Spy-Hunter 4 unvollständige Deinstallation

Jalian · 04.05.2013, 19:46

Nachdem ich mir irgendwie Deltasearch eingefangen hatte und eben dieses sich nicht sachgemäß entfernen ließ, hatte ich mich, wie anscheinend viele von euch zuvor, dazu entschieden Spy-Hunter 4 herunterzuladen,weil mein Momentanes Malware Programm (IObit Malware Fighter Free) Delta search überhaupt nicht als Malware erkannte.
Nach der Installierung von Spy-Hunter 4 führte ich einen ganz normalen Malwarecheck damit durch, und ich war schockiert. Das Programm zeigte mir irgendwelche Malwareprogramme, die ich eigentlich schon entfernt hatte. Unter anderem Delta Search. Doch Nachdem das programm einen durchlauf fertig hatte, zwang es mich zur behebum zum Kauf auf. Und weil ich generrell ekeine Software Kaufe entschied ich mich dagegen und deinstallierte Spy-Hunter 4 bei Programme und Funktionen.
Danach war es immernoch da,als wäre nichts gewesen. schon ab dem Punkt war mir klar dass es Wohl keine Seriöse Softwäre ist, und wohl genau so Schwer zu entfernen.

Um es zu entfernen Wählte ich folgenden Link : hxxp://www.ehow.com/how_5252068_delete-spy-hunter.html

Der löste das Problem mit dem Registrierungs editor. ( ich erwähne das nur falls es bei der deinstallieren hilft)
"5Click on the "Search" feature. Type the word "regedit" into the Search box and press the Enter key. Double-click the registry editor icon when it appears in the list of search results.

6
Press the "Ctrl" and "F" keys at the same time to load the registry editor's search box. Type "SpyHunter" into the box and press Enter.

7
Right-click the registry entry that will show up in the search results and choose "Delete" to finish removing the SpyHunter program from your computer."

Read more: How to Delete Spy Hunter | hxxp://www.ehow.com/how_5252068_delete-spy-hunter.html

Doch nun ist das programm immernoch da, und wenn ich neue Programme öffnen will, blockiert er sie bis ich zustimme sie laufen zu lassen.

ich bin jetzt ziemlich ratlos und kenne mich mit Malvare und trojanern und etc wirklich nicht aus, das hier ist auch erst mein erster Beitrag, denn das ist der grund warum ich eigentlich jetzt hier bin. Ich hoffe jemand kann mir helfen, es wieder los zu werden.

ich bin für absolut jede hilfe dankbar!

cosinus · 06.05.2013, 11:02

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Jalian · 06.05.2013, 16:16

Ich habe keine alten Logs, weil mein altes Anti malware programm keine logs anbietet,also war ich gezwungen einen neuen zu machen.
Das ist was ich gefunden habe. ich weiss nichtmal ob das was mit Spyhunter 4 zu tun hat,trotzdem poste ich es mal.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.06.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Julian :: JULIAN-PC [Administrator]

Schutz: Aktiviert

06.05.2013 16:43:10
MBAM-log-2013-05-06 (17-03-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207216
Laufzeit: 18 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 06.05.2013, 20:19

Wieso bist du gezwungen ein neues Log zu machen, ich hab dich doch in meiner ersten AW gebeten, noch keine neuen Scans zu machen

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Jalian · 06.05.2013, 21:04

Okay,das nächste mal versuch ich besser durchzulesen,musste noch weg und habs überhastet durchgelesen.

also das hat er alles ausgespuckt.

Code:

ATTFilter

OTL logfile created on: 06.05.2013 21:54:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Julian\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.25 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 39.51% Memory free
6.50 Gb Paging File | 3.50 Gb Available in Paging File | 53.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 700.20 Gb Total Space | 331.67 Gb Free Space | 47.37% Space Free | Partition Type: NTFS
Drive D: | 695.96 Gb Total Space | 446.55 Gb Free Space | 64.16% Space Free | Partition Type: NTFS
 
Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Julian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe (IObit)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
PRC - C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe (IObit)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Steganos Safe 2012\SteganosHotKeyService.exe (Steganos Software GmbH)
PRC - C:\Program Files\Steganos Safe 2012\fredirstarter.exe (Steganos Software GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\ce70182f0348fc21a07409afd4a922f5\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
MOD - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\82f376255a9523982c52cf58b13268d3\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\webres.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxslt.dll ()
MOD - \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-618426037-2681808743-1371803286-1000\Indiv01.key ()
MOD - C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll ()
MOD - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdvancedSystemCareService6) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (IMFservice) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva397) --  File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (EagleXNt) --  File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys (OpenLibSys.org)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SLEE_18_DRIVER) -- C:\Windows\System32\drivers\SleeN18.sys (Softwareentwicklung Remus - ArchiCrypt - )
DRV - (UrlFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys (IObit.com)
DRV - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (FileMonitor) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys (IObit)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (Apowersoft_AudioDevice) -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (SmartDefragDriver) -- C:\Windows\System32\drivers\SmartDefragDriver.sys ()
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3176921&CUI=UN32832564133677113
 
