|
Log-Analyse und Auswertung: Exploits, java Viren, Trojaner gefunden.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.02.2013, 21:45 | #1 |
| Exploits, java Viren, Trojaner gefunden. Salut. Vor zwei Tagen machte mein Mozilla Firefox zicken. nach dem starten(falls es das überhaupt gemacht hat) fror das Programm immer nach wenigen Sekunden ein. Das machte mich stutzig. funktionierte es doch grade noch. Nachdem Neustarten auch keine Linderung brachte habe ich den Task Manager geöffnet und mal geschaut. 2 Prozesse die ich nicht zuordnen konnte liefen. der eine lautete Woohqyyn der andere xozea.exe32 Ich habe beide aus dem autostart geschmissen und xozea.exe dann in den Papierkorb verfrachtet. ohne genau zu wissen ob das schädlich ist. Firefox lief daraufhin wieder. Unter Appdata/Roaming habe ich diese datei aufgefunden. änderungsdatum war da der zu dem Zeitpunkt aktuelle tag. Dann habe ich mir Malwarebytes runtergeladen. Der meldete dann einen Trojaner: C:\Users\Niklas\Downloads\d2a536_4e9f41d77e009\World of Goo Trainer +3.exe (HackTool.GamesCheat.Gen) Log im Anhang gefunden in einem trainer für ein Spiel. dessen download lag aber schon monate zurück. Dann am nächsten Tag Avira durchlaufen lassen. auf Anhieb fand er 16 Schädlinge. Siehe Log Heute 28.02.12 hat der Avira Echtzeitscanner dann nochmal was gefunden. die oben genannte xozea.exe "In der Datei 'C:\$RECYCLE.BIN\S-1-5-21-4029133945-3299104507-864066367-1000\$RQIW3FH\xozea.exe' wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Zbot.266240.74' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern" Weil ich die noch im Papierkorb hatte(inzwischen gelöscht) ? Hier die Datei Extras : zum hochladen leider zu groß OTL Extras logfile created on: 28.02.2013 19:45:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Niklas\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 9,15 Gb Available Physical Memory | 76,27% Memory free 23,98 Gb Paging File | 21,12 Gb Available in Paging File | 88,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 342,02 Gb Total Space | 56,14 Gb Free Space | 16,41% Space Free | Partition Type: NTFS Drive D: | 698,63 Gb Total Space | 429,45 Gb Free Space | 61,47% Space Free | Partition Type: NTFS Drive I: | 341,97 Gb Total Space | 341,86 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: FEY-PC | User Name: Niklas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05DC859B-768E-41DF-8993-B7ACA17867E3}" = lport=2869 | protocol=6 | dir=in | app=system | "{166873D3-96DC-4092-87CA-E69D2306B773}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1F058C90-F4C6-47C2-8A6A-C59538DA3BF5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{324840BE-A036-4C08-B5B8-008F55D88E89}" = lport=10243 | protocol=6 | dir=in | app=system | "{37712762-F489-453A-BAF9-6C815D95A1D0}" = rport=10243 | protocol=6 | dir=out | app=system | "{71176A3E-3D5E-4A40-8F12-C1C8FD82F6AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{746CF977-A600-48A3-8E43-47CDD83E4E59}" = lport=2869 | protocol=6 | dir=in | app=system | "{77640765-50D7-4E82-9D3F-1A147B0EC4C9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{8983382F-348D-4CB1-93CD-2D4ABF5A43A3}" = lport=25565 | protocol=6 | dir=in | name=minecraft | "{A7F78B55-EE3D-4148-A8EE-140C0100E00A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B0420F71-9DC8-4C5E-981A-C034B6DF7D2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DC02093D-F6E7-4D4B-ABA9-B84D25189096}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E45CE063-327B-4411-89F5-7B86302645AA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E8EE3536-1829-4CC9-B6CD-741936222EDA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{001AAA08-A302-4711-B634-A9D8E7D7F9BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{00F5430C-4D4E-4EC3-8611-F556909F62E5}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | "{019B5E46-4C32-4B06-A858-A5BCA70EC422}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{01B7060F-8F38-4926-80F8-A5F392176262}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "{029DEEC7-052E-469F-8009-A142A12B7A94}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | "{0455641F-1E6C-459B-A387-3FFF74FC514E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{0539D63D-71C2-47F7-A4FC-B9349778E317}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{05F9AFB6-A600-4651-88DE-EDAFD02A532E}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | "{06581039-5A27-4BC1-836C-BEDC5714D9B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\race driver 3\rd3.exe | "{074E9486-5DBB-4930-81BD-2C9F16BB02A4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | "{082278E2-CE4A-4D29-8389-0C8947F1E889}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe | "{089770D5-06F1-4E0E-90C5-72487AB7399E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{08B446C5-608B-4B72-8A44-4CA5B08E194E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | "{08D7F031-C7DE-46C9-A1C1-DEF5E9D19346}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{08E9F723-BEC0-4186-A3E3-51CEE1E240F2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | "{09EDFBAD-ADAD-4FDD-91BA-46E4E40349E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "{0BF11A9B-CD24-4F52-91DE-32B55D2E4332}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0C8A7B61-FD52-4FFB-A3AC-C73C5D0CEF86}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0CE45476-40E7-4EB2-9B54-15E60E0BFB41}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe | "{0CFC5332-28BF-44B3-B68A-896DC1C8B3A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid\grid.exe | "{0D311FDE-E6A0-4DCF-93C5-F60F43D0C72C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\driver san francisco\driver.exe | "{0D34FFC0-BB4F-40F5-893E-64B0433EA364}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | "{0EEB901F-79FF-4E42-8B38-D7D451F22478}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe | "{0F961D37-6EAF-4720-AE3F-782D31A348E6}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\half-life\hl.exe | "{0FE7FA3F-D488-4C21-8771-3A47A7CAC4E2}" = protocol=6 | dir=in | app=c:\program files\openclonk\clonk.exe | "{0FF099D6-4D60-439B-A5C8-EA7D3518E844}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{1053275D-ABAF-47CB-9FD4-2CA0B8241620}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | "{10A51093-8EB8-4787-9AC1-111EE9F2C8FC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | "{10ADF0E2-2BFC-48E4-9470-72E3AFDD828B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{11B5FA13-2F24-4B94-924B-C0D260C32ADA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | "{127C6CF2-BF90-444D-87C9-8C113EE8EA0B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{13B6675C-1FEE-4015-BC65-106F79391E26}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | "{14443737-A3FF-4ABE-AAEB-A183DC8F7FB9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{14B14236-9D62-496C-8479-7FDA3D191352}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\uplink\uplink.exe | "{15062162-4902-48E6-9CA0-0F7E1299D54D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{1668C338-16C5-4D15-90A1-830FD07BE312}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe | "{16E3708B-72E5-4E4E-B27D-CEA12BCCB156}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe | "{1854CDF9-99DF-4C21-897D-7ACCBC0DA716}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "{190AE9CA-46AC-408F-A7A4-B58206CED814}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe | "{1998CEE0-E1A0-4470-A2E9-41A724466209}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{1AC9E497-F2CE-4B54-A980-26EBFF8744E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cryostasis\cryostasis.exe | "{1B08C352-5DFC-425D-B8DC-A222AA0CE167}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | "{1C68F6B2-4A1B-4405-B22C-4FB40E69318D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe | "{1E9D2F77-2321-4AF8-AFCB-AA274744C791}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | "{1F63083E-468F-456E-9D56-294E1C2B5985}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe | "{1FD129D1-1A68-4136-9B24-0E7ED0349C6D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | "{1FD615E4-D219-4307-9714-87A6EF8A1707}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | "{1FFA8F03-EE4B-4404-9B65-246AD80E4822}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{202EAD9C-2AF4-4652-8F15-723668F0BC07}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe | "{20A7D668-971C-4129-A9F2-B4293CEF0E15}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | "{213B39BB-5FE5-4AA5-99D5-C3D7FDBA5376}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fuel\gamesetup.exe | "{215A5234-FCBB-439D-AC83-C37DA4F084C0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\half-life\hl.exe | "{21B4DCB7-EEE9-482D-8124-E125112BD6C0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spore\sporebinep1\sporeapp.exe | "{21FFECBD-7E61-4EB8-9852-19BA26830C20}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | "{2215D2B1-9736-4085-BB08-891221D07A99}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grid\grid.exe | "{22F9F6A6-677B-4884-8C18-E71209E4D068}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | "{23273D54-DDF6-4664-AD1F-624067EA8004}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | "{23F22A80-3128-412C-9B50-E89C211E9F9B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe | "{2596BF14-D6C1-4784-8E67-B28782CA414D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{26F07911-9E9D-474D-A76F-E87D5A84F249}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe | "{27AD33CC-A4EF-41DB-A784-B7982757E29A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | "{2964B674-7C52-41EB-945F-B239381BB2D9}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{2C3933FC-B7A2-4202-BE4B-1DA476D84D02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2C60C15A-FB8F-4367-BF75-D7ED49B12193}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\driver san francisco\driver.exe | "{2CC0F0C6-E2CC-406F-A657-6819C73E92FC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{2D316676-7CEB-48C9-83C5-41F4C4716B12}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{2D6AC3B2-3BE2-4C7C-97DF-868BCDE404C2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\race driver 3\rd3.exe | "{2E196B48-37B2-4540-BEE4-EECEBE8ECD40}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{2E225662-A2CB-4943-BC0C-F4319749AE17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{2F209233-0383-4DB8-A8DC-BE15EE19D23C}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{30C4AA47-3776-43A4-8ADD-9F891F7D4698}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fuel\gamesetup.exe | "{322B578C-3D4F-40EF-ABF3-A9130C57E9FE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | "{332A816E-45A8-4A25-B45F-DF8072E67224}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm | "{3368679B-67C4-4075-BA8E-8C8F3C84442A}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | "{3389ABBF-859B-4724-A21B-C801D1F31856}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe | "{33AE2FF9-9A0C-4148-B314-1DCBA34DDACB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{346C6121-428B-4C3D-BDEA-5206DDCC98BC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{3531E600-4CA9-4D10-8D4C-23AB411D09F8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | "{36549DEC-B2D7-47A7-AE11-35C4BDC31B83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | "{385615EC-AF01-4901-AF5D-79876953EDEB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\garrysmod\hl2.exe | "{38B2A945-3519-4003-BE30-B1178E75EB70}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | "{39996F5F-25E3-46B2-B09B-ECD87C66FC5F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grid\grid.exe | "{3B280A12-2648-4CB8-A83A-BBDF57630695}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{3BA18AAC-D0F6-4C3E-939D-6BA3E937C0FE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe | "{3CA0A659-BD33-40A8-B3B1-CA1A5EAB9411}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | "{3D4FB566-6F73-4464-AD4C-F144006CFD1F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{3EF71FA2-CE9C-4C95-ABDC-23B477827903}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | "{3F6FA0CD-0708-42CA-96DE-C0B033026AB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{405FDCF3-528C-4026-BB47-7752ECBB09A0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grid\grid.exe | "{408B112D-3C1C-4C94-B92D-B5F87EC9F2EC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\ghost master\ghost.exe | "{40C819F4-4920-45F8-9C6B-6CDB9AD101FE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | "{40FE5318-ADD3-40DF-8D87-8F496C20ABB9}" = protocol=6 | dir=in | app=d:\program files (x86)\fifa\fifa manager 13\manager13.exe | "{411BBEBC-9F29-402F-9646-76BC95E5F362}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe | "{4147FD88-5D47-4D0C-8A8D-B8C60F53AC19}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\stacking\stack.exe | "{41CE9B51-CD15-4D19-B94A-6B200F2954EB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe | "{424A7F5B-3A2B-4E3B-9135-510D2BAD489C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{4268A12F-BDC7-4987-9942-F63EDCC35F45}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe | "{437495D9-2078-488A-8EE1-CF0CA0D3D81C}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dead rising 2\deadrising2.exe | "{439233B3-B84D-4CFF-9D7D-4DA45673357C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{4396ACF9-7351-4FC4-9CD0-E8B54FD1900C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{444D1819-8975-48C7-AF12-5DAC004F7FC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{45489792-8860-43D6-9654-01E979364064}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{45A072B6-59CD-4CA1-83DA-D8BBE26F993E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{46232B4F-19C4-40A0-A8EF-071E1C93283D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\race driver 3\rd3.exe | "{46572FD2-E151-4648-A44A-6EDEFA22DEDC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4826A143-5ED6-4A7C-9C0E-8B449DC4A8A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | "{48976C65-1EF4-46B4-9521-47BB6A98D58B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe | "{4A431243-7DA1-4994-8A1D-77747DE17292}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\costume quest\cq.exe | "{4A5DB14A-A59F-48D2-AE4E-D08D202366BC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | "{4A913D78-3AC3-476F-A0FB-7BD1FC4012D8}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{4C7217CC-215F-4000-BDE7-249F06BDF999}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | "{4D5A00C0-4A81-4CFB-9E91-F9C0CC0E9336}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "{4DF5A1B0-3807-40BB-BA3E-BB4AC33792B6}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | "{4E8A5AAD-4377-4EF2-B44D-8F5F48919011}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe | "{4EB76C0E-37DF-4699-ADB0-D565FAE8BC91}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{4FF6D708-A28D-4721-A009-F06D75B4DA17}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe | "{4FF96F86-1D94-4E7C-BC15-58C92D60970E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{50046CAF-FEDA-4810-8102-A3100CA4366F}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "{50405D44-7223-4B54-B626-3CEE43A4DA4F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm | "{5092912C-BB36-4461-96B7-59B9E34912A1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe | "{522913F2-5092-477A-AB28-803E744B6F79}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | "{52D964F7-D987-4623-B076-5BD54B60E786}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | "{5473F213-4260-4A4F-BC46-151B5115BC5F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | "{54F9E344-D371-4B29-BDFC-3A0AC6052D54}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | "{55F5A5B4-3986-41B8-8B92-07FA52DDF82A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe | "{571E7547-427C-4B5E-82F9-86489F22FF70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | "{589263C4-2482-46A3-A5D8-D9FFDDE9A639}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe | "{58A4A606-0D41-4D19-A786-063FB80186E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{58FB031B-8E28-4E26-842C-5F5875931E6A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe | "{596B84C3-521B-4C62-A23A-9A4A73D90F06}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | "{5999B908-3625-460B-A7E0-83F458ECEA6F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\defcon\defcon.exe | "{59BD9AB3-B264-4032-B2B7-C856DEC2B4B1}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe | "{5A2DC787-163F-4FB3-B4B4-F58CADF73DC2}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{5ABF242B-19D1-4C67-8574-EB37F2DD5A58}" = protocol=17 | dir=in | app=c:\users\niklas\appdata\local\temp\update_f092.exe | "{5AE2C9BD-CF4A-4FD6-B8CE-5B9FD88D5309}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | "{5B020C34-F161-4FE4-AE4C-C96B79903E45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{5B49D057-A95B-45FA-A2C2-C1B9E2617237}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spore\runme.exe | "{5B9C1018-E62C-48AB-9A9B-37896A62B993}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\uplink\uplink.exe | "{5BB478CF-22D0-42D8-9E40-2ADF3B0E47A7}" = protocol=6 | dir=in | app=d:\program files (x86)\fifa\fifa 13\game\fifa13.exe | "{5C495286-D021-4C99-9C69-C2EAB2840A73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ghost master\ghost.exe | "{5C82D88D-B34F-4B46-879A-39DC5FD315D0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe | "{5D1AD4C3-0A00-4273-8832-60E01FC3E364}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt\dirt.exe | "{5E002F0B-BA15-4138-B65A-092ECB1F179D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | "{5E0C2EBF-4CA2-4741-9E11-E36C030BA22F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | "{60646E6C-5CC5-4128-91FA-8BDC10D6B8F9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | "{607898D5-2BD0-4BF5-9FCD-629DCA1C8C93}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "{609E9DD4-95BC-4790-B7B0-A49DB2E4D9A1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6130890D-846B-4266-9044-B4F4FDED605E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | "{6249CD40-DE2A-46F0-A96D-FD07DAFB05A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{6337130F-B712-4FE9-94D1-9538809D7EAE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe | "{641A22F8-B9CF-43B6-A941-2F23A1074D2C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{64307F01-24DB-4F08-BA0C-95B7395AA9DB}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | "{66E74BE8-5DDB-49FA-B710-D947CFC3749A}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{68461D0A-E0E2-4422-9645-92263984754A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | "{6978B6F3-7465-48C3-A794-D0160997C18C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | "{6AAF395D-344B-41C0-B9D7-364DA0EEFAC1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\race driver 3\rd3.exe | "{6B986B3F-1D4E-410E-90BC-3E55BC63F1DA}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "{6CA1FFEA-0FA0-49D7-A9D6-2F5EF203B59A}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fuel\gamesetup.exe | "{6CCF90BE-7039-4F13-B71C-2B0EAB1E2CC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\help.htm | "{6D036136-59F2-4089-9C83-7C65DA7FFC91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | "{6D45F52F-4365-4121-BAAC-B285E5634F32}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | "{6D556E39-98B7-4A58-A2CB-5C2FB4CA6010}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | "{6E51A24E-31D2-4AE9-8A9E-2BEE523BE988}" = protocol=17 | dir=in | app=c:\program files\openclonk\clonk.exe | "{6F5EBAA0-9924-43DB-B877-EDE1C93DE132}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe | "{6FEE9ACA-3DAA-4720-BE74-B042158604D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt\dirt.exe | "{6FFF11EA-EBF6-4ADB-B1B7-148F651A3555}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe | "{7017C635-8EB0-4901-AAD6-2D233C98977E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | "{70321928-329B-46F7-9172-CB27156B1265}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe | "{7099AA00-61DF-416E-807F-3974B14EED53}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe | "{71616063-ADDA-4834-BA18-09DBCEBC11AA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cryostasis\cryostasis.exe | "{71A78C65-62B5-49D5-BDD9-9CFBF55110D9}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | "{71E58BC6-E2F0-4A01-BE8B-FB802B7748CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid\grid.exe | "{72D09905-9441-48E8-9AEF-8FFD578FA06F}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{74A5CD2B-935A-479D-B3F2-F33F03603FCF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt\dirt.exe | "{7504FFED-DA6E-4EBA-A9E4-E38C5D3916D0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | "{75F27C21-865D-4D8C-A5F8-CEF8AE318588}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe | "{76C8C4AC-AC38-49FD-B1A7-3FB21CE910E1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{76F76332-69BD-413F-97B7-2B51DEB55856}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | "{77CEABE0-E017-4C7E-ADEA-EA87197F6CCE}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\dark messiah might and magic single player\mm.exe | "{78DDB48B-561B-42EF-BADF-DFBE6F5B2757}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{78FFC570-A32D-4340-9D54-2560FAA41FB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{7C3AFA70-4CB8-4F4C-AE9F-0A9D351DB54D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | "{7C88D3EC-9FBA-4F70-9A74-F2326DC5D895}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{7D08293B-89B5-418D-9BC7-C9C26BC8BA16}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | "{7D97590B-91AD-4D55-BF4E-66591ADA0766}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{7DC37220-912A-4898-ACD6-DF57AFD9D680}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | "{7EB00705-5119-4334-9123-901F3A9781CC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fuel\gamesetup.exe | "{7F1D72C3-3336-4797-8C02-4947545AB7F2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{7FACF95B-C904-4CC0-BFE3-636EE37D4DB6}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | "{7FD86D9E-AFEE-46AE-953E-6B5CF6B10195}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | "{80C042F4-2CB0-4C2D-A818-7D22F82CEEF5}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | "{80C93943-46BA-49FC-BD57-B7839DB76D94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | "{814CC2BA-BA84-4EEB-8872-BC66C58DA556}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | "{8169BC55-7E21-404E-A29B-81D6CBCF68F3}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe | "{832D586C-8E18-44CB-8695-CE9E9D4B0741}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | "{8570CEF4-2A4A-41DE-BFF0-96A88D568598}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{8589DD52-B859-4C54-AE8E-6AB4B97448F3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\moviemodule.exe | "{8604C9D1-14E2-47E7-8A42-6B2DAA0F9853}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{861C5018-FBF2-4236-ACFF-CAFE58FB38BD}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe | "{86560F93-3AEA-4789-957E-2D96BDE5F751}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe | "{86D1D39B-D30F-448F-8620-D6A92C48043A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{884744A7-99A4-47F2-AC04-830104F81415}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe | "{88E758D9-4281-48E5-A578-21972B156E2C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{89C7D9FA-0F78-4272-81B2-C264D6A25466}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | "{8A848731-CF90-4F6D-93F1-C213E2E8B501}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | "{8C331BF3-4C9D-40AC-B7A3-8F432B461F27}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cryostasis\cryostasis.exe | "{8C5864CD-57AF-42B7-AADB-F6EA49BE6DE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cryostasis\cryostasis.exe | "{8CDE510E-5FD9-4238-B690-5B1DB01EEE64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{8CE2C97D-FD58-4212-A232-FBF4FA76DDDB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8DD4978C-1017-4E78-B036-A9882CF3D34C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{8F1AE144-C341-4C20-ADFA-73DB175D863A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe | "{8F34AAAA-7160-4F77-967C-7018C5EDC537}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe | "{9025C295-45AC-4016-A872-9F46818B9EB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{90698C69-0E36-4B39-A5B2-8561E08405F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{90EEFEC5-4F8A-4512-8329-E577AAC08B94}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{9159CFB1-CD28-4070-BFCA-65508F61F2FA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\dark messiah might and magic single player\mm.exe | "{91723B09-429F-4BFD-93C8-AB02687A2677}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe | "{9248DABC-E865-4DDF-A6F2-873D71C51B84}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{92DA46D2-D67E-461C-B012-B1C33CFD2DB4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{92E4B13C-4CCB-4F19-870E-4137DFC34039}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe | "{933C1543-C0B1-4F13-843A-9ACC0719EA57}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{938B00F3-0F2C-4B79-91E3-BC76C756C8F0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{93E7BCFF-966D-47E6-B467-5C8C69902B95}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe | "{945C4696-C33C-41E6-AE31-CED056CA4CB7}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\dark messiah might and magic single player\mm.exe | "{94A4BB39-F2CF-471E-9345-57DA731EDAEB}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe | "{94BBEFDA-133C-46A9-A86D-741BCD8C2A19}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | "{9620BFE2-82F7-45EA-BE1F-C98D4C628FBE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{96C68B3F-3CF8-45F8-A494-E3B605417831}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{97806E2C-4C10-41C4-AB7D-51686A6E5E76}" = dir=in | app=d:\program files (x86)\cyberlink\powerdvd11\powerdvd11\powerdvd11.exe | "{991A1574-23F6-4FB6-A214-15756E4F4F64}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe | "{991EF976-E6D6-492E-804D-AAE914A46A59}" = dir=in | app=d:\program files (x86)\cyberlink\powerdvd11\powerdvd11\pdvd11serv.exe | "{99594536-7EE4-496E-A273-8E82329E0248}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9ACEB5FB-3982-43CD-B37C-9CADE47FAA12}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "{9B1061A8-C1A4-45B0-B1B6-A1856D459083}" = protocol=17 | dir=in | app=d:\program files (x86)\fifa\fifa manager 13 demo\manager13demo.exe | "{9BC5F3EF-E93E-4B6A-B6C8-38E032109FA6}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe | "{9C5B5618-B709-4090-9A09-C40D24A82962}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | "{9C8A8AAE-C1EC-4E7B-8CA9-8D81AA2EC4B6}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | "{9D2E6895-0DBC-4EC2-B236-418B60CE4585}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dead rising 2\deadrising2.exe | "{9D2EEB6E-1C99-4774-8F78-2A0D5778A000}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fuel\gamesetup.exe | "{9DA39D59-5851-45AB-A85F-7579A78853EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{9DF5E9FD-2E09-4025-B44B-91F3C63EF6DB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | "{9E6C6F1C-BA22-453C-805B-FCD5A04FB39B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | "{9EC6A1E2-92B2-4F1B-B39B-63FC0BC24828}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{9F3FE630-8165-428E-8A2A-FC5145206434}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A0DF638E-FE46-4508-8C08-F8CB09B594B3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{A18D2D82-6A3B-46C4-8288-E6164631BF73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe | "{A266C0A1-A785-4BCE-9F80-473862445DF5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\uplink\uplink.exe | "{A31955D1-78B7-488F-B590-7F1EEC759A11}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe | "{A37A7C5B-EF7B-4033-9B28-1EF710D883C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{A482CB91-6114-44AB-91A8-17F3672B84FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe | "{A541FE8E-4B80-4228-98AC-9D4339D78F05}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | "{A545347A-115E-48AB-B863-DBE23E5FECE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe | "{A55831D4-F7EA-4445-9D7D-2A646F9B6F96}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{A58718AE-7E4D-405B-9F64-6827A3913A6D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{A5B904B2-BDF2-42B8-95FE-E8D668F909F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe | "{A62A7BC7-BE37-4036-897C-5560CED7B112}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe | "{A62FD1C2-D42F-4F37-8656-61D62A5659BA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | "{A6541544-3535-43FD-BADA-D0D3AE06526F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A6747480-D774-42F2-BF41-E7A610DBC949}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\help.htm | "{A6B1C830-1F06-412C-B3C6-540CE48C0C60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | "{A7B93E92-3723-44AA-95AF-214570103A88}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe | "{A808CEFA-DB9B-4046-B66B-D94EF1D088EE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{A81DB4B9-2960-465C-AF8B-DF0FA4DA77BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A92C7194-7304-42E2-9DF2-35229455B5A1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | "{ABF79DBD-687E-4CB8-BCE9-6F6F016A1CEF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\half-life\hl.exe | "{AE931E1F-53B3-4C1F-A54F-A206A668DB17}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\ghost master\ghost.exe | "{B00FCFBE-8205-4D22-992F-A9BF900A6970}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{B03E6B41-F506-4B66-9741-3C1D2339345D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\dark messiah might and magic single player\mm.exe | "{B0850F2B-A2C0-48F4-9683-C8290532525E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | "{B098C846-D74B-42FA-9C4B-3E5AB7B28B9E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{B1C40C1E-20A0-4F02-B836-8CE0A89D1962}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | "{B253B5F9-8574-4935-B980-4AC91278171B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cryostasis\cryostasis.exe | "{B2C8DA3B-6291-48F2-A10E-2FC2DF0BEC04}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{B4021890-7583-4FB5-829F-6F2121F0FF3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe | "{B47DBEAD-824D-4E0F-95FF-7FB85044F0E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{B49A1578-C928-44B0-95BA-328E9B2BC8A1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{B64B4E1E-7E48-44CA-84D1-BB1823EA7592}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe | "{B6631E66-24BB-42BA-B1CE-EE2C6E48D678}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe | "{B6A0B563-CA18-4F69-898C-96C0AB9FE218}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{B7405182-AD1D-4E48-8DBB-9BC7FF7C8E28}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | "{B7785E8B-2C8A-4A77-8B46-7C5A97955617}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{B7CCF0C0-8C5A-442C-A76D-1D17FC937850}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe | "{B87630BE-BDA0-40C0-A063-2422BA433750}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fuel\gamesetup.exe | "{B98F6B31-8F2D-4CFB-9752-77EAEC66E0E4}" = protocol=17 | dir=in | app=d:\program files (x86)\fifa\fifa manager 13\manager13.exe | "{B9CBD22F-52B7-48D2-8DF7-AE6D4A55AD2C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{BA3C5470-588F-4BBE-A48E-2E8CB7F8A04D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe | "{BA429B14-5170-4EC7-84CB-92253FA2D3A3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BAC04F3D-D334-41AA-9E17-5FCD7E2957E1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{BB17CC95-C222-4955-A3D3-A90BA30F5928}" = dir=in | app=d:\program files (x86)\cyberlink\powerdvd11\powerdvd11\movie\moviemodule.exe | "{BB63B9D2-6643-4063-A63C-59D61A0A92C6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | "{BBE6832C-BB0B-4A14-9413-87175956FAC1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe | "{BCBB9E18-08BF-4C57-8EDF-7F957AA2200A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | "{BDCA73AF-D69C-49AA-8D68-E428F4C35800}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{BDD197D1-8761-4B06-BA6D-4AFC50A28C05}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\garrysmod\hl2.exe | "{BF577A49-425D-45E8-94AD-9566DA0F6B5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\help.htm | "{BF83362A-C637-486B-9E79-5F1F123754DD}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{BFA64CAA-E845-4966-8D58-484577292E48}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | "{C16C6C2D-B424-4144-A9E0-3763A74AF0EC}" = protocol=6 | dir=out | app=system | "{C21C38F5-1192-4CED-BD19-84BE32B6ACF7}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | "{C3AC605F-98AF-4071-B17D-F1985E2EAC95}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | "{C4409269-C4EC-4B67-BB99-FABC32F3CF89}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe | "{C4AEF974-6EFE-4EB1-8989-05EB82474DF9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | "{C4CA0855-B9FE-46D8-9E2F-D2983CC0DE05}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | "{C4EBA5FA-158E-472E-BCF4-86E2694E06BB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\half-life\hl.exe | "{C545B07D-216B-47DC-9060-68F17BE16DFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe | "{C549A5B5-B678-4283-8EEF-631AC8CC1944}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | "{C54B3BA6-E6DF-49B0-8D85-5F3AC77BE769}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | "{C736B716-C29D-45EE-941C-511FFD761AB0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\garrysmod\hl2.exe | "{C762D5D7-6D26-472B-9742-412B0C7CC198}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\race driver 3\rd3.exe | "{C8606F19-7D8E-4856-B768-184FE7406A3E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\stacking\stack.exe | "{C8F256DB-4781-40E3-B961-54E0369FE088}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe | "{CA688D55-F0E3-438A-80B7-A4BD2427D3F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe | "{CBF85894-27F6-4965-BDF8-FE496CF64E12}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt\dirt.exe | "{CCF8A718-5B0D-4628-A475-5715D4B2C587}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\race driver 3\rd3.exe | "{CDB1DFB3-0DD5-4568-9111-DBA66A2C386A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\launcher.exe | "{CF756F56-1B99-4F81-8A0A-7ABFA6575AA5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{D0B491E0-5A61-4892-815C-FD3F275BE461}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | "{D0F2A967-6B69-4FC0-95ED-4E4051CA1D97}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{D15E747F-0BB7-4123-BFDD-B3D3E24FE88F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | "{D179B8AD-6CEC-47FE-BABC-CF382800BB95}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "{D3D77462-7584-4D6A-9B9D-0DC35DD641F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{D4A34856-2683-4EC2-AE30-E46D609C3C8B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "{D4CE612B-160B-4F7F-B654-AC6E086B9C31}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spore\runme.exe | "{D55D7737-AF5E-4CEF-9727-FB4A982DF8ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | "{D6BC73CA-4788-49AB-A6F9-08A6C938BB37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ghost master\ghost.exe | "{D7C08443-558F-48C9-9940-3193B4853393}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{D824F387-2815-4EC5-81C7-44ACC300BD70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | "{DA7DC3E3-CEF1-49D3-B320-BB368EE5F85B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{DAF0B4CB-5456-4165-9ECB-A63F04A1EB05}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | "{DCD865D9-52C3-4D46-9E81-CA116A74C578}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{DCE05267-97C0-46B0-9CB9-EC2380335551}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | "{DCE9E013-FB0C-4C49-BA54-F43E77E085FF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spore\sporebinep1\sporeapp.exe | "{DD1A42CD-E190-422B-A5F5-9ED6EECDCA51}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | "{DD33144E-8810-4E5C-A6F3-7FDBA5E0F9C9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe | "{DD84CA44-2350-4521-9DF2-5A1E663FB59C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | "{DE23C9AC-A02C-418D-A215-F6110141FE58}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{DF68811D-A993-421A-ADAE-9D95E79BF74C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\help.htm | "{DF9606CF-6C48-4DFE-9B89-7AF36DF282EA}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{E0824F1D-B931-4793-AA98-BB32B20EDB6F}" = dir=in | app=d:\program files (x86)\cyberlink\powerdvd11\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | "{E152D157-327F-494A-9501-D7AF4AFB98FF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "{E175704E-5D5E-4F8D-9EEC-104E0E127983}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe | "{E243B75B-37D3-4C50-B813-6176BC21CF30}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | "{E27DA7E8-53B7-44D2-9AEA-326BFA76A1EF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | "{E2D4B4CF-9C48-4434-BDE0-70F7A01B444F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{E338B5D1-A409-48A8-8E05-0FBE34ACEFB1}" = dir=in | app=d:\program files (x86)\cyberlink\powerdvd11\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | "{E417C3FC-E3E8-4743-A051-A9A85BA102E4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{E8BE9ECD-11A9-4202-8235-3EB1E1097C79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe | "{E9D842A3-88DC-430B-BF44-7FB3DDFABD96}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{EB04E33E-4DD4-47D3-AA83-1AA07AFD04C3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{ED7D4C15-93CB-4D13-9A10-A5E147F6ED78}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe | "{EEAA068C-B940-481D-9DA9-6CB5903BF21A}" = protocol=6 | dir=in | app=d:\program files (x86)\fifa\fifa manager 13 demo\manager13demo.exe | "{EF2011C7-67EC-4A21-B79E-B7C3FC8DAD91}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cryostasis\cryostasis.exe | "{F0252BD4-583D-46EE-9FB1-E2796207D83A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | "{F036309B-E949-4E33-BF14-FA9E40E1AE6A}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{F11441A1-CB4F-4F94-8B66-44905A8EE11A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{F2162758-1AF5-4F7D-B9FF-11586A35DF41}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe | "{F3503621-BCC9-43D9-951A-EE4F228D8789}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe | "{F36C796C-04B8-4CF9-AB16-78FC9925363C}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe | "{F3B0C80E-545E-4A7F-9CDD-6E776FEA4F4D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\defcon\defcon.exe | "{F4173463-9B37-468F-9122-2E94EDAF33BF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\costume quest\cq.exe | "{F46C207C-20B8-4043-B29B-576BCFF4C45A}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe | "{F495E216-CE1C-4C9D-B88E-72C761F55B9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{F499982D-4183-471F-B541-5A706C2C1998}" = protocol=17 | dir=in | app=d:\program files (x86)\fifa\fifa 13\game\fifa13.exe | "{F62FA6DC-82F8-44D9-81B3-13C1E650EE42}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | "{F9290AA6-7BEC-4CE4-BC2D-1A3B1C2F47F0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\verwinkelt\garrysmod\hl2.exe | "{F9CA4913-D297-44F3-97C6-50DFC0ACECB9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{F9EA48D7-D87A-4E42-80B9-C1E5229D0BF1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe | "{FAAD3DCF-031E-4EA7-94B6-72B8026E3C2A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{FAAF9792-4F4E-40C6-9AB0-7B2387EA1CC3}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe | "{FB13340E-85DA-498D-886F-7CA2980D1493}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{FBE92A9B-A643-4ACC-849F-DCD873432556}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grid\grid.exe | "{FE73CA7A-7C17-437F-8ACC-0B89BC083205}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "{FEB209B7-3420-401F-A9BB-750F2E14FC37}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{FED7EA7F-887D-49A6-B35A-9F0096F4603D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | "{FF151426-AC1C-4355-8ECA-BE5A61A24AF1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{FF437291-8BE6-48A4-A665-2651F0C9461D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\uplink\uplink.exe | "{FFCD8CB9-6DBF-40DD-8FDA-E660EA2AC3D9}" = protocol=6 | dir=in | app=c:\users\niklas\appdata\local\temp\update_f092.exe | "TCP Query User{08670DB9-D946-43AE-8416-4C9C6F0A5439}D:\program files (x86)\steam\steamapps\common\gta iv san andreas\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\gta iv san andreas\gtaiv\gtaiv.exe | "TCP Query User{09F6CA9C-B1E6-4347-9B8C-750E39E1FBFC}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | "TCP Query User{0A3AEB56-2F0E-40E5-8E70-7E40B6596CC7}C:\program files (x86)\1c company\13th century - death or glory\editor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\editor.exe | "TCP Query User{0F805DAA-9BFA-47BE-A247-7C03497E4C3D}C:\program files (x86)\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe | "TCP Query User{19441134-042B-47FE-8D72-20D4F14AF026}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{226FAB2A-A454-4840-A79F-2D9616B4C94B}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "TCP Query User{26F948D0-B739-4166-BD7D-F762A9C96D99}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | "TCP Query User{38A3597B-34F0-4638-906D-C58C986F9CAF}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | "TCP Query User{3C30E529-6702-4CCE-B3CB-73C5A868F73D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{3DF0481A-663E-4B81-A0DC-318A6C4DF61C}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | "TCP Query User{3F21D474-510C-4EDD-A0E9-CFDAAA935A38}D:\program files (x86)\fallout3\fallout3ng.exe" = protocol=6 | dir=in | app=d:\program files (x86)\fallout3\fallout3ng.exe | "TCP Query User{409A9EC1-5D60-4BD9-B77F-F964B7F4DB1D}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "TCP Query User{46D2735E-E5AE-4840-97A1-7AFD0DF04031}D:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\fouc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\fouc.exe | "TCP Query User{483025A7-AD11-43C2-853C-D45B14322EC8}C:\program files (x86)\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa online\nfe.exe | "TCP Query User{50B7B669-F3B1-4906-8BE1-FFC52023A23A}C:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe | "TCP Query User{55E589B6-8D8A-45C0-A3FA-E53249FA8F78}C:\users\niklas\appdata\roaming\vaez\xozea.exe" = protocol=6 | dir=in | app=c:\users\niklas\appdata\roaming\vaez\xozea.exe | "TCP Query User{55F153A1-7B40-4CDA-910F-92A70262C90D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{5738A0BC-DCAD-4BE4-9426-A6E2612F85E0}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe | "TCP Query User{57D2361E-7EB8-4231-832C-853DD3F7BEBB}C:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 10\manager10.exe | "TCP Query User{588BC730-3B6D-472C-84B4-F3A3F20D6F47}D:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe | "TCP Query User{605395F6-2FCE-44B2-97F6-4DC868032267}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{6261B895-FAE0-4FB9-A536-6AB5E969CD84}C:\program files (x86)\1c company\13th century - death or glory\engine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\engine.exe | "TCP Query User{638BE8CB-1579-4BEE-8441-CFA07C7BFB3E}D:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | "TCP Query User{6867A026-FA27-4D6C-9603-784333938CE6}C:\program files (x86)\ea sports\fussball manager 12\manager12.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 12\manager12.exe | "TCP Query User{6ACBC5D0-AB30-4DE4-81D6-9B77E3C6C412}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | "TCP Query User{71049A0B-4AA0-4DCF-B84F-CE8B7EF1963D}C:\program files (x86)\steam\steamapps\common\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe | "TCP Query User{71917923-DBFA-4058-8C3D-1431BA5892D1}D:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe | "TCP Query User{7C514155-166A-46FF-8F68-47CDB4EB9B4C}D:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe | "TCP Query User{7E4C7B38-36F6-43C9-92C7-F15775F0F1A0}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe | "TCP Query User{879016EF-642A-4E3E-B943-0F540552C835}C:\users\niklas\appdata\local\temp\rar$ex00.544\volley.exe" = protocol=6 | dir=in | app=c:\users\niklas\appdata\local\temp\rar$ex00.544\volley.exe | "TCP Query User{8C9F1B84-F1DC-405B-9BDD-9A8429006DF0}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe | "TCP Query User{A016FC6F-1EF9-4CC8-ACA2-BBAEE12E8E5B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "TCP Query User{A1E7AA22-0730-4EC5-828F-65EAE89474B3}C:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe | "TCP Query User{A85C632C-D9D0-4B57-9EB0-46BEF35EDD93}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{A9A261B6-5872-415A-BF3B-750FA6611B60}C:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe | "TCP Query User{B5588EA9-AADB-4EEC-BC98-86D4B0193D2D}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | "TCP Query User{BA48B815-60FC-4FEB-B9BF-1385CDB2C0E9}C:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe | "TCP Query User{C0DEF9C7-6F92-41C4-8277-B11C269C01AD}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{C11E9F74-79EE-4787-BD57-673D6D0353E1}G:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=g:\world of warcraft\launcher.exe | "TCP Query User{C3D80CCB-0643-47DE-96CE-D72F1F777244}C:\program files (x86)\steam\steamapps\common\altitude\altitude.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\altitude\altitude.exe | "TCP Query User{D19079C8-1EE7-425F-A7D8-153C7F088ED9}C:\program files (x86)\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa online\nfe.exe | "TCP Query User{D2B0E013-AA81-42BD-8076-4FE43B0D538A}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | "TCP Query User{D8FFAE3C-A34A-4B85-AB01-F85026468BA2}C:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe | "TCP Query User{D9FD1BA7-842D-4EAA-B5F7-EF93D4E770D3}D:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | "TCP Query User{E40B48A8-6D2D-42B8-9B49-A8B6E14E1C29}D:\program files (x86)\fallout3\fallout3ng.exe" = protocol=6 | dir=in | app=d:\program files (x86)\fallout3\fallout3ng.exe | "TCP Query User{E49ADC9B-EE65-4044-957D-168B6962742B}C:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe | "TCP Query User{EBE32898-5FA4-4BFC-B6B7-8CA25FBA721E}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "TCP Query User{EF5D4689-BB0A-4E93-925D-18C455F26077}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe | "TCP Query User{F6351BD3-98A0-4D17-AA9A-7386C9DE57A9}C:\program files (x86)\bohemia interactive\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "TCP Query User{F73996D6-CA58-4E01-8FFC-5E428F73FEBE}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | "TCP Query User{F9C28359-745E-4462-87A2-6E118DB3219F}C:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "TCP Query User{FB989512-BE74-4975-8F66-2A58BD80135E}C:\program files (x86)\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\empire interactive\flatout2\flatout2.exe | "TCP Query User{FD7ED8B7-F63A-4EC9-900F-B15B254205D2}D:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe | "UDP Query User{019DB94D-C0D5-4FA9-B7A8-9D5F3BE7A9DE}C:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 10\manager10.exe | "UDP Query User{03860107-89F3-4EAF-B77A-24E02FB2BB3C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "UDP Query User{07E59667-B3A4-40BD-BA8E-4D6EE15148D2}D:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\fouc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\flatout ultimate carnage\fouc.exe | "UDP Query User{115898EE-1B07-4DBC-920F-0403A437A205}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe | "UDP Query User{124C45A8-BB3D-44CF-8D9F-7D9A26102CAB}C:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe | "UDP Query User{14EB11B0-B442-4CC8-9794-375D584C7102}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{1B942EE7-16F9-4B99-ACB1-4DEB3C4681D7}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{2896EA63-EE78-408B-AA67-32FF65AEBAE6}C:\program files (x86)\1c company\13th century - death or glory\engine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\engine.exe | "UDP Query User{2C883B72-8D18-4DAF-801C-BEE525FBD706}C:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe | "UDP Query User{373D96DC-F08F-4AB2-AA5D-912E5640192F}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | "UDP Query User{3BE77DD8-F35C-42E9-ADB7-77C77058F0BB}C:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe | "UDP Query User{3EC41689-197D-4A9B-8E64-E39C40A6B815}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | "UDP Query User{3ECCBA9A-A6F5-4F51-89AB-466EB20966C4}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | "UDP Query User{4334459E-B72F-49F6-A046-ABEAF44D668A}C:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "UDP Query User{45E41582-EA33-4E61-975B-6AA071F2F45C}C:\program files (x86)\ea sports\fussball manager 12\manager12.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 12\manager12.exe | "UDP Query User{475EE524-DA97-41B6-8D6B-54E2D00ED99F}D:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe | "UDP Query User{4A0AAD50-DAE6-4EC1-A1C2-5911AE604177}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | "UDP Query User{4D663208-8C7F-4AC4-9429-3B783A9885E0}C:\program files (x86)\bohemia interactive\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "UDP Query User{4DEB0BA5-2CD8-4FA8-B140-D5F48AFD17F0}C:\program files (x86)\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa online\nfe.exe | "UDP Query User{5CB4C269-93B8-4761-8D2F-5880019E4227}D:\program files (x86)\steam\steamapps\common\gta iv san andreas\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\gta iv san andreas\gtaiv\gtaiv.exe | "UDP Query User{60018E5F-9C10-49D3-8C11-74F3F4A2330F}C:\program files (x86)\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa online\nfe.exe | "UDP Query User{6A5EE8DD-C53B-41CE-AFAB-FF8A6DA83ACC}D:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | "UDP Query User{6FD16FAD-9C2B-475B-9120-59657EF59330}D:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe | "UDP Query User{72A662D9-E55F-43DB-9D17-3252CE719C8C}C:\program files (x86)\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe | "UDP Query User{7F7797D6-701B-49DB-9683-44E46881B4D7}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "UDP Query User{81391F8E-EFFF-4FB1-A3A9-24BD5A80600C}C:\users\niklas\appdata\roaming\vaez\xozea.exe" = protocol=17 | dir=in | app=c:\users\niklas\appdata\roaming\vaez\xozea.exe | "UDP Query User{88D29EFF-9D3D-4B19-B087-3A13B59D8FE4}C:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe | "UDP Query User{892A53F1-4BA2-4EA5-85C6-1E95B1E44352}C:\program files (x86)\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\empire interactive\flatout2\flatout2.exe | "UDP Query User{8B8E5137-084E-426C-9A13-293707EA306F}C:\users\niklas\appdata\local\temp\rar$ex00.544\volley.exe" = protocol=17 | dir=in | app=c:\users\niklas\appdata\local\temp\rar$ex00.544\volley.exe | "UDP Query User{8CD5CFCD-398E-4D9A-8878-4923AD04A997}G:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=g:\world of warcraft\launcher.exe | "UDP Query User{8ED5BAE1-EBF9-4462-B58C-23CE804A8CC6}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | "UDP Query User{97B251A0-47CB-4C93-B489-34EFCB54B75F}C:\program files (x86)\steam\steamapps\common\altitude\altitude.