A9DE}C:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 10\manager10.exe |
"UDP Query User{03860107-89F3-4EAF-B77A-24E02FB2BB3C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{07E59667-B3A4-40BD-BA8E-4D6EE15148D2}D:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\fouc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\fouc.exe |
"UDP Query User{115898EE-1B07-4DBC-920F-0403A437A205}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe |
"UDP Query User{124C45A8-BB3D-44CF-8D9F-7D9A26102CAB}C:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe |
"UDP Query User{14EB11B0-B442-4CC8-9794-375D584C7102}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{1B942EE7-16F9-4B99-ACB1-4DEB3C4681D7}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{2896EA63-EE78-408B-AA67-32FF65AEBAE6}C:\program files (x86)\1c company\13th century - death or glory\engine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\engine.exe |
"UDP Query User{2C883B72-8D18-4DAF-801C-BEE525FBD706}C:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe |
"UDP Query User{373D96DC-F08F-4AB2-AA5D-912E5640192F}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"UDP Query User{3BE77DD8-F35C-42E9-ADB7-77C77058F0BB}C:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe |
"UDP Query User{3EC41689-197D-4A9B-8E64-E39C40A6B815}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{3ECCBA9A-A6F5-4F51-89AB-466EB20966C4}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{4334459E-B72F-49F6-A046-ABEAF44D668A}C:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{45E41582-EA33-4E61-975B-6AA071F2F45C}C:\program files (x86)\ea sports\fussball manager 12\manager12.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 12\manager12.exe |
"UDP Query User{475EE524-DA97-41B6-8D6B-54E2D00ED99F}D:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe |
"UDP Query User{4A0AAD50-DAE6-4EC1-A1C2-5911AE604177}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{4D663208-8C7F-4AC4-9429-3B783A9885E0}C:\program files (x86)\bohemia interactive\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{4DEB0BA5-2CD8-4FA8-B140-D5F48AFD17F0}C:\program files (x86)\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa online\nfe.exe |
"UDP Query User{5CB4C269-93B8-4761-8D2F-5880019E4227}D:\program files (x86)\steam\steamapps\common\gta iv san andreas\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\gta iv san andreas\gtaiv\gtaiv.exe |
"UDP Query User{60018E5F-9C10-49D3-8C11-74F3F4A2330F}C:\program files (x86)\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa online\nfe.exe |
"UDP Query User{6A5EE8DD-C53B-41CE-AFAB-FF8A6DA83ACC}D:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{6FD16FAD-9C2B-475B-9120-59657EF59330}D:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe |
"UDP Query User{72A662D9-E55F-43DB-9D17-3252CE719C8C}C:\program files (x86)\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"UDP Query User{7F7797D6-701B-49DB-9683-44E46881B4D7}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{81391F8E-EFFF-4FB1-A3A9-24BD5A80600C}C:\users\niklas\appdata\roaming\vaez\xozea.exe" = protocol=17 | dir=in | app=c:\users\niklas\appdata\roaming\vaez\xozea.exe |
"UDP Query User{88D29EFF-9D3D-4B19-B087-3A13B59D8FE4}C:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{892A53F1-4BA2-4EA5-85C6-1E95B1E44352}C:\program files (x86)\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\empire interactive\flatout2\flatout2.exe |
"UDP Query User{8B8E5137-084E-426C-9A13-293707EA306F}C:\users\niklas\appdata\local\temp\rar$ex00.544\volley.exe" = protocol=17 | dir=in | app=c:\users\niklas\appdata\local\temp\rar$ex00.544\volley.exe |
"UDP Query User{8CD5CFCD-398E-4D9A-8878-4923AD04A997}G:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=g:\world of warcraft\launcher.exe |
"UDP Query User{8ED5BAE1-EBF9-4462-B58C-23CE804A8CC6}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{97B251A0-47CB-4C93-B489-34EFCB54B75F}C:\program files (x86)\steam\steamapps\common\altitude\altitude.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\altitude\altitude.exe |
"UDP Query User{9AFA8953-2A25-4289-B32D-9282E5E54B98}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{9BCD7CE1-C894-4BC3-A25D-E619AB71FCD7}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe |
"UDP Query User{A7C1A72A-FE23-4649-917D-F1C448F0A53C}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe |
"UDP Query User{A8060751-CA1D-4983-84C8-987E1BAD9DB4}D:\program files (x86)\fallout3\fallout3ng.exe" = protocol=17 | dir=in | app=d:\program files (x86)\fallout3\fallout3ng.exe |
"UDP Query User{AC95F26B-D559-4EC3-81E3-B46353FB7D0C}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{AE616601-0D29-432D-9104-96AB99D1AADC}D:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe |
"UDP Query User{B66827DB-1326-491A-A889-0C65EEB442EE}C:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe |
"UDP Query User{B75FD0EE-49E4-4505-AEF2-1292700ACE36}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{C2C82B88-7B15-4A6A-87CE-93533A1F16FA}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{C472D016-CAE7-4471-B02F-B0EF6D68BA7B}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{C692BC30-C1D2-4DE0-8C5E-06D1FF8424BE}C:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe |
"UDP Query User{CC6C1FB3-592A-4533-87D5-375DD19F5492}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{E317E58C-EFC5-4D20-B7DF-C34B1FAEEEB6}D:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe |
"UDP Query User{E4F3FA83-EEC4-4258-86D8-651BF90E9B25}C:\program files (x86)\steam\steamapps\common\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
"UDP Query User{E74204FD-FA9B-46F9-929A-FF558394DC1B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{E79EECAD-6B95-4E76-862C-EC768964A3B3}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{E8278496-8343-4E47-A95E-CBC6CC73E444}D:\program files (x86)\fallout3\fallout3ng.exe" = protocol=17 | dir=in | app=d:\program files (x86)\fallout3\fallout3ng.exe |