 
IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN151&keywords={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN151&keywords={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=A03A1C4BD63FE3E2
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 2D D1 12 16 5D CC 01  [binary data]
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=A03A1C4BD63FE3E2
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3176921&CUI=UN32832564133677113
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..\SearchScopes\{CE901047-0715-429F-9716-6DBB6B034A37}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.66.2
FF - prefs.js..extensions.enabledAddons: mp4downloader@jeff.net:1.3.2
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledAddons: ytd@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
FF - prefs.js..browser.startup.homepage: 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0:  File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0:  File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0:  File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.14 23:24:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.04 17:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.20 17:32:00 | 000,000,000 | ---D | M]
 
[2011.06.26 15:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions
[2013.05.03 16:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\3mx9s3yy.default\extensions
[2012.07.29 17:18:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\3mx9s3yy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.05.03 16:57:12 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\3mx9s3yy.default\extensions\ascsurfingprotection@iobit.com
[2012.06.29 16:58:32 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\3mx9s3yy.default\extensions\battlefieldplay4free@ea.com
[2012.08.25 13:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\3mx9s3yy.default\extensions\OneClickDownload@OneClickDownload.com
[2012.08.18 18:15:56 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.04.11 17:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\extensions\ftdownloader3@ftdownloader.com.xpi
[2012.07.31 13:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\extensions\gophoto@gophoto.it.xpi
[2012.03.06 15:30:14 | 000,049,306 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\extensions\mp4downloader@jeff.net.xpi
[2012.08.18 18:15:56 | 000,216,359 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi
[2012.08.18 18:15:56 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.08.17 21:44:12 | 000,007,820 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\extensions\{d8b271a6-6ed3-427d-b600-1b674e00e6ec}.xpi
[2011.12.05 15:38:10 | 000,000,921 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\searchplugins\conduit.xml
File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\PROGRAM FILES\YTD TOOLBAR\FF
[2011.12.14 17:20:47 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.10.04 09:18:55 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www2.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=A03A1C4BD63FE3E2
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Vizzed Retro Game Room Plugin (Enabled) = C:\Program Files\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Julian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Julian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: CloudMagic = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeabeiioncmgphlgcgnmhjahjjmimkmp\3.0.3_0\
CHR - Extension: AdBlock = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.26_0\
CHR - Extension: SmartVideo For YouTube\u2122 = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp\0.9926_0\
CHR - Extension: YouTube Auto Replay = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcdpnidfhfjfbafmpppcplcejgepadbo\2.82_0\
CHR - Extension: Youtube Auto-Replay = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbfchijafhmjdocejjccccanklknhlk\2.2_0\
CHR - Extension: Chrome Web Store = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Konata Theme by Bews (AERO) = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdgcggbmlchagbfcbagafpkcahjfcei\1.1_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\
CHR - Extension: Google Mail = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SAFE2012 File Redirection Starter] C:\Program Files\Steganos Safe 2012\fredirstarter.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SAFE2012 HotKeys] C:\Program Files\Steganos Safe 2012\SteganosHotKeyService.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe (IObit)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Julian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..Trusted Domains: vizzed.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA245330-7C5B-4A63-8AD8-FA592A8DE10E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F72AAA8A-1EEF-42F5-A0CB-D6B99E68ADE6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (c:\progra~4\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ce87e438-9ff9-11e0-affb-4061868bafa1}\Shell - "" = AutoRun
O33 - MountPoints2\{ce87e438-9ff9-11e0-affb-4061868bafa1}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.06 21:54:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe
[2013.05.06 16:42:34 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.05.06 16:41:14 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Malwarebytes
[2013.05.06 16:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.06 16:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.06 16:40:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.06 16:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.05 14:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\FTDownloader.com
[2013.05.04 15:39:09 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\NFS Most Wanted
[2013.05.04 15:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2013.05.04 08:37:47 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.05.04 08:37:47 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.05.04 08:37:47 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.05.04 08:37:16 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.04 08:36:17 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.04 08:36:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.04 08:36:16 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.04 08:36:16 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.04 08:36:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.04 08:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.02 18:25:17 | 000,000,000 | R--D | C] -- C:\Users\Julian\Desktop\Internet Explorer
[2013.05.02 16:59:45 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\{ABBAADA7-4CF5-49C3-9B42-51C39C26C4F8}