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\altitude\altitude.exe | "UDP Query User{9AFA8953-2A25-4289-B32D-9282E5E54B98}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe | "UDP Query User{9BCD7CE1-C894-4BC3-A25D-E619AB71FCD7}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | "UDP Query User{A7C1A72A-FE23-4649-917D-F1C448F0A53C}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe | "UDP Query User{A8060751-CA1D-4983-84C8-987E1BAD9DB4}D:\program files (x86)\fallout3\fallout3ng.exe" = protocol=17 | dir=in | app=d:\program files (x86)\fallout3\fallout3ng.exe | "UDP Query User{AC95F26B-D559-4EC3-81E3-B46353FB7D0C}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "UDP Query User{AE616601-0D29-432D-9104-96AB99D1AADC}D:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe | "UDP Query User{B66827DB-1326-491A-A889-0C65EEB442EE}C:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe | "UDP Query User{B75FD0EE-49E4-4505-AEF2-1292700ACE36}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{C2C82B88-7B15-4A6A-87CE-93533A1F16FA}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{C472D016-CAE7-4471-B02F-B0EF6D68BA7B}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe | "UDP Query User{C692BC30-C1D2-4DE0-8C5E-06D1FF8424BE}C:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe | "UDP Query User{CC6C1FB3-592A-4533-87D5-375DD19F5492}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | "UDP Query User{E317E58C-EFC5-4D20-B7DF-C34B1FAEEEB6}D:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe | "UDP Query User{E4F3FA83-EEC4-4258-86D8-651BF90E9B25}C:\program files (x86)\steam\steamapps\common\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe | "UDP Query User{E74204FD-FA9B-46F9-929A-FF558394DC1B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{E79EECAD-6B95-4E76-862C-EC768964A3B3}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "UDP Query User{E8278496-8343-4E47-A95E-CBC6CC73E444}D:\program files (x86)\fallout3\fallout3ng.exe" = protocol=17 | dir=in | app=d:\program files (x86)\fallout3\fallout3ng.exe | "UDP Query User{EAC7B4B3-76ED-4919-A84D-0599B1AC674D}D:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | "UDP Query User{F084FF8C-E2F9-4025-8C1A-9A81DDFC638C}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | "UDP Query User{F2B5C0AF-9443-4E0F-97E5-A0CDAFD7F825}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "UDP Query User{FE102076-7609-4B51-A256-0B8E4FD99C59}C:\program files (x86)\1c company\13th century - death or glory\editor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\editor.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour "{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Explorer Suite_is1" = Explorer Suite III "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "PROSetDX" = Intel(R) Network Connections 13.1.33.0 "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.113.08260 "{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit "{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1 "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21 "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0 "{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater "{2EF0D7ED-F944-4E0D-AC78-7DA00C0B81E4}_is1" = Penumbra Overture "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{39A409D2-F7DF-4D52-B7F9-5E397A92B130}" = Belkin N1 Wireless USB Adapter Setup "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD "{4343080E-448E-4E2C-B27F-B91000018201}" = Dead Rising 2 "{434D0FA1-A4CC-401A-9E74-621000028101}" = F1 2011 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1 "{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{574E78B1-E6B0-45A1-9BCE-E0906F572583}_is1" = RetroCopy64 version 0.960 "{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher "{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™ "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5EF44D3A-E86E-434C-8418-71E277C565DF}" = TP-LINK Wireless Client Utility "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go "{7AF3D8F2-B2C2-4F8B-AFA4-C90001F56B1A}" = Bastion "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13 "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8599586F-3527-4C42-94FC-FCD0F8A6C91B}" = FUSSBALL MANAGER 13 Demo "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{986222E8-C018-4DA2-94BC-9B796A5A75A5}" = NetTaskAgent "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A16C577F-71FC-46CC-882F-09BF6495F6EA}" = Acer web camera "{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine "{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3 "{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game "{D3CA6F11-EE65-4A69-A8C4-B8099ECFEB36}" = GTA IV: San Andreas "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E8650C8D-CCB2-496E-816C-ECC54A7EE411}" = Civilization III Play the World "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician "{FA8E7AF5-C70E-3274-9740-9E697FBD5BB7}" = Microsoft Primary Interoperability Assemblies 2010 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "A New Zero" = A New Zero "AC3Filter_is1" = AC3Filter 1.62b "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ArmA 2" = ArmA 2 Uninstall "ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall "AVerMedia A835 USB TV Tuner" = AVerMedia A835 USB TV Tuner 8.0.64.43 "Avira AntiVir Desktop" = Avira Free Antivirus "BattlEye" = BattlEye Uninstall "BattlEye A2 Free" = BattlEye (A2Free) Uninstall "BattlEye for A2" = BattlEye Uninstall "BattlEye for OA" = BattlEye for OA Uninstall "Braid_is1" = Braid (Version 1.015) "CCleaner" = CCleaner "CorsixTH" = CorsixTH 0.01 "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "Eufloria_is1" = Eufloria v2.04 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Found Screensaver 2" = Found Screensaver 2 Screensaver "Fraps" = Fraps "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4 "Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 2.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32 "GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen) "Herrscher des Olymp - Zeus" = Herrscher des Olymp - Zeus "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "IrfanView" = IrfanView (remove only) "KeePass Password Safe_is1" = KeePass Password Safe 1.24 "MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D) "MAGIX Fotobuch" = MAGIX Fotobuch 3.6 "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D) "MAGIX Xtreme Foto & Grafik Designer 2 D" = MAGIX Xtreme Foto & Grafik Designer 2 3.0.0.16 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Messenger Plus!" = Messenger Plus! 5 "Messenger Plus! Live" = Messenger Plus! Live "Mgeni" = Mgeni Snapshot (10-22-2009) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mobile Partner" = Mobile Partner "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de) "Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Network Security Task Manager" = Network Security Taskmanager 1.5 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "Origin" = Origin "phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.4 "Picasa 3" = Picasa 3 "PunkBusterSvc" = PunkBuster Services "Radiotracker_is1" = Radiotracker 3.0.62.0 "RivaTuner" = RivaTuner v2.09 "SCANIA Truck Driving Simulator" = SCANIA Truck Driving Simulator 1.0.0 "Software Informer_is1" = Software Informer 1.0 BETA "SopCast" = SopCast 3.4.8 "SpeedFan" = SpeedFan (remove only) "Steam App 105400" = Fable III "Steam App 105450" = Age of Empires® III: Complete Collection "Steam App 105600" = Terraria "Steam App 107400" = ARMA 2: Free "Steam App 115100" = Costume Quest "Steam App 115110" = Stacking "Steam App 12210" = Grand Theft Auto IV "Steam App 130" = Half-Life: Blue Shift "Steam App 17390" = Spore "Steam App 17410" = Mirror's Edge "Steam App 17440" = Spore: Creepy & Cute Parts Pack "Steam App 204030" = Fable - The Lost Chapters "Steam App 207170" = Legend of Grimrock "Steam App 218" = Source SDK Base 2007 "Steam App 219740" = Don't Starve "Steam App 22200" = Zeno Clash "Steam App 24720" = Spore: Galactic Adventures "Steam App 32370" = Star Wars: Knights of the Old Republic "Steam App 33440" = Driver San Francisco "Steam App 33460" = From Dust "Steam App 33910" = ARMA 2 "Steam App 33930" = ARMA 2: Operation Arrowhead "Steam App 35720" = Trine 2 "Steam App 4000" = Garry's Mod "Steam App 40800" = Super Meat Boy "Steam App 45740" = Dead Rising 2 "Steam App 50" = Half-Life: Opposing Force "Steam App 50000" = Nimbus "Steam App 50130" = Mafia II "Steam App 6200" = Ghost Master "Steam App 63500" = Swords and Soldiers HD "Steam App 70" = Half-Life "Steam App 72200" = Universe Sandbox "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 8930" = Sid Meier's Civilization V "SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010) "SystemRequirementsLab" = System Requirements Lab "The Void_is1" = The Void "UltraStar Deluxe" = UltraStar Deluxe "Uninstall_is1" = Uninstall 1.0.0.1 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "Zattoo4" = Zattoo4 4.0.5 "ZMBV" = Zip Motion Block Video codec (Remove Only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg "soe-PlanetSide 2 PSG" = PlanetSide 2 "Square Enix Secure Launcher" = Square Enix Secure Launcher "UnityWebPlayer" = Unity Web Player "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.02.2013 07:06:16 | Computer Name = Fey-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 26.02.2013 07:08:44 | Computer Name = Fey-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\phonostar-player\phonostar.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 26.02.2013 07:33:12 | Computer Name = Fey-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2013 18:56:41 | Computer Name = Fey-PC | Source = MsiInstaller | ID = 11321 Description = Error - 26.02.2013 18:56:42 | Computer Name = Fey-PC | Source = MsiInstaller | ID = 1024 Description = Error - 26.02.2013 18:56:42 | Computer Name = Fey-PC | Source = MsiInstaller | ID = 1024 Description = Error - 26.02.2013 18:56:42 | Computer Name = Fey-PC | Source = MsiInstaller | ID = 1024 Description = Error - 27.02.2013 05:52:20 | Computer Name = Fey-PC | Source = WinMgmt | ID = 10 Description = Error - 27.02.2013 13:58:23 | Computer Name = Fey-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 27.02.2013 13:59:20 | Computer Name = Fey-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\phonostar-player\phonostar.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 27.02.2013 17:36:53 | Computer Name = Fey-PC | Source = WinMgmt | ID = 10 Description = Error - 28.02.2013 08:30:46 | Computer Name = Fey-PC | Source = WinMgmt | ID = 10 Description = Error - 28.02.2013 13:31:54 | Computer Name = Fey-PC | Source = NetTaskAgent | ID = 356 Description = Error - 28.02.2013 14:45:03 | Computer Name = Fey-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.697, Zeitstempel: 0x506b3bc0 Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.697, Zeitstempel: 0x506b3bc0 Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000153481 ID des fehlerhaften Prozesses: 0xe24 Startzeit der fehlerhaften Anwendung: 0x01ce15af662341e4 Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Pfad des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Berichtskennung: f5cb0797-81d6-11e2-8c00-00226867fde3 [ Media Center Events ] Error - 24.01.2010 18:44:54 | Computer Name = Fey-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 31.01.2010 23:34:41 | Computer Name = Fey-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 26.02.2013 07:33:49 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 26.02.2013 07:33:49 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 27.02.2013 05:53:08 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 27.02.2013 05:53:08 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 27.02.2013 17:37:47 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 27.02.2013 17:37:47 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 28.02.2013 08:31:51 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 28.02.2013 08:31:51 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 28.02.2013 14:45:02 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 28.02.2013 14:45:02 | Computer Name = Fey-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > |
28.02.2013, 23:26 | #2 | |
/// TB-Ausbilder | Exploits, java Viren, Trojaner gefunden. Hallo verwinkelt und
__________________Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist. Hinweise zum Ablauf
Schauen wir mal: (Die Logfiles bitte nicht anhängen, sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].) Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ |
01.03.2013, 00:16 | #3 |
| Exploits, java Viren, Trojaner gefunden. Hallo leo !