"UDP Query User{EAC7B4B3-76ED-4919-A84D-0599B1AC674D}D:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe |
"UDP Query User{F084FF8C-E2F9-4025-8C1A-9A81DDFC638C}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{F2B5C0AF-9443-4E0F-97E5-A0CDAFD7F825}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{FE102076-7609-4B51-A256-0B8E4FD99C59}C:\program files (x86)\1c company\13th century - death or glory\editor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\editor.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Explorer Suite_is1" = Explorer Suite III
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PROSetDX" = Intel(R) Network Connections 13.1.33.0
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.113.08260
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2EF0D7ED-F944-4E0D-AC78-7DA00C0B81E4}_is1" = Penumbra Overture
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39A409D2-F7DF-4D52-B7F9-5E397A92B130}" = Belkin N1 Wireless USB Adapter Setup
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4343080E-448E-4E2C-B27F-B91000018201}" = Dead Rising 2
"{434D0FA1-A4CC-401A-9E74-621000028101}" = F1 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{574E78B1-E6B0-45A1-9BCE-E0906F572583}_is1" = RetroCopy64 version 0.960
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EF44D3A-E86E-434C-8418-71E277C565DF}" = TP-LINK Wireless Client Utility
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{7AF3D8F2-B2C2-4F8B-AFA4-C90001F56B1A}" = Bastion
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8599586F-3527-4C42-94FC-FCD0F8A6C91B}" = FUSSBALL MANAGER 13 Demo
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{986222E8-C018-4DA2-94BC-9B796A5A75A5}" = NetTaskAgent
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A16C577F-71FC-46CC-882F-09BF6495F6EA}" = Acer web camera
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D3CA6F11-EE65-4A69-A8C4-B8099ECFEB36}" = GTA IV: San Andreas
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8650C8D-CCB2-496E-816C-ECC54A7EE411}" = Civilization III Play the World
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FA8E7AF5-C70E-3274-9740-9E697FBD5BB7}" = Microsoft Primary Interoperability Assemblies 2010
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A New Zero" = A New Zero
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArmA 2" = ArmA 2 Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"AVerMedia A835 USB TV Tuner" = AVerMedia A835 USB TV Tuner 8.0.64.43
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye" = BattlEye Uninstall
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Braid_is1" = Braid (Version 1.015)
"CCleaner" = CCleaner
"CorsixTH" = CorsixTH 0.01
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Eufloria_is1" = Eufloria v2.04
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Found Screensaver 2" = Found Screensaver 2 Screensaver
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 2.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Herrscher des Olymp - Zeus" = Herrscher des Olymp - Zeus
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.24
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Xtreme Foto & Grafik Designer 2 D" = MAGIX Xtreme Foto & Grafik Designer 2 3.0.0.16 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Messenger Plus!" = Messenger Plus! 5
"Messenger Plus! Live" = Messenger Plus! Live
"Mgeni" = Mgeni Snapshot (10-22-2009)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mobile Partner" = Mobile Partner
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Security Task Manager" = Network Security Taskmanager 1.5
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.4
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"Radiotracker_is1" = Radiotracker 3.0.62.0
"RivaTuner" = RivaTuner v2.09
"SCANIA Truck Driving Simulator" = SCANIA Truck Driving Simulator 1.0.0
"Software Informer_is1" = Software Informer 1.0 BETA
"SopCast" = SopCast 3.4.8
"SpeedFan" = SpeedFan (remove only)
"Steam App 105400" = Fable III
"Steam App 105450" = Age of Empires® III: Complete Collection
"Steam App 105600" = Terraria
"Steam App 107400" = ARMA 2: Free
"Steam App 115100" = Costume Quest
"Steam App 115110" = Stacking
"Steam App 12210" = Grand Theft Auto IV
"Steam App 130" = Half-Life: Blue Shift
"Steam App 17390" = Spore
"Steam App 17410" = Mirror's Edge
"Steam App 17440" = Spore: Creepy & Cute Parts Pack
"Steam App 204030" = Fable - The Lost Chapters
"Steam App 207170" = Legend of Grimrock
"Steam App 218" = Source SDK Base 2007
"Steam App 219740" = Don't Starve
"Steam App 22200" = Zeno Clash
"Steam App 24720" = Spore: Galactic Adventures
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 33440" = Driver San Francisco
"Steam App 33460" = From Dust
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 35720" = Trine 2
"Steam App 4000" = Garry's Mod
"Steam App 40800" = Super Meat Boy
"Steam App 45740" = Dead Rising 2
"Steam App 50" = Half-Life: Opposing Force
"Steam App 50000" = Nimbus
"Steam App 50130" = Mafia II
"Steam App 6200" = Ghost Master
"Steam App 63500" = Swords and Soldiers HD
"Steam App 70" = Half-Life
"Steam App 72200" = Universe Sandbox
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SystemRequirementsLab" = System Requirements Lab
"The Void_is1" = The Void
"UltraStar Deluxe" = UltraStar Deluxe
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Zattoo4" = Zattoo4 4.0.5
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2
"Square Enix Secure Launcher" = Square Enix Secure Launcher
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26.02.2013 07:06:16 | Computer Name = Fey-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 26.02.2013 07:08:44 | Computer Name = Fey-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\phonostar-player\phonostar.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 26.02.2013 07:33:12 | Computer Name = Fey-PC | Source = WinMgmt | ID = 10
Description =