[2013.04.30 20:18:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.04.30 20:18:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.04.28 11:32:45 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013.04.28 09:15:33 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\dickhead
[2013.04.25 17:35:39 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.04.25 17:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.04.25 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\BabSolution
[2013.04.25 17:35:14 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\PutLockerDownloader
[2013.04.25 17:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Gophoto.it
[2013.04.25 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
[2013.04.21 18:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.21 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.04.13 15:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Kalua Cocktails (Demoversion)
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.06 21:50:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe
[2013.05.06 21:27:00 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Julian.job
[2013.05.06 21:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.06 21:15:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-618426037-2681808743-1371803286-1000UA.job
[2013.05.06 16:42:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.05.06 16:40:53 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.06 16:15:05 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-618426037-2681808743-1371803286-1000Core.job
[2013.05.06 16:01:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.06 16:01:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.06 15:53:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.05 19:17:56 | 000,015,445 | ---- | M] () -- C:\Users\Julian\Desktop\Infoblatt V2.1.odt
[2013.05.05 16:02:21 | 000,004,304 | ---- | M] () -- C:\Users\Julian\Desktop\Neues RTF-Dokument (2).rtf
[2013.05.05 14:36:12 | 000,000,824 | ---- | M] () -- C:\Users\Julian\Desktop\FTDownloader.lnk
[2013.05.04 15:26:13 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
[2013.05.04 15:09:12 | 000,370,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.04 08:37:47 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.05.04 08:37:47 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.05.04 08:37:47 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.05.04 08:37:16 | 002,347,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.04 08:36:17 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.04 08:36:17 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.04 08:36:16 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.04 08:36:16 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.04 08:36:16 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.03 20:26:16 | 000,298,521 | ---- | M] () -- C:\Users\Julian\Desktop\saar_wapp_pub_4c.jpg
[2013.05.03 16:57:04 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013.05.03 16:57:04 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013.04.28 11:32:45 | 000,001,131 | ---- | M] () -- C:\Users\Julian\Desktop\Uplay.lnk
[2013.04.28 09:15:12 | 000,707,088 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.28 09:15:12 | 000,660,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.28 09:15:12 | 000,152,680 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.28 09:15:12 | 000,124,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.20 21:23:13 | 000,137,992 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.04.20 21:23:04 | 000,291,088 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.04.20 21:20:53 | 000,291,088 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.06 16:40:53 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.05 19:18:14 | 000,015,445 | ---- | C] () -- C:\Users\Julian\Desktop\Infoblatt V2.1.odt
[2013.05.05 14:36:12 | 000,000,824 | ---- | C] () -- C:\Users\Julian\Desktop\FTDownloader.lnk
[2013.05.04 15:26:13 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
[2013.05.03 20:26:16 | 000,298,521 | ---- | C] () -- C:\Users\Julian\Desktop\saar_wapp_pub_4c.jpg
[2013.04.28 11:32:45 | 000,001,131 | ---- | C] () -- C:\Users\Julian\Desktop\Uplay.lnk
[2013.02.11 14:42:07 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012.12.20 20:28:37 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012.12.19 16:45:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.12.05 21:00:56 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\WebCamLib.dll
[2012.11.29 17:40:02 | 000,662,786 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.11.06 13:53:34 | 000,205,312 | ---- | C] () -- C:\Windows\System32\SBuySupplies.exe
[2012.09.28 14:08:34 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.09.19 21:09:40 | 000,076,660 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
[2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.03.19 20:18:20 | 000,000,094 | ---- | C] () -- C:\Users\Julian\AppData\Local\fusioncache.dat
[2012.02.15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.02.15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.01.28 17:09:27 | 000,000,045 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\TheHunterSettings_live.cfg
[2011.12.28 00:52:05 | 000,000,001 | ---- | C] () -- C:\Windows\System32\sav85014.sys
[2011.12.18 17:52:50 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.12.07 15:59:19 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.12.07 15:59:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.11.20 01:02:15 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.10.09 13:27:00 | 000,007,605 | ---- | C] () -- C:\Users\Julian\AppData\Local\Resmon.ResmonCfg
[2011.08.31 14:09:56 | 000,138,056 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\PnkBstrK.sys
[2011.08.31 14:09:56 | 000,137,992 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.08.31 14:09:27 | 000,291,088 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.08.31 14:09:24 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.08.30 16:27:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.30 16:23:57 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.08.30 16:21:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.08.16 18:10:23 | 000,001,488 | ---- | C] () -- C:\Users\Julian\.recently-used.xbel
[2011.06.26 15:44:11 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2011.11.25 19:27:07 | 000,000,650 | ---- | M] ()(C:\Users\Julian\AppData\Local\PMB Fik?s) -- C:\Users\Julian\AppData\Local\PMB Fik聥s
[2011.11.25 19:27:07 | 000,000,650 | ---- | C] ()(C:\Users\Julian\AppData\Local\PMB Fik?s) -- C:\Users\Julian\AppData\Local\PMB Fik聥s