__________________Log von OTL Code:
ATTFilter OTL logfile created on: 01.03.2013 00:03:51 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = c:\users\niklas\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 9,25 Gb Available Physical Memory | 77,12% Memory free 23,98 Gb Paging File | 21,36 Gb Available in Paging File | 89,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 342,02 Gb Total Space | 57,22 Gb Free Space | 16,73% Space Free | Partition Type: NTFS Drive D: | 698,63 Gb Total Space | 429,45 Gb Free Space | 61,47% Space Free | Partition Type: NTFS Drive E: | 43,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive I: | 341,97 Gb Total Space | 341,86 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: FEY-PC | User Name: Niklas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.28 19:36:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\users\niklas\Downloads\OTL.exe PRC - [2013.02.27 02:33:10 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe PRC - [2013.02.21 11:32:25 | 003,494,992 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe PRC - [2013.02.20 13:47:00 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.19 08:45:35 | 000,374,560 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe PRC - [2012.09.19 08:45:35 | 000,295,440 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe PRC - [2012.09.19 08:45:30 | 000,078,352 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe PRC - [2012.09.19 08:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe PRC - [2012.08.08 19:16:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 16:56:41 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe PRC - [2012.05.08 16:56:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 16:56:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.20 13:59:34 | 000,271,224 | ---- | M] (Neuber Software GmbH, www.neuber.com) -- C:\Windows\SysWOW64\NetTaskAgent.exe PRC - [2010.12.15 02:59:17 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2009.10.09 12:11:19 | 000,389,120 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe PRC - [2009.07.31 20:06:24 | 000,155,648 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe PRC - [2009.06.19 10:31:38 | 000,651,264 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe PRC - [2009.04.08 12:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.20 17:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe ========== Modules (No Company Name) ========== MOD - [2013.02.27 02:33:10 | 014,718,320 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll MOD - [2013.02.21 11:32:25 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll MOD - [2013.02.20 13:47:00 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.08.24 03:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd MOD - [2011.08.24 03:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ctypes.pyd MOD - [2011.08.24 03:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd MOD - [2009.07.31 20:06:24 | 000,155,648 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ========== Services (SafeList) ========== SRV - [2013.02.27 02:33:10 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.20 13:47:00 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.19 08:45:35 | 000,295,440 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service) SRV - [2012.09.19 08:45:30 | 000,078,352 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service) SRV - [2012.09.19 08:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12) SRV - [2012.08.30 20:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.08 16:56:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 16:56:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.20 13:59:34 | 000,271,224 | ---- | M] (Neuber Software GmbH, www.neuber.com) [Auto | Running] -- C:\Windows\SysWOW64\NetTaskAgent.exe -- (NetTaskAgent) SRV - [2010.12.15 02:59:17 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.08.19 09:52:04 | 000,229,376 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.02 18:09:54 | 000,246,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service) SRV - [2009.10.09 12:11:19 | 000,389,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.04.08 12:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2008.10.01 11:43:56 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.05.20 17:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 16:56:41 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 16:56:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.18 20:42:15 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.11.17 15:37:16 | 000,572,336 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2011.11.17 15:37:16 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2011.11.17 15:37:14 | 000,352,816 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.31 17:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.08.07 16:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.07.27 14:26:34 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.07.27 08:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2010.06.27 19:37:57 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.06.01 16:28:10 | 000,769,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\arusb_win7x.sys -- (arusb_win7x) DRV:64bit: - [2010.04.16 07:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009.10.19 04:32:40 | 000,511,232 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerAF35.sys -- (AVerAF35) DRV:64bit: - [2009.10.01 19:07:36 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.28 10:07:14 | 000,376,848 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM) DRV:64bit: - [2009.05.28 10:07:14 | 000,061,712 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2008.12.02 13:01:42 | 000,068,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR) DRV:64bit: - [2008.11.04 09:52:36 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) DRV:64bit: - [2008.11.04 09:52:36 | 000,132,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) DRV:64bit: - [2008.11.04 09:52:36 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex) DRV:64bit: - [2008.11.04 09:52:36 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) DRV:64bit: - [2008.11.04 09:52:32 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm) DRV:64bit: - [2008.11.04 09:52:32 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl) DRV:64bit: - [2008.11.04 09:52:30 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) DRV:64bit: - [2008.09.23 17:19:04 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64) DRV:64bit: - [2008.07.29 17:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDVdisk.sys -- (psdvdisk) DRV:64bit: - [2008.07.29 17:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDNServ.sys -- (PSDNServ) DRV:64bit: - [2008.07.29 17:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\psdfilter.sys -- (PSDFilter) DRV:64bit: - [2008.05.23 15:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL) DRV:64bit: - [2008.01.30 10:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2008.01.30 10:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008.01.09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV:64bit: - [2007.11.30 13:14:52 | 000,347,144 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MRVW24C.sys -- (MRV6X64U) DRV - [2011.09.13 21:57:19 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.09\RivaTuner64.sys -- (RivaTuner64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.09.30 09:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) DRV - [2008.05.26 10:54:28 | 000,120,816 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Programme\Acer\Empowering Technology\eRecovery\wsvd.sys -- (WSVD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m7720 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\@2\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m7720 IE - HKU\@2\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\@2\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m7720 IE - HKU\@2\..\SearchScopes,DefaultScope = {A1BA4F28-B648-456D-B5AE-59ED24C61AF0} IE - HKU\@2\..\SearchScopes\{A1BA4F28-B648-456D-B5AE-59ED24C61AF0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW IE - HKU\@2\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0 FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9 FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.4 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\Niklas\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Niklas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Niklas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Niklas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 13:47:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.27 21:38:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.28 13:36:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 13:47:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.27 21:38:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.28 13:36:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.03.27 15:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\Extensions [2010.03.10 21:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.02.23 23:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\Firefox\Profiles\2bbu22w3.default\extensions [2011.12.13 08:04:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Niklas\AppData\Roaming\mozilla\Firefox\Profiles\2bbu22w3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.13 08:04:13 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Niklas\AppData\Roaming\mozilla\Firefox\Profiles\2bbu22w3.default\extensions\personas@christopher.beard [2013.02.23 23:39:13 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\2bbu22w3.default\extensions\groovesharkUnlocker@overlord1337.xpi [2012.12.01 19:59:06 | 000,363,832 | ---- | M] () (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\2bbu22w3.default\extensions\smarterwiki@wikiatic.com.xpi [2013.02.03 11:36:34 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\2bbu22w3.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.02.15 10:39:03 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\2bbu22w3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.20 13:32:00 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\2bbu22w3.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2009.08.24 06:16:27 | 000,002,172 | ---- | M] () -- C:\Users\Niklas\AppData\Roaming\mozilla\firefox\profiles\2bbu22w3.default\searchplugins\bing.xml [2013.02.20 13:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.02.20 13:46:56 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7} [2013.02.20 13:46:56 | 000,000,000 | ---D | M] (SeekService) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{86009AEF-9162-4EBC-B698-FF71D7B6B049} [2013.02.20 13:47:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.03 07:23:21 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2009.08.27 15:52:52 | 000,002,399 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seekservice110.xml [2009.09.03 20:02:06 | 000,002,399 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seekservice123.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.searchnu.com/414 O1 HOSTS File: ([2013.02.28 23:55:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\@1..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\@1..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\@1\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\@2\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4029133945-3299104507-864066367-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.15.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DFC4CF9-8195-447C-B93B-09038FFD7623}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20A5B0A3-17AF-40C3-B8BC-CB0BAA02142F}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6114C60E-289D-4665-954B-82F54F684C73}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641754F0-3EF0-4739-9130-4423D37D1E55}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66D2FCF4-EC4B-455E-8A7C-36BA8B3DBB6E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD371EEA-6892-4526-B8C7-0761C4ADB4F1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD5ECF3D-E97E-4B94-8321-18C08B77A060}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC7B624C-10DB-42F5-B066-1FC4A387F3D7}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\Niklas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Niklas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.28 23:55:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.28 23:48:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.28 23:48:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.28 23:48:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.28 23:48:24 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.02.28 23:37:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.28 23:37:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.28 23:37:24 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\Niklas\Desktop\ComboFix.exe [2013.02.28 22:36:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12 [2013.02.28 18:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Network Security Task Manager [2013.02.28 18:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Security Task Manager [2013.02.28 18:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Network Security Taskmanager [2013.02.28 13:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.02.27 21:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.02.26 23:56:37 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.02.26 02:58:34 | 000,000,000 | ---D | C] -- C:\Users\Niklas\AppData\Roaming\Malwarebytes [2013.02.26 02:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.26 02:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.26 02:58:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.26 02:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.24 02:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2013.02.24 02:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install [2013.02.20 23:54:41 | 000,000,000 | ---D | C] -- C:\Users\Niklas\Desktop\Tracy Chapman Collection [2013.02.20 23:54:38 | 000,000,000 | ---D | C] -- C:\Users\Niklas\Desktop\In Aller Stille [2013.02.20 23:54:34 | 000,000,000 | ---D | C] -- C:\Users\Niklas\Desktop\Herzscheisse [2013.02.20 23:54:28 | 000,000,000 | ---D | C] -- C:\Users\Niklas\Desktop\coeur de pirate [2013.02.20 13:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.04 17:10:51 | 000,000,000 | ---D | C] -- C:\Users\Niklas\Documents\Klei [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Niklas\*.tmp files -> C:\Users\Niklas\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.01 00:02:17 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4029133945-3299104507-864066367-1000UA.job [2013.02.28 23:55:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.28 23:40:57 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 23:40:57 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 23:40:29 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.28 23:40:29 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.28 23:40:29 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.28 23:40:29 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.28 23:40:29 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.28 23:33:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2013.02.28 23:33:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.28 23:33:16 | 1066,799,102 | -HS- | M] () -- C:\hiberfil.sys [2013.02.28 23:30:39 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\Niklas\Desktop\ComboFix.exe [2013.02.28 22:36:50 | 000,002,152 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk [2013.02.28 22:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.28 19:59:50 | 000,000,000 | ---- | M] () -- C:\Users\Niklas\defogger_reenable [2013.02.28 15:02:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4029133945-3299104507-864066367-1000Core.job [2013.02.27 21:38:33 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.02.26 02:58:26 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.24 02:26:56 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk [2013.02.19 20:09:06 | 003,698,702 | ---- | M] () -- C:\Users\Niklas\Desktop\16 Spur 16.wma [2013.02.14 10:15:10 | 000,447,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.04 17:08:03 | 000,000,222 | ---- | M] () -- C:\Users\Niklas\Desktop\Don't Starve.url [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Niklas\*.tmp files -> C:\Users\Niklas\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.28 23:48:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.28 23:48:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.28 23:48:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.28 23:48:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.28 23:48:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.28 22:36:50 | 000,002,152 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk [2013.02.28 19:59:50 | 000,000,000 | ---- | C] () -- C:\Users\Niklas\defogger_reenable [2013.02.27 21:38:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.02.27 21:38:33 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.02.26 02:58:26 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.24 02:26:50 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk [2013.02.20 23:54:52 | 003,698,702 | ---- | C] () -- C:\Users\Niklas\Desktop\16 Spur 16.wma [2013.02.04 17:08:03 | 000,000,222 | ---- | C] () -- C:\Users\Niklas\Desktop\Don't Starve.url [2012.03.18 18:06:35 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2012.02.02 15:08:21 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.02.02 15:08:21 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.02.02 15:08:21 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.02.02 15:03:01 | 000,000,338 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 22:49:26 | 000,007,597 | ---- | C] () -- C:\Users\Niklas\AppData\Local\resmon.resmoncfg [2011.08.22 10:46:01 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2011.08.22 10:46:01 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.08.11 18:29:34 | 000,005,632 | ---- | C] () -- C:\Users\Niklas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.06 01:37:45 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.dll [2011.05.06 01:37:45 | 000,003,456 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.sys [2011.05.06 01:37:30 | 000,598,016 | ---- | C] () -- C:\Windows\SysWow64\sptlib21.dll [2011.05.06 01:37:30 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll [2011.05.06 01:37:30 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib11.dll [2011.05.06 01:37:30 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\sptlib22.dll [2011.05.06 01:37:30 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll [2011.05.06 01:37:30 | 000,225,280 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll [2011.05.06 01:37:30 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\sptlib12.dll [2010.05.19 14:19:22 | 000,017,408 | ---- | C] () -- C:\Users\Niklas\AppData\Local\WebpageIcons.db [2010.03.13 21:58:05 | 000,000,008 | ---- | C] () -- C:\Users\Niklas\AppData\Roaming\DofusAppId0_3 [2010.03.12 05:29:24 | 000,000,008 | ---- | C] () -- C:\Users\Niklas\AppData\Roaming\DofusAppId0_2 [2010.03.12 05:27:12 | 000,000,173 | ---- | C] () -- C:\Users\Niklas\AppData\Roaming\D2Info0 [2010.03.12 05:27:12 | 000,000,008 | ---- | C] () -- C:\Users\Niklas\AppData\Roaming\DofusAppId0_1 [2010.03.10 21:44:37 | 000,000,094 | ---- | C] () -- C:\Users\Niklas\AppData\Local\fusioncache.dat [2010.03.10 21:11:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.08.23 00:03:51 | 000,027,528 | ---- | C] () -- C:\Users\Niklas\AppData\Roaming\UserTile.png ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.12 11:05:16 | 000,000,000 | ---D | M] -- C:\Users\ergrg\AppData\Roaming\Origin [2012.02.01 23:16:42 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\.minecraft [2010.03.14 20:38:28 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\.purple [2010.03.10 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Acer GameZone Console [2010.04.26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Braid [2010.03.10 20:49:36 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Broken Sword 2.5 [2012.06.03 14:40:31 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\capy [2012.04.11 15:36:48 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\CorsixTH [2010.03.14 18:38:28 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\DiskSpaceFanPro [2009.08.23 23:58:25 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\DisplayTune [2012.11.02 03:29:48 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Doublefine [2010.10.15 07:46:17 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\DVDVideoSoft [2010.07.08 04:54:35 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\eSobi [2010.03.10 20:49:36 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\FFSJ [2012.06.02 15:58:17 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\fltk.org [2010.05.12 07:42:58 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\FreeAudioPack [2012.03.26 13:40:59 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\FreeVideoConverter [2010.03.10 20:49:36 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\GetRightToGo [2012.10.21 03:18:03 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\KeePass [2010.10.01 14:25:45 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Leadertech [2012.07.19 16:21:50 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Lionhead Studios [2012.06.09 14:24:10 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\LoneSurvivor [2010.07.10 04:17:30 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\LucasArts [2010.03.27 14:25:28 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\MAGIX [2010.10.15 08:50:16 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\MPEG Streamclip [2010.03.10 20:49:47 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\OpenOffice.org [2010.07.17 02:27:06 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Opera [2012.12.03 13:01:46 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Origin [2009.08.24 04:34:03 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\PeerNetworking [2010.07.14 18:36:51 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\phonostar GmbH [2012.02.20 18:25:19 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010.03.12 05:27:16 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\RegTesting.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010.06.18 05:38:56 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\RTPlayer [2012.06.25 18:58:09 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\six-updater [2012.06.11 15:11:11 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\six-zsync [2010.12.18 16:18:59 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Software Informer [2012.01.06 20:12:28 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Sony [2010.07.21 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Sony Creative Software [2010.03.20 08:12:45 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Sony Setup [2010.12.23 12:16:47 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Spore [2012.01.05 13:44:57 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\System [2010.12.13 14:44:48 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Telefónica [2010.08.27 14:04:58 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\The Creative Assembly [2010.03.10 21:27:41 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Thunderbird [2012.02.19 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Trine2 [2010.10.15 20:29:21 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\ultrastardx [2010.03.11 23:49:11 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Uniblue [2012.07.01 02:47:35 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Unity [2012.01.05 13:45:38 | 000,000,000 | -HSD | M] -- C:\Users\Niklas\AppData\Roaming\wyUpdate AU ========== Purity Check ========== < End of report > Log von Combofix Code:
ATTFilter ComboFix 13-02-26.01 - Niklas 28.02.2013 23:49:58.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.12279.10117 [GMT 1:00] ausgeführt von:: c:\users\Niklas\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\C9B086CE-4A3B-11DB-8373-B622A1EF5492 c:\programdata\hpeAAB5.dll c:\programdata\hpeB64A.dll c:\users\Niklas\AppData\Roaming\.# c:\users\Niklas\AppData\Roaming\.#\MBX@1050@3D2928.### c:\users\Niklas\AppData\Roaming\.#\MBX@1050@3D2958.### c:\users\Niklas\AppData\Roaming\.#\MBX@1050@3D2988.### c:\users\Niklas\AppData\Roaming\.#\MBX@11DC@25C2928.### c:\users\Niklas\AppData\Roaming\.#\MBX@11DC@25C2958.### c:\users\Niklas\AppData\Roaming\.#\MBX@11DC@25C2988.### c:\users\Niklas\AppData\Roaming\.#\MBX@1218@20E2928.### c:\users\Niklas\AppData\Roaming\.#\MBX@1218@20E2958.### c:\users\Niklas\AppData\Roaming\.#\MBX@1218@20E2988.### c:\users\Niklas\AppData\Roaming\.#\MBX@12D0@1E2928.### c:\users\Niklas\AppData\Roaming\.#\MBX@12D0@1E2958.### c:\users\Niklas\AppData\Roaming\.#\MBX@12D0@1E2988.### c:\users\Niklas\AppData\Roaming\.#\MBX@938@602928.### c:\users\Niklas\AppData\Roaming\.#\MBX@938@602958.### c:\users\Niklas\AppData\Roaming\.#\MBX@938@602988.### c:\users\Niklas\AppData\Roaming\.#\MBX@DC0@2372928.### c:\users\Niklas\AppData\Roaming\.#\MBX@DC0@2372958.### c:\users\Niklas\AppData\Roaming\.#\MBX@DC0@2372988.### c:\users\Niklas\AppData\Roaming\0ad c:\users\Niklas\AppData\Roaming\app c:\users\Niklas\AppData\Roaming\app\Jerakine_lang.dat c:\users\Niklas\AppData\Roaming\app\Jerakine_lang_vesrion.dat c:\windows\IsUn0407.exe c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\tmp7145.tmp c:\windows\SysWow64\tmp7146.tmp c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe c:\windows\wininit.ini D:\install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-28 bis 2013-02-28 )))))))))))))))))))))))))))))) . . 2013-02-28 22:45 . 2013-02-28 22:45 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33AE1FCF-4EFC-4AE2-8002-EC74658517FC}\offreg.dll 2013-02-28 17:30 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\_enviewlist.dll 2013-02-28 17:30 . 2010-11-20 12:18 640512 ----a-w- c:\windows\SysWow64\_entreelist.dll 2013-02-28 17:08 . 2013-02-28 22:01 -------- d-----w- c:\programdata\Network Security Task Manager 2013-02-28 17:08 . 2013-02-28 17:08 -------- d-----w- c:\program files (x86)\Network Security Taskmanager 2013-02-28 12:36 . 2013-02-28 12:53 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-02-27 20:38 . 2013-02-27 20:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-02-26 22:58 . 2013-02-26 22:58 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-26 11:36 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33AE1FCF-4EFC-4AE2-8002-EC74658517FC}\mpengine.dll 2013-02-26 01:58 . 2013-02-26 01:58 -------- d-----w- c:\users\Niklas\AppData\Roaming\Malwarebytes 2013-02-26 01:58 . 2013-02-26 01:58 -------- d-----w- c:\programdata\Malwarebytes 2013-02-26 01:58 . 2013-02-26 01:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-02-26 01:58 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-24 01:25 . 2013-02-24 01:26 -------- d-----w- c:\program files (x86)\Sony Media Go Install 2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-02-14 01:04 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 01:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 08:20 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 08:20 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 08:20 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-13 08:20 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 08:20 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 08:20 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-13 08:20 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-13 08:20 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-13 08:20 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-13 08:20 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-13 08:20 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 08:20 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-27 01:33 . 2012-05-09 14:33 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-27 01:33 . 2011-10-15 15:11 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-26 22:58 . 2012-06-24 12:16 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-26 22:58 . 2010-06-23 01:47 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-14 01:06 . 2010-03-10 20:56 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-01-17 00:28 . 2009-10-03 17:50 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-04 04:43 . 2013-02-13 08:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-16 17:11 . 2012-12-23 19:06 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-23 19:06 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-23 19:06 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-23 19:06 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-07 13:20 . 2013-01-09 12:40 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-09 12:40 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-09 12:40 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-09 12:40 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-09 12:40 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-09 12:40 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-09 12:40 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-09 12:40 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-09 12:40 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-09 12:40 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-09 12:40 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-09 12:40 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-09 12:40 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-09 12:40 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-09 12:40 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-09 12:40 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-09 12:40 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-09 12:40 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-09 12:40 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-09 12:40 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-09 12:40 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 12:40 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 12:40 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 12:40 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-09 12:40 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 12:40 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-09 12:40 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-09 12:40 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-09 12:40 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-09 12:40 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-09 12:40 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-12-07 10:46 . 2013-01-09 12:40 51712 ----a-w- c:\windows\SysWow64\esrb.rs . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-07-29 16:52 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-02-21 222504] "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-09-19 374560] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2011-5-6 155648] AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-5-6 651264] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2009-6-24 319488] SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2009-6-24 339968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Mobile Partner Manager\AssistantServices.exe [2009-12-02 246272] R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\Drivers\AVerAF35.sys [2009-10-19 511232] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 256000] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2009-05-28 61712] R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2009-05-28 376848] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x] R3 MRV6X64U;Belkin N1 Wireless USB Network Adapter Driver for Windows Vista x64;c:\windows\system32\DRIVERS\MRVW24C.sys [2007-11-30 347144] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424] R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.09\RivaTuner64.sys [2011-09-13 19952] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 113704] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 19496] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 152616] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 132648] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 34856] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 128552] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 145960] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-16 50176] R3 WSVD;WSVD;c:\program files\Acer\Empowering Technology\eRecovery\WSVD.sys [2008-05-26 120816] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-18 283200] S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-17 352816] S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224] S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064] S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-10-09 389120] S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-09-19 90640] S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-09-19 78352] S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-09-19 295440] S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-10-01 24576] S2 NetTaskAgent;Network Security Task Manager Service;c:\windows\SysWOW64\NetTaskAgent.exe [2012-01-20 271224] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S3 arusb_win7x;Service For TP-LINK Wireless N Adapter;c:\windows\system32\DRIVERS\arusb_win7x.sys [2010-06-01 769024] S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088] S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [2008-09-23 34840] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 86016] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}] 2010-02-16 17:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe . Inhalt des "geplante Tasks" Ordners . 2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 01:33] . 2013-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4029133945-3299104507-864066367-1000Core.job - c:\users\Niklas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 09:43] . 2013-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4029133945-3299104507-864066367-1000UA.job - c:\users\Niklas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 09:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-07-29 16:53 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Save YouTube Video as MP3 - c:\program files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{20A5B0A3-17AF-40C3-B8BC-CB0BAA02142F}: NameServer = 193.189.244.225 193.189.244.206 TCP: Interfaces\{641754F0-3EF0-4739-9130-4423D37D1E55}: NameServer = 193.189.244.225 193.189.244.206 FF - ProfilePath - c:\users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\2bbu22w3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - ExtSQL: !HIDDEN! 2010-03-10 20:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{ff88a983-649d-4207-9336-9b999280b436} - (no file) Wow6432Node-HKCU-Run-fsm - (no file) Wow6432Node-HKLM-Run-eRecoveryService - (no file) WebBrowser-{FF88A983-649D-4207-9336-9B999280B436} - (no file) AddRemove-BattlEye - c:\program files\Bohemia Interactive\ArmA 2Expansion\BattlEye\UnInstallBE.exe AddRemove-BattlEye A2 Free - d:\program files (x86)\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe AddRemove-BattlEye for A2 - c:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe AddRemove-BattlEye for OA - c:\program files\Bohemia Interactive\ArmA 2Expansion\BattlEye\UnInstallBE.exe AddRemove-Braid_is1 - c:\program files (x86)\Braid\unins000.exe AddRemove-Herrscher des Olymp - Zeus - c:\windows\IsUn0407.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2} - c:\program files (x86)\InstallShield Installation Information\{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}\setup.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\users\Niklas\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-4029133945-3299104507-864066367-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:46,9e,49,45,90,65,0d,79,35,32,fd,21,ea,3f,d7,f8,26,30,45,a5,1a,5b,83, 95,26,12,65,95,6d,db,34,6d,b9,47,60,b6,06,be,ae,7f,f2,a0,45,e7,40,c3,c5,d5,\ "??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f . [HKEY_USERS\S-1-5-21-4029133945-3299104507-864066367-1000\Software\SecuROM\License information*] "datasecu"=hex:b3,73,11,a5,2f,e3,42,d6,9b,8b,61,9e,76,a4,46,e9,01,ae,a5,3e,09, 6f,78,4c,62,db,f2,1a,49,f4,e9,5c,1e,22,a1,c2,ab,95,fc,08,64,9f,1e,7a,3d,c8,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-02-28 23:57:23 ComboFix-quarantined-files.txt 2013-02-28 22:57 . Vor Suchlauf: 19 Verzeichnis(se), 59.013.349.376 Bytes frei Nach Suchlauf: 26 Verzeichnis(se), 61.335.482.368 Bytes frei . - - End Of File - - D6A285B326701441F4067A4A79656B74 Log von awdcleaner Code:
ATTFilter # AdwCleaner v2.113 - Datei am 28/02/2013 um 23:31:51 erstellt # Aktualisiert am 23/02/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Niklas - FEY-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Niklas\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml Datei Gelöscht : C:\Users\Niklas\AppData\Local\Temp\Searchqu.ini Datei Gelöscht : C:\Users\Niklas\AppData\Local\Temp\searchqutoolbar-manifest.xml Datei Gelöscht : C:\Users\Niklas\AppData\Local\Temp\SetupDataMngr_Searchqu.exe Datei Gelöscht : C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\2bbu22w3.default\searchplugins\Search_Results.xml Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\Users\Niklas\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Niklas\AppData\LocalLow\Conduit ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\Headlight Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3031778 Schlüssel Gelöscht : HKLM\Software\Informer Technologies, Inc.\OpenCandy Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16464 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/414 --> hxxp://www.google.com -\\ Mozilla Firefox v19.0 (de) Datei : C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\2bbu22w3.default\prefs.js C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\2bbu22w3.default\user.js ... Gelöscht ! Gelöscht : user_pref("browser.search.defaultenginename", "Search Results"); Gelöscht : user_pref("browser.search.order.1", "Search Results"); Gelöscht : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true); Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q="); -\\ Google Chrome v25.0.1364.97 Datei : C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v10.60.3445.0 Datei : C:\Users\Niklas\AppData\Roaming\Opera\Opera\operaprefs.ini Gelöscht : Home URL=hxxp://www.searchnu.com/414 ************************* AdwCleaner[S1].txt - [4638 octets] - [28/02/2013 23:31:51] ########## EOF - C:\AdwCleaner[S1].txt - [4698 octets] ########## |
01.03.2013, 00:30 | #4 |
/// TB-Ausbilder | Exploits, java Viren, Trojaner gefunden. Hi, wie läuft der Rechner jetzt? Noch Probleme zu erkennen? Warnung: Infostealer Aus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat. Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen. Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern. Schritt 1
Code:
ATTFilter :commands [emptytemp]
Schritt 2
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
01.03.2013, 16:36 | #5 |
| Exploits, java Viren, Trojaner gefunden. Hallo, Leo Der Pc hatte sich erstmal nicht verändert. ich habe gemerkt das jetzt 2 programme nicht mehr funktionieren die sonst immer liefen. darunter Cyperlink PowerDVD13. kann keine medien mehr abspielen. er zeigt mir eine Fehlermeldung an. evtl sind Dateien beschädigt oder infiziert. Fifa 13 geht seit gestern auch nichtmehr. bzw es startet normal minimiert sich dann aber regelmäßig nach ein paar sekunden. der Fehler ist reproduzierbar. keine ahnung ob das am Virusbefall liegt. (nachtrag: fifa geht augenscheinlich wieder) bei Powerdvd habe ich bedenken ob ich das starten soll, was meinst du ? ein dickes Danke jetzt schonmal für dein Einsatz hier, diese Seite hier ist ein Glücksfall OTL Code:
ATTFilter All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: ergrg ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41620 bytes User: Niklas ->Temp folder emptied: 1006708 bytes ->Temporary Internet Files folder emptied: 429464907 bytes ->Java cache emptied: 49920520 bytes ->FireFox cache emptied: 419577943 bytes ->Google Chrome cache emptied: 0 bytes ->Opera cache emptied: 6382601 bytes ->Flash cache emptied: 49093 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41620 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 958464 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 938 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36063133 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 900,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03012013_004518 Files\Folders moved on Reboot... C:\Users\Niklas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.28.13 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Niklas :: FEY-PC [Administrator] 01.03.2013 00:53:49 mbam-log-2013-03-01 (00-53-49).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 261525 Laufzeit: 4 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET (der Scan dauerte über 15 Stunden. ich hatte eine externe Festplatte(backup) und ein usb stick dran) Code:
ATTFilter C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf INF/Autorun.gen worm H:\FEY-PC\Backup Set 2012-03-22 154912\Backup Files 2012-03-22 154912\Backup files 12.zip INF/Autorun.gen worm H:\FEY-PC\Backup Set 2012-03-22 154912\Backup Files 2012-06-03 190001\Backup files 6.zip HTML/Fraud.BG trojan H:\FEY-PC\Backup Set 2012-03-22 154912\Backup Files 2012-07-13 232517\Backup files 5.zip HTML/Iframe.B.Gen virus H:\FEY-PC\Backup Set 2012-03-22 154912\Backup Files 2012-07-22 190001\Backup files 4.zip HTML/Fraud.BG trojan H:\FEY-PC\Backup Set 2012-03-22 154912\Backup Files 2012-07-29 190001\Backup files 4.zip HTML/Iframe.B.Gen virus H:\FEY-PC\Backup Set 2012-09-09 205918\Backup Files 2012-09-09 205918\Backup files 19.zip INF/Autorun.gen worm H:\FEY-PC\Backup Set 2012-09-16 213248\Backup Files 2012-09-16 213248\Backup files 21.zip INF/Autorun.gen worm Checkup Code:
ATTFilter Results of screen317's Security Check version 0.99.60 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 CCleaner JavaFX 2.1.1 Java(TM) 6 Update 21 Java 7 Update 15 Adobe Flash Player 11.6.602.171 Adobe Reader 9 Adobe Reader XI Mozilla Firefox (19.0) Mozilla Thunderbird (17.0.3) Google Chrome 24.0.1312.57 Google Chrome 25.0.1364.97 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Geändert von verwinkelt (01.03.2013 um 16:43 Uhr) |
01.03.2013, 18:52 | #6 | |
/// TB-Ausbilder | Exploits, java Viren, Trojaner gefunden. Hallo, Zitat:
Ich denke nicht, dass das ein Malwareproblem ist. Schon mal versucht, das Programm zu deinstallieren und dann neu zu installieren? Deine infizierten Backups, die ESET gemeldet hat, kannst du löschen und dann durch ein neues Backup ersetzen.
__________________ --> Exploits, java Viren, Trojaner gefunden. |
01.03.2013, 19:32 | #7 |
| Exploits, java Viren, Trojaner gefunden. erstmal kommt : CyberLink powerdvd kann nicht auf das Speichergerät zugreifen. wählen sie ein anderes gerät aus, wenn die Wiedergabe stoppt. klickt man auf ok kommt das : Cyberlink Powerdvd konnte nicht gestartet werden, da einige der Komponenten beschädigt zu sein scheinen. versuchen sie cyberlink powerdvd zu deinstallieren und wieder zu installieren, oder prüfen sie mit einer anti-viren software ob eine infizierung vorliegt. wenn das programm dann immer noch nicht gestartet werden kann, wenden sie sich an den kundendienst, um hilfe zu erhalten. fehlercode 101 ich denke ich werde das programm und alle einträge davon runterschmeissen. und dann mal auf d: istallieren. falls das nicht hilft werde ich den kunensupport anschreiben. |
01.03.2013, 19:49 | #8 | |
/// TB-Ausbilder | Exploits, java Viren, Trojaner gefunden.Zitat:
__________________ cheers, Leo |
01.03.2013, 19:58 | #9 |
| Exploits, java Viren, Trojaner gefunden. Solala. es ging auch anders. vor deinem ganz ersten Beitrag hier hatte ich das programm nochmal neu istalliert. die aktualisierung mitgenommen die mir dann empfohlen wurde von programm. jetzt habe ich nochmal selber auf aktualisierungen gedrückt und mir den neusten patch runtergeladen. und tada. es funktioniert wieder. komisch. aber ok. gut soweit. Denkst du das mein Pc jetzt wieder virenfrei ist ? zumindest soweit man das sagen kann. Wie beuge ich einen erneuten befall vor. was ist zu beachten ? |
01.03.2013, 20:09 | #10 | ||
/// TB-Ausbilder | Exploits, java Viren, Trojaner gefunden. Hallo, prima. Manchmal passt halt irgendwas nicht, ohne dass man genau weiss was. Aber wenn jetzt wieder alles läuft, ist es ja ok. Zitat:
Zitat:
Jetzt räumen wir noch alles auf. Hinweis: Registry Cleaner Ich sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall CCleaner. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. Schritt 1
Schritt 2 Starte defogger und drücke den Button Re-enable. Schritt 3 Bitte deaktiviere jetzt temporär das Antiviren-Programm, evtl. vorhandenes Skript-Blocking und Antimalware-Programme. Drücke bitte die + R Taste, kopiere folgenden Text in das Ausführen Fenster Code:
ATTFilter Combofix /Uninstall Du kannst die eben deaktivierten Programme nun wieder einschalten. Schritt 4 Den ESET Online Scanner kannst du behalten, um ab und zu für eine Zweitmeinung dein System damit zu scannen. Falls du ESET aber deinstallieren möchtest, dann: Drücke bitte die + R Taste, kopiere folgenden Text in das Ausführen Fenster Code:
ATTFilter "%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe" Schritt 5 Downloade dir bitte delfix auf deinen Desktop.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und Software Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-Software Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im Internet Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine Hinweise Abschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________ cheers, Leo |
01.03.2013, 21:03 | #11 |
| Exploits, java Viren, Trojaner gefunden. So alles soweit gelöscht. Adobe Reader war unter Systemeinstellungen nicht zu finden. habe dann danach gesucht und noch dateien gefunden. die habe ich alle gelöscht. DIe externe festplatte habe ich bereinigt. komplette Backupdateien gelöscht und die infizierte Autorun datei. ich bin mir nicht ganz sicher ob das jetzt dem auslieferungszustand entspricht. drauf sind noch : slm.exe MediaID.bin mac Icon1 Drivenavi.exe dazu noch eine frage. zuletzt konnte kein Backup mehr angefertigt werden weil die Speicherkapazität überschritten wurde. die festplatte hat ~1TB speicher. hm. ok ich glaube das kann ich mir schon selber beantworten. aber nur nochmal zur sicherheit : Ich würde dann D: nicht ins Backup programm mit reinnehmen. das spielt keine allzu große rolle oder? hauptsächlich finden sich da die Steam Spiele drin wieder. soweit so gut. die Tipps werde ich mir noch genauer anschauen. Passwörter werden dann auch erstmal geändert. Tja. ich kann mich nurnochmal bedanken. finde ich ne sehr gute Idee mit dem Spenden, werde ich machen. Aber erstmal das dafür benutzte Passwort ändern. Ich hätte mich sonst auch geschämt, ohne richtige gegenleistung, so eine kompetente, ausführliche, schnelle Hilfe in anspruch genommen zu haben. |
03.03.2013, 16:59 | #12 |
/// TB-Ausbilder | Exploits, java Viren, Trojaner gefunden. Spiele und sonstige Programme würd ich nicht ins Backup reinnehmen, sondern nur (persönliche) Daten. Freut mich, dass wir helfen konnten. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
Themen zu Exploits, java Viren, Trojaner gefunden. |
adobe reader xi, avira, avira echtzeitscanner, battle.net, bonjour, desktop, entfernen, error, failed, firefox, flash player, google, grand theft auto, home, install.exe, logfile, mp3, msiinstaller, nvidia update, origin, pandora.tv, picasa, programm, realtek, recycle.bin, richtlinie, rojaner gefunden, scan, security, sekunden, software, starten, super, svchost.exe, taskmanager, tr/psw.zbot., trojaner, viren, virus, windows |