Error - 26.02.2013 18:56:41 | Computer Name = Fey-PC | Source = MsiInstaller | ID = 11321
Description =

Error - 26.02.2013 18:56:42 | Computer Name = Fey-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 26.02.2013 18:56:42 | Computer Name = Fey-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 26.02.2013 18:56:42 | Computer Name = Fey-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 27.02.2013 05:52:20 | Computer Name = Fey-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.02.2013 13:58:23 | Computer Name = Fey-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 27.02.2013 13:59:20 | Computer Name = Fey-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\phonostar-player\phonostar.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 27.02.2013 17:36:53 | Computer Name = Fey-PC | Source = WinMgmt | ID = 10
Description =

Error - 28.02.2013 08:30:46 | Computer Name = Fey-PC | Source = WinMgmt | ID = 10
Description =

Error - 28.02.2013 13:31:54 | Computer Name = Fey-PC | Source = NetTaskAgent | ID = 356
Description =

Error - 28.02.2013 14:45:03 | Computer Name = Fey-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.697,
Zeitstempel: 0x506b3bc0 Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.697,
Zeitstempel: 0x506b3bc0 Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000153481
ID
des fehlerhaften Prozesses: 0xe24 Startzeit der fehlerhaften Anwendung: 0x01ce15af662341e4
Pfad
der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Berichtskennung:
f5cb0797-81d6-11e2-8c00-00226867fde3

[ Media Center Events ]
Error - 24.01.2010 18:44:54 | Computer Name = Fey-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

Error - 31.01.2010 23:34:41 | Computer Name = Fey-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

[ System Events ]
Error - 26.02.2013 07:33:49 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 26.02.2013 07:33:49 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 27.02.2013 05:53:08 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 27.02.2013 05:53:08 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 27.02.2013 17:37:47 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 27.02.2013 17:37:47 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 28.02.2013 08:31:51 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 28.02.2013 08:31:51 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 28.02.2013 14:45:02 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 28.02.2013 14:45:02 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

< End of report >

aharonov · 28.02.2013, 23:26

Hallo verwinkelt und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich.
Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.
Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.

Hinweise zum Ablauf

Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
- Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
- Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles gesammelt in einer Antwort.
- Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
- Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.

Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert. Deshalb: Bitte
- .. lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
- .. installiere oder deinstalliere während der Bereinigung keine Software.
- .. frag nicht parallel in anderen Foren nach Hilfe (Crossposting).

Ich kann dir keine Garantien geben, dass die Bereinigung schlussendlich erfolgreich sein wird und wir alles finden werden.
- Ein Formatieren und Neuinstallieren ist meist der schnellere und immer der sicherere Weg.
- Sollte ich eine schwerwiegende Infektion bei dir finden, werde ich dich nochmals darauf hinweisen. Es bleibt aber deine Entscheidung.

Los geht's: Alle Tools immer auf den Desktop speichern und von dort starten.

Schauen wir mal:
(Die Logfiles bitte nicht anhängen, sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].)

Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.

Schliesse alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.

WICHTIG: Speichere Combofix auf deinen Desktop.
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von AdwCleaner
Log von Combofix
Log von OTL

verwinkelt · 01.03.2013, 00:16

Hallo leo !

Log von OTL

Code:

ATTFilter

OTL logfile created on: 01.03.2013 00:03:51 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = c:\users\niklas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 9,25 Gb Available Physical Memory | 77,12% Memory free
23,98 Gb Paging File | 21,36 Gb Available in Paging File | 89,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 342,02 Gb Total Space | 57,22 Gb Free Space | 16,73% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 429,45 Gb Free Space | 61,47% Space Free | Partition Type: NTFS
Drive E: | 43,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 341,97 Gb Total Space | 341,86 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: FEY-PC | User Name: Niklas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.28 19:36:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\users\niklas\Downloads\OTL.exe
PRC - [2013.02.27 02:33:10 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
PRC - [2013.02.21 11:32:25 | 003,494,992 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013.02.20 13:47:00 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.19 08:45:35 | 000,374,560 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
PRC - [2012.09.19 08:45:35 | 000,295,440 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012.09.19 08:45:30 | 000,078,352 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012.09.19 08:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012.08.08 19:16:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 16:56:41 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012.05.08 16:56:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 16:56:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.20 13:59:34 | 000,271,224 | ---- | M] (Neuber Software GmbH, www.neuber.com) -- C:\Windows\SysWOW64\NetTaskAgent.exe
PRC - [2010.12.15 02:59:17 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.10.09 12:11:19 | 000,389,120 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2009.07.31 20:06:24 | 000,155,648 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2009.06.19 10:31:38 | 000,651,264 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2009.04.08 12:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.05.20 17:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.27 02:33:10 | 014,718,320 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
MOD - [2013.02.21 11:32:25 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2013.02.20 13:47:00 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.08.24 03:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd
MOD - [2011.08.24 03:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ctypes.pyd
MOD - [2011.08.24 03:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd
MOD - [2009.07.31 20:06:24 | 000,155,648 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.27 02:33:10 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.20 13:47:00 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.19 08:45:35 | 000,295,440 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012.09.19 08:45:30 | 000,078,352 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2012.09.19 08:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012.08.30 20:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.08 16:56:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 16:56:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.20 13:59:34 | 000,271,224 | ---- | M] (Neuber Software GmbH, www.neuber.com) [Auto | Running] -- C:\Windows\SysWOW64\NetTaskAgent.exe -- (NetTaskAgent)
SRV - [2010.12.15 02:59:17 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.08.19 09:52:04 | 000,229,376 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.02 18:09:54 | 000,246,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.10.09 12:11:19 | 000,389,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.04.08 12:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.10.01 11:43:56 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.05.20 17:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 16:56:41 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 16:56:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.18 20:42:15 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.11.17 15:37:16 | 000,572,336 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011.11.17 15:37:16 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.11.17 15:37:14 | 000,352,816 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.31 17:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.08.07 16:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.07.27 14:26:34 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.07.27 08:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010.06.27 19:37:57 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.06.01 16:28:10 | 000,769,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\arusb_win7x.sys -- (arusb_win7x)
DRV:64bit: - [2010.04.16 07:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.10.19 04:32:40 | 000,511,232 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerAF35.sys -- (AVerAF35)
DRV:64bit: - [2009.10.01 19:07:36 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.28 10:07:14 | 000,376,848 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2009.05.28 10:07:14 | 000,061,712 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008.12.02 13:01:42 | 000,068,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:64bit: - [2008.11.04 09:52:36 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic)
DRV:64bit: - [2008.11.04 09:52:36 | 000,132,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV:64bit: - [2008.11.04 09:52:36 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2008.11.04 09:52:36 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5)
DRV:64bit: - [2008.11.04 09:52:32 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2008.11.04 09:52:32 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008.11.04 09:52:30 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus)
DRV:64bit: - [2008.09.23 17:19:04 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64)
DRV:64bit: - [2008.07.29 17:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDVdisk.sys -- (psdvdisk)
DRV:64bit: - [2008.07.29 17:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008.07.29 17:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\psdfilter.sys -- (PSDFilter)
DRV:64bit: - [2008.05.23 15:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2008.01.30 10:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008.01.30 10:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.01.09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2007.11.30 13:14:52 | 000,347,144 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MRVW24C.sys -- (MRV6X64U)
DRV - [2011.09.13 21:57:19 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.09\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.09.30 09:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2008.05.26 10:54:28 | 000,120,816 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Programme\Acer\Empowering Technology\eRecovery\wsvd.sys -- (WSVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m7720
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\@2\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m7720
IE - HKU\@2\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\@2\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m7720
IE - HKU\@2\..\SearchScopes,DefaultScope = {A1BA4F28-B648-456D-B5AE-59ED24C61AF0}
IE - HKU\@2\..\SearchScopes\{A1BA4F28-B648-456D-B5AE-59ED24C61AF0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKU\@2\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.4
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\Niklas\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Niklas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Niklas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Niklas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 13:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.27 21:38:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.28 13:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 13:47:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.27 21:38:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.28 13:36:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.03.27 15:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\Extensions
[2010.03.10 21:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.02.23 23:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\Firefox\Profiles\2bbu22w3.default\extensions
[2011.12.13 08:04:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Niklas\AppData\Roaming\mozilla\Firefox\Profiles\2bbu22w3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.13 08:04:13 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Niklas\AppData\Roaming\mozilla\Firefox\Profiles\2bbu22w3.default\extensions\personas@christopher.beard
[2013.02.23 23:39:13 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\2bbu22w3.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.12.01 19:59:06 | 000,363,832 | ---- | M] () (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\2bbu22w3.default\extensions\smarterwiki@wikiatic.com.xpi
[2013.02.03 11:36:34 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\2bbu22w3.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.02.15 10:39:03 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\2bbu22w3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.20 13:32:00 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\2bbu22w3.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2009.08.24 06:16:27 | 000,002,172 | ---- | M] () -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\2bbu22w3.default\searchplugins\bing.xml
[2013.02.20 13:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.02.20 13:46:56 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}
[2013.02.20 13:46:56 | 000,000,000 | ---D | M] (SeekService) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{86009AEF-9162-4EBC-B698-FF71D7B6B049}
[2013.02.20 13:47:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.03 07:23:21 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.08.27 15:52:52 | 000,002,399 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seekservice110.xml
[2009.09.03 20:02:06 | 000,002,399 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seekservice123.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.searchnu.com/414
 
O1 HOSTS File: ([2013.02.28 23:55:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\@1..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\@1..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\@1\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\@2\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DFC4CF9-8195-447C-B93B-09038FFD7623}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20A5B0A3-17AF-40C3-B8BC-CB0BAA02142F}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6114C60E-289D-4665-954B-82F54F684C73}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641754F0-3EF0-4739-9130-4423D37D1E55}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66D2FCF4-EC4B-455E-8A7C-36BA8B3DBB6E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD371EEA-6892-4526-B8C7-0761C4ADB4F1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD5ECF3D-E97E-4B94-8321-18C08B77A060}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC7B624C-10DB-42F5-B066-1FC4A387F3D7}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Niklas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Niklas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.28 23:55:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.28 23:48:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.28 23:48:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.28 23:48:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.28 23:48:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.02.28 23:37:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.28 23:37:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.28 23:37:24 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\Niklas\Desktop\ComboFix.exe
[2013.02.28 22:36:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
[2013.02.28 18:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Network Security Task Manager
[2013.02.28 18:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Security Task Manager
[2013.02.28 18:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Network Security Taskmanager
[2013.02.28 13:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.02.27 21:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.26 23:56:37 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.02.26 02:58:34 | 000,000,000 | ---D | C] -- C:\Users\Niklas\AppData\Roaming\Malwarebytes
[2013.02.26 02:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.26 02:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.26 02:58:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.26 02:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.24 02:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013.02.24 02:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install
[2013.02.20 23:54:41 | 000,000,000 | ---D | C] -- C:\Users\Niklas\Desktop\Tracy Chapman Collection
[2013.02.20 23:54:38 | 000,000,000 | ---D | C] -- C:\Users\Niklas\Desktop\In Aller Stille
[2013.02.20 23:54:34 | 000,000,000 | ---D | C] -- C:\Users\Niklas\Desktop\Herzscheisse
[2013.02.20 23:54:28 | 000,000,000 | ---D | C] -- C:\Users\Niklas\Desktop\coeur de pirate
[2013.02.20 13:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.04 17:10:51 | 000,000,000 | ---D | C] -- C:\Users\Niklas\Documents\Klei
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Niklas\*.tmp files -> C:\Users\Niklas\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.01 00:02:17 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4029133945-3299104507-864066367-1000UA.job
[2013.02.28 23:55:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.28 23:40:57 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 23:40:57 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 23:40:29 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.28 23:40:29 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.28 23:40:29 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.28 23:40:29 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.28 23:40:29 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.28 23:33:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2013.02.28 23:33:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.28 23:33:16 | 1066,799,102 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.28 23:30:39 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\Niklas\Desktop\ComboFix.exe
[2013.02.28 22:36:50 | 000,002,152 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2013.02.28 22:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.28 19:59:50 | 000,000,000 | ---- | M] () -- C:\Users\Niklas\defogger_reenable
[2013.02.28 15:02:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4029133945-3299104507-864066367-1000Core.job
[2013.02.27 21:38:33 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.26 02:58:26 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.24 02:26:56 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk
[2013.02.19 20:09:06 | 003,698,702 | ---- | M] () -- C:\Users\Niklas\Desktop\16 Spur 16.wma
[2013.02.14 10:15:10 | 000,447,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.04 17:08:03 | 000,000,222 | ---- | M] () -- C:\Users\Niklas\Desktop\Don't Starve.url
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Niklas\*.tmp files -> C:\Users\Niklas\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.28 23:48:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.28 23:48:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.28 23:48:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.28 23:48:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.28 23:48:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.28 22:36:50 | 000,002,152 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2013.02.28 19:59:50 | 000,000,000 | ---- | C] () -- C:\Users\Niklas\defogger_reenable
[2013.02.27 21:38:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.27 21:38:33 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.26 02:58:26 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.24 02:26:50 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk
[2013.02.20 23:54:52 | 003,698,702 | ---- | C] () -- C:\Users\Niklas\Desktop\16 Spur 16.wma
[2013.02.04 17:08:03 | 000,000,222 | ---- | C] () -- C:\Users\Niklas\Desktop\Don't Starve.url
[2012.03.18 18:06:35 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012.02.02 15:08:21 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.02.02 15:08:21 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.02.02 15:08:21 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.02.02 15:03:01 | 000,000,338 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 22:49:26 | 000,007,597 | ---- | C] () -- C:\Users\Niklas\AppData\Local\resmon.resmoncfg
[2011.08.22 10:46:01 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011.08.22 10:46:01 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.08.11 18:29:34 | 000,005,632 | ---- | C] () -- C:\Users\Niklas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.06 01:37:45 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2011.05.06 01:37:45 | 000,003,456 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2011.05.06 01:37:30 | 000,598,016 | ---- | C] () -- C:\Windows\SysWow64\sptlib21.dll
[2011.05.06 01:37:30 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2011.05.06 01:37:30 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib11.dll
[2011.05.06 01:37:30 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\sptlib22.dll
[2011.05.06 01:37:30 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll
[2011.05.06 01:37:30 | 000,225,280 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2011.05.06 01:37:30 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\sptlib12.dll
[2010.05.19 14:19:22 | 000,017,408 | ---- | C] () -- C:\Users\Niklas\AppData\Local\WebpageIcons.db
[2010.03.13 21:58:05 | 000,000,008 | ---- | C] () -- C:\Users\Niklas\AppData\Roaming\DofusAppId0_3
[2010.03.12 05:29:24 | 000,000,008 | ---- | C] () -- C:\Users\Niklas\AppData\Roaming\DofusAppId0_2
[2010.03.12 05:27:12 | 000,000,173 | ---- | C] () -- C:\Users\Niklas\AppData\Roaming\D2Info0
[2010.03.12 05:27:12 | 000,000,008 | ---- | C] () -- C:\Users\Niklas\AppData\Roaming\DofusAppId0_1
[2010.03.10 21:44:37 | 000,000,094 | ---- | C] () -- C:\Users\Niklas\AppData\Local\fusioncache.dat
[2010.03.10 21:11:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.08.23 00:03:51 | 000,027,528 | ---- | C] () -- C:\Users\Niklas\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.12 11:05:16 | 000,000,000 | ---D | M] -- C:\Users\ergrg\AppData\Roaming\Origin
[2012.02.01 23:16:42 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\.minecraft
[2010.03.14 20:38:28 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\.purple
[2010.03.10 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Acer GameZone Console
[2010.04.26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Braid
[2010.03.10 20:49:36 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Broken Sword 2.5
[2012.06.03 14:40:31 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\capy
[2012.04.11 15:36:48 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\CorsixTH
[2010.03.14 18:38:28 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\DiskSpaceFanPro
[2009.08.23 23:58:25 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\DisplayTune
[2012.11.02 03:29:48 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Doublefine
[2010.10.15 07:46:17 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\DVDVideoSoft
[2010.07.08 04:54:35 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\eSobi
[2010.03.10 20:49:36 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\FFSJ
[2012.06.02 15:58:17 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\fltk.org
[2010.05.12 07:42:58 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\FreeAudioPack
[2012.03.26 13:40:59 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\FreeVideoConverter
[2010.03.10 20:49:36 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\GetRightToGo
[2012.10.21 03:18:03 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\KeePass
[2010.10.01 14:25:45 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Leadertech
[2012.07.19 16:21:50 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Lionhead Studios
[2012.06.09 14:24:10 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\LoneSurvivor
[2010.07.10 04:17:30 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\LucasArts
[2010.03.27 14:25:28 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\MAGIX
[2010.10.15 08:50:16 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\MPEG Streamclip
[2010.03.10 20:49:47 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\OpenOffice.org
[2010.07.17 02:27:06 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Opera
[2012.12.03 13:01:46 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Origin
[2009.08.24 04:34:03 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\PeerNetworking
[2010.07.14 18:36:51 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\phonostar GmbH
[2012.02.20 18:25:19 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010.03.12 05:27:16 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\RegTesting.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010.06.18 05:38:56 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\RTPlayer
[2012.06.25 18:58:09 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\six-updater
[2012.06.11 15:11:11 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\six-zsync
[2010.12.18 16:18:59 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Software Informer
[2012.01.06 20:12:28 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Sony
[2010.07.21 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Sony Creative Software
[2010.03.20 08:12:45 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Sony Setup
[2010.12.23 12:16:47 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Spore
[2012.01.05 13:44:57 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\System
[2010.12.13 14:44:48 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Telefónica
[2010.08.27 14:04:58 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\The Creative Assembly
[2010.03.10 21:27:41 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Thunderbird
[2012.02.19 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Trine2
[2010.10.15 20:29:21 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\ultrastardx
[2010.03.11 23:49:11 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Uniblue
[2012.07.01 02:47:35 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Unity
[2012.01.05 13:45:38 | 000,000,000 | -HSD | M] -- C:\Users\Niklas\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 

< End of report >

Log von Combofix

Code:

ATTFilter

ComboFix 13-02-26.01 - Niklas 28.02.2013  23:49:58.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.12279.10117 [GMT 1:00]
ausgeführt von:: c:\users\Niklas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\C9B086CE-4A3B-11DB-8373-B622A1EF5492
c:\programdata\hpeAAB5.dll
c:\programdata\hpeB64A.dll
c:\users\Niklas\AppData\Roaming\.#
c:\users\Niklas\AppData\Roaming\.#\MBX@1050@3D2928.###
c:\users\Niklas\AppData\Roaming\.#\MBX@1050@3D2958.###
c:\users\Niklas\AppData\Roaming\.#\MBX@1050@3D2988.###
c:\users\Niklas\AppData\Roaming\.#\MBX@11DC@25C2928.###
c:\users\Niklas\AppData\Roaming\.#\MBX@11DC@25C2958.###
c:\users\Niklas\AppData\Roaming\.#\MBX@11DC@25C2988.###
c:\users\Niklas\AppData\Roaming\.#\MBX@1218@20E2928.###
c:\users\Niklas\AppData\Roaming\.#\MBX@1218@20E2958.###
c:\users\Niklas\AppData\Roaming\.#\MBX@1218@20E2988.###
c:\users\Niklas\AppData\Roaming\.#\MBX@12D0@1E2928.###
c:\users\Niklas\AppData\Roaming\.#\MBX@12D0@1E2958.###
c:\users\Niklas\AppData\Roaming\.#\MBX@12D0@1E2988.###
c:\users\Niklas\AppData\Roaming\.#\MBX@938@602928.###
c:\users\Niklas\AppData\Roaming\.#\MBX@938@602958.###
c:\users\Niklas\AppData\Roaming\.#\MBX@938@602988.###
c:\users\Niklas\AppData\Roaming\.#\MBX@DC0@2372928.###
c:\users\Niklas\AppData\Roaming\.#\MBX@DC0@2372958.###
c:\users\Niklas\AppData\Roaming\.#\MBX@DC0@2372988.###
c:\users\Niklas\AppData\Roaming\0ad
c:\users\Niklas\AppData\Roaming\app
c:\users\Niklas\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Niklas\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\windows\IsUn0407.exe
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\tmp7145.tmp
c:\windows\SysWow64\tmp7146.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\wininit.ini
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-28 bis 2013-02-28  ))))))))))))))))))))))))))))))
.
.
2013-02-28 22:45 . 2013-02-28 22:45	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{33AE1FCF-4EFC-4AE2-8002-EC74658517FC}\offreg.dll
2013-02-28 17:30 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\_enviewlist.dll
2013-02-28 17:30 . 2010-11-20 12:18	640512	----a-w-	c:\windows\SysWow64\_entreelist.dll
2013-02-28 17:08 . 2013-02-28 22:01	--------	d-----w-	c:\programdata\Network Security Task Manager
2013-02-28 17:08 . 2013-02-28 17:08	--------	d-----w-	c:\program files (x86)\Network Security Taskmanager
2013-02-28 12:36 . 2013-02-28 12:53	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-02-27 20:38 . 2013-02-27 20:38	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-02-26 22:58 . 2013-02-26 22:58	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-26 11:36 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{33AE1FCF-4EFC-4AE2-8002-EC74658517FC}\mpengine.dll
2013-02-26 01:58 . 2013-02-26 01:58	--------	d-----w-	c:\users\Niklas\AppData\Roaming\Malwarebytes
2013-02-26 01:58 . 2013-02-26 01:58	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-26 01:58 . 2013-02-26 01:58	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-26 01:58 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-24 01:25 . 2013-02-24 01:26	--------	d-----w-	c:\program files (x86)\Sony Media Go Install
2013-02-15 22:04 . 2013-02-15 22:04	208448	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 01:04 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 01:04 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 08:20 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 08:20 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 08:20 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 08:20 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 08:20 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 08:20 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 08:20 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 08:20 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 08:20 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 08:20 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 08:20 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 08:20 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 01:33 . 2012-05-09 14:33	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 01:33 . 2011-10-15 15:11	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-26 22:58 . 2012-06-24 12:16	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-02-26 22:58 . 2010-06-23 01:47	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-14 01:06 . 2010-03-10 20:56	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2009-10-03 17:50	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 08:20	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-23 19:06	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-23 19:06	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 19:06	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-23 19:06	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 12:40	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 12:40	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 12:40	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 12:40	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 12:40	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 12:40	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 12:40	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 12:40	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 12:40	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 12:40	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 12:40	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 12:40	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 12:40	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 12:40	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 12:40	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 12:40	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 12:40	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 12:40	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 12:40	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 12:40	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 12:40	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 12:40	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 12:40	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 12:40	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 12:40	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 12:40	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 12:40	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 12:40	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 12:40	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 12:40	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 12:40	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 12:40	51712	----a-w-	c:\windows\SysWow64\esrb.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52	121392	----a-w-	c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-02-21 222504]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-09-19 374560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2011-5-6 155648]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-5-6 651264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2009-6-24 319488]
SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2009-6-24 339968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Mobile Partner Manager\AssistantServices.exe [2009-12-02 246272]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\Drivers\AVerAF35.sys [2009-10-19 511232]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 256000]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2009-05-28 61712]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2009-05-28 376848]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 MRV6X64U;Belkin N1 Wireless USB Network Adapter Driver for Windows Vista x64;c:\windows\system32\DRIVERS\MRVW24C.sys [2007-11-30 347144]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.09\RivaTuner64.sys [2011-09-13 19952]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 113704]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 19496]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 152616]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 132648]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 34856]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 128552]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 145960]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-16 50176]
R3 WSVD;WSVD;c:\program files\Acer\Empowering Technology\eRecovery\WSVD.sys [2008-05-26 120816]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-18 283200]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-17 352816]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-10-09 389120]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-09-19 90640]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-09-19 78352]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-09-19 295440]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-10-01 24576]
S2 NetTaskAgent;Network Security Task Manager Service;c:\windows\SysWOW64\NetTaskAgent.exe [2012-01-20 271224]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 arusb_win7x;Service For TP-LINK Wireless N Adapter;c:\windows\system32\DRIVERS\arusb_win7x.sys [2010-06-01 769024]
S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [2008-09-23 34840]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 86016]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	----a-w-	c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 01:33]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4029133945-3299104507-864066367-1000Core.job
- c:\users\Niklas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 09:43]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4029133945-3299104507-864066367-1000UA.job
- c:\users\Niklas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 09:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:53	50736	----a-w-	c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{20A5B0A3-17AF-40C3-B8BC-CB0BAA02142F}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{641754F0-3EF0-4739-9130-4423D37D1E55}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\2bbu22w3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2010-03-10 20:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{ff88a983-649d-4207-9336-9b999280b436} - (no file)
Wow6432Node-HKCU-Run-fsm - (no file)
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
WebBrowser-{FF88A983-649D-4207-9336-9B999280B436} - (no file)
AddRemove-BattlEye - c:\program files\Bohemia Interactive\ArmA 2Expansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye A2 Free - d:\program files (x86)\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - c:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - c:\program files\Bohemia Interactive\ArmA 2Expansion\BattlEye\UnInstallBE.exe
AddRemove-Braid_is1 - c:\program files (x86)\Braid\unins000.exe
AddRemove-Herrscher des Olymp - Zeus - c:\windows\IsUn0407.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2} - c:\program files (x86)\InstallShield Installation Information\{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}\setup.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\users\Niklas\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4029133945-3299104507-864066367-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:46,9e,49,45,90,65,0d,79,35,32,fd,21,ea,3f,d7,f8,26,30,45,a5,1a,5b,83,
   95,26,12,65,95,6d,db,34,6d,b9,47,60,b6,06,be,ae,7f,f2,a0,45,e7,40,c3,c5,d5,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-4029133945-3299104507-864066367-1000\Software\SecuROM\License information*]
"datasecu"=hex:b3,73,11,a5,2f,e3,42,d6,9b,8b,61,9e,76,a4,46,e9,01,ae,a5,3e,09,
   6f,78,4c,62,db,f2,1a,49,f4,e9,5c,1e,22,a1,c2,ab,95,fc,08,64,9f,1e,7a,3d,c8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-28  23:57:23
ComboFix-quarantined-files.txt  2013-02-28 22:57
.
Vor Suchlauf: 19 Verzeichnis(se), 59.013.349.376 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 61.335.482.368 Bytes frei
.
- - End Of File - - D6A285B326701441F4067A4A79656B74

Log von awdcleaner

Code:

ATTFilter

# AdwCleaner v2.113 - Datei am 28/02/2013 um 23:31:51 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Niklas - FEY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Niklas\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Niklas\AppData\Local\Temp\Searchqu.ini
Datei Gelöscht : C:\Users\Niklas\AppData\Local\Temp\searchqutoolbar-manifest.xml
Datei Gelöscht : C:\Users\Niklas\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
Datei Gelöscht : C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\2bbu22w3.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Niklas\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Niklas\AppData\LocalLow\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3031778
Schlüssel Gelöscht : HKLM\Software\Informer Technologies, Inc.\OpenCandy
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/414 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\2bbu22w3.default\prefs.js

C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\2bbu22w3.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");

-\\ Google Chrome v25.0.1364.97

Datei : C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v10.60.3445.0

Datei : C:\Users\Niklas\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : Home URL=hxxp://www.searchnu.com/414

*************************

AdwCleaner[S1].txt - [4638 octets] - [28/02/2013 23:31:51]

########## EOF - C:\AdwCleaner[S1].txt - [4698 octets] ##########

aharonov · 01.03.2013, 00:30

Hi,

wie läuft der Rechner jetzt? Noch Probleme zu erkennen?

Warnung: Infostealer

Aus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat.
Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen.

Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern.

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:commands
[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.

Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
(Danach nicht vergessen, sie wieder einzuschalten.)
Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
Warte bis die Komponenten heruntergeladen sind.
Setze den Haken bei Scan archives.
Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
Drücke dann auf Start.
Die Signaturen werden heruntergeladen und der Scan startet automatisch.
Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
Falls nach Beendigung des Scans Funde angezeigt werden, dann:
- Drücke auf List of found threats.
- Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
- Drücke danach auf << Back.
Schliesse nun den Scanner mit einem Klick auf Finish.

Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Schritt 4

Downloade dir bitte SecurityCheck (Link 2).

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck

verwinkelt · 01.03.2013, 16:36

Hallo, Leo

Der Pc hatte sich erstmal nicht verändert. ich habe gemerkt das jetzt 2 programme nicht mehr funktionieren die sonst immer liefen. darunter Cyperlink PowerDVD13. kann keine medien mehr abspielen. er zeigt mir eine Fehlermeldung an. evtl sind Dateien beschädigt oder infiziert.

Fifa 13 geht seit gestern auch nichtmehr. bzw es startet normal minimiert sich dann aber regelmäßig nach ein paar sekunden. der Fehler ist reproduzierbar. keine ahnung ob das am Virusbefall liegt.
(nachtrag: fifa geht augenscheinlich wieder) bei Powerdvd habe ich bedenken ob ich das starten soll, was meinst du ?

ein dickes Danke jetzt schonmal für dein Einsatz hier, diese Seite hier ist ein Glücksfall

OTL

Code:

ATTFilter

All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ergrg
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
 
User: Niklas
->Temp folder emptied: 1006708 bytes
->Temporary Internet Files folder emptied: 429464907 bytes
->Java cache emptied: 49920520 bytes
->FireFox cache emptied: 419577943 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 6382601 bytes
->Flash cache emptied: 49093 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 958464 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 938 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36063133 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 900,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03012013_004518

Files\Folders moved on Reboot...
C:\Users\Niklas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.28.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Niklas :: FEY-PC [Administrator]

01.03.2013 00:53:49
mbam-log-2013-03-01 (00-53-49).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 261525
Laufzeit: 4 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET (der Scan dauerte über 15 Stunden. ich hatte eine externe Festplatte(backup) und ein usb stick dran)

Code:

ATTFilter

C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf	INF/Autorun.gen worm
H:\FEY-PC\Backup Set 2012-03-22 154912\Backup Files 2012-03-22 154912\Backup files 12.zip	INF/Autorun.gen worm
H:\FEY-PC\Backup Set 2012-03-22 154912\Backup Files 2012-06-03 190001\Backup files 6.zip	HTML/Fraud.BG trojan
H:\FEY-PC\Backup Set 2012-03-22 154912\Backup Files 2012-07-13 232517\Backup files 5.zip	HTML/Iframe.B.Gen virus
H:\FEY-PC\Backup Set 2012-03-22 154912\Backup Files 2012-07-22 190001\Backup files 4.zip	HTML/Fraud.BG trojan
H:\FEY-PC\Backup Set 2012-03-22 154912\Backup Files 2012-07-29 190001\Backup files 4.zip	HTML/Iframe.B.Gen virus
H:\FEY-PC\Backup Set 2012-09-09 205918\Backup Files 2012-09-09 205918\Backup files 19.zip	INF/Autorun.gen worm
H:\FEY-PC\Backup Set 2012-09-16 213248\Backup Files 2012-09-16 213248\Backup files 21.zip	INF/Autorun.gen worm

Checkup

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.60  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 CCleaner     
 JavaFX 2.1.1    
 Java(TM) 6 Update 21  
 Java 7 Update 15  
 Adobe Flash Player 11.6.602.171  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (19.0) 
 Mozilla Thunderbird (17.0.3) 
 Google Chrome 24.0.1312.57  
 Google Chrome 25.0.1364.97  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

aharonov · 01.03.2013, 18:52

Hallo,

Zitat:

Cyperlink PowerDVD13. kann keine medien mehr abspielen. er zeigt mir eine Fehlermeldung an. evtl sind Dateien beschädigt oder infiziert.

Kannst du mir bitte mal den genauen Wortlaut der Fehlermeldung mitteilen?
Ich denke nicht, dass das ein Malwareproblem ist. Schon mal versucht, das Programm zu deinstallieren und dann neu zu installieren?

Deine infizierten Backups, die ESET gemeldet hat, kannst du löschen und dann durch ein neues Backup ersetzen.

verwinkelt · 01.03.2013, 19:32

erstmal kommt :

CyberLink powerdvd kann nicht auf das Speichergerät zugreifen. wählen sie ein anderes gerät aus, wenn die Wiedergabe stoppt.

klickt man auf ok kommt das :

Cyberlink Powerdvd konnte nicht gestartet werden, da einige der Komponenten beschädigt zu sein scheinen. versuchen sie cyberlink powerdvd zu deinstallieren und wieder zu installieren, oder prüfen sie mit einer anti-viren software ob eine infizierung vorliegt. wenn das programm dann immer noch nicht gestartet werden kann, wenden sie sich an den kundendienst, um hilfe zu erhalten. fehlercode 101

ich denke ich werde das programm und alle einträge davon runterschmeissen. und dann mal auf d: istallieren. falls das nicht hilft werde ich den kunensupport anschreiben.

aharonov · 01.03.2013, 19:49

Zitat:

ich denke ich werde das programm und alle einträge davon runterschmeissen. und dann mal auf d: istallieren.

Ja, versuch das mal. Ich denke nicht, dass das ein Malwareproblem ist.

verwinkelt · 01.03.2013, 19:58

Solala. es ging auch anders. vor deinem ganz ersten Beitrag hier hatte ich das programm nochmal neu istalliert. die aktualisierung mitgenommen die mir dann empfohlen wurde von programm.
jetzt habe ich nochmal selber auf aktualisierungen gedrückt und mir den neusten patch runtergeladen. und tada. es funktioniert wieder. komisch. aber ok. gut soweit.

Denkst du das mein Pc jetzt wieder virenfrei ist ? zumindest soweit man das sagen kann.

Wie beuge ich einen erneuten befall vor. was ist zu beachten ?

aharonov · 01.03.2013, 20:09

Hallo,

prima. Manchmal passt halt irgendwas nicht, ohne dass man genau weiss was. Aber wenn jetzt wieder alles läuft, ist es ja ok.

Zitat:

Denkst du das mein Pc jetzt wieder virenfrei ist ? zumindest soweit man das sagen kann.

Soweit ich sehen kann, ja.

Zitat:

Wie beuge ich einen erneuten befall vor. was ist zu beachten ?

Ich hänge dir zum Schluss eine Reihe von Tipps dazu an.

Jetzt räumen wir noch alles auf.

Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall CCleaner.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über

Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)

zu deinstallieren.

Schritt 1

Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
Suche und deinstalliere dort der Reihe nach folgende Einträge:
- Java(TM) 6 Update 21
- Adobe Reader 9
Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.

Schritt 2

Starte defogger und drücke den Button Re-enable.

Schritt 3

Bitte deaktiviere jetzt temporär das Antiviren-Programm, evtl. vorhandenes Skript-Blocking und Antimalware-Programme.

Drücke bitte die

+ R Taste, kopiere folgenden Text in das Ausführen Fenster

Code:

ATTFilter

Combofix /Uninstall

und drücke OK.
Du kannst die eben deaktivierten Programme nun wieder einschalten.

Schritt 4

Den ESET Online Scanner kannst du behalten, um ab und zu für eine Zweitmeinung dein System damit zu scannen.
Falls du ESET aber deinstallieren möchtest, dann:

Drücke bitte die

+ R Taste, kopiere folgenden Text in das Ausführen Fenster

Code:

ATTFilter

"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"

und drücke OK.

Schritt 5

Downloade dir bitte delfix auf deinen Desktop.

Schliesse alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Klicke auf Start.
DelFix entfernt alle von uns verwendeten Programme und löscht sich anschliessend selbst.
Sollte denoch etwas übrig bleiben, kannst du es manuell löschen.

>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.

Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:

Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.

Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.

Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:

NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:

Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

verwinkelt · 01.03.2013, 21:03

So alles soweit gelöscht.

Adobe Reader war unter Systemeinstellungen nicht zu finden. habe dann danach gesucht und noch dateien gefunden. die habe ich alle gelöscht.

DIe externe festplatte habe ich bereinigt. komplette Backupdateien gelöscht und die infizierte Autorun datei.

ich bin mir nicht ganz sicher ob das jetzt dem auslieferungszustand entspricht.
drauf sind noch :

slm.exe
MediaID.bin
mac
Icon1
Drivenavi.exe

dazu noch eine frage. zuletzt konnte kein Backup mehr angefertigt werden weil die Speicherkapazität überschritten wurde. die festplatte hat ~1TB speicher.

hm. ok ich glaube das kann ich mir schon selber beantworten. aber nur nochmal zur sicherheit :

Ich würde dann D: nicht ins Backup programm mit reinnehmen. das spielt keine allzu große rolle oder? hauptsächlich finden sich da die Steam Spiele drin wieder.

soweit so gut.
die Tipps werde ich mir noch genauer anschauen.

Passwörter werden dann auch erstmal geändert.

Tja. ich kann mich nurnochmal bedanken. finde ich ne sehr gute Idee mit dem Spenden, werde ich machen. Aber erstmal das dafür benutzte Passwort ändern.

Ich hätte mich sonst auch geschämt, ohne richtige gegenleistung, so eine kompetente, ausführliche, schnelle Hilfe in anspruch genommen zu haben.

aharonov · 03.03.2013, 16:59

Spiele und sonstige Programme würd ich nicht ins Backup reinnehmen, sondern nur (persönliche) Daten.

Freut mich, dass wir helfen konnten.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

Exploits, java Viren, Trojaner gefunden.

Log-Analyse und Auswertung: Exploits, java Viren, Trojaner gefunden.