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 06.05.2013 21:54:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Julian\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.25 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 39.51% Memory free
6.50 Gb Paging File | 3.50 Gb Available in Paging File | 53.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 700.20 Gb Total Space | 331.67 Gb Free Space | 47.37% Space Free | Partition Type: NTFS
Drive D: | 695.96 Gb Total Space | 446.55 Gb Free Space | 64.16% Space Free | Partition Type: NTFS
 
Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006442EE-B611-4CF6-ABA0-9E2930CECC42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{00C5F3A9-4035-45EE-AEEF-86E5D271CAB1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{056D809E-EF0A-4136-B9D6-66E496B466CB}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{095741D1-5334-46E5-89A4-3B6021A01D08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1229EB90-28DF-4DA3-A167-8AC91BB652BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{128F43A7-19F7-459E-B0BA-390E5C2827C9}" = lport=443 | protocol=6 | dir=in | app=system | 
"{13B56AF0-ED3D-4977-B3F1-A1A2B48BC78A}" = lport=5985 | protocol=6 | dir=in | app=system | 
"{17F6DB06-57F6-4D69-9E78-1B045DA66FD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{22012E1F-B29B-43FB-A832-02985E05114E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{2AA78CE0-9891-463A-A6F6-75F3A8750EC8}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{2CF14630-146D-4ED5-8A20-00EDE27AE496}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{2E2EC65D-4562-4B75-85B6-44513E33204E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2EE43205-61A8-4210-A8B8-BEC968FBE018}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{2FA87104-2382-4929-A6A9-91E80AFFCD86}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe | 
"{2FF6B415-4D53-477F-AFB8-56E6D9BF3E86}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{311747ED-E1FD-46F4-B089-72E84531E1F6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{31B57D60-A8F7-40ED-922B-0090E5BB6599}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\vdsldr.exe | 
"{353D3D08-7ECD-4304-B528-4CB117188DC7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{36332821-C278-4F5F-A80E-21D0A9F97BB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3DAE6BE2-9CC3-4B75-87F6-60B6FAA7BE53}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{49696F26-B59F-4E8C-BC5C-35D0B84196AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4B553AC0-91C7-4027-B6DD-512E89D1780B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4DB65F63-6A68-47F6-8721-10098068F531}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{50CEF1F5-B886-4503-A696-BA98C290A575}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5627278A-BBFD-43EA-AE7E-D85FBD125F95}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{58A7AB88-D714-4680-8DC3-8D3CE891F35D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5B449088-41D6-42EE-AD8B-3CD909B92096}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{603B7DC4-6348-469C-9B0D-36D8CDD2FDFA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{60DE1C49-6ABB-4127-AF18-DDF744198E7B}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{64C18A74-080F-450E-B3AE-EE1F621C0C27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{6AD0E858-CE4F-4FBB-9120-00FCD94C6042}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{71119965-665A-439D-ABD0-FE6FF0C3AE0D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{7121C5D7-DC9F-4AA7-A87D-229CBFDC5DB8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7348218D-A88A-4920-8DAC-81EE14A0D332}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=%systemroot%\system32\snmptrap.exe | 
"{7F9A2DCA-AFF4-415B-8B6C-02B95F3638A8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{8A415FA4-5626-497E-A2B8-F12589E3160C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8DD94C23-6219-4F81-ACDA-354204D2177A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8E777F33-F465-4EA4-9BEB-689C312AE822}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9359E3ED-5E50-4631-BD49-682EB719A638}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe | 
"{941DEC18-F7D2-4C3F-A92E-2938041A5AB8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{98A49159-50C5-495C-8D2B-9523AA222A10}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{995045EF-9E82-4EFA-B84F-557FDE7B8E23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9DEC3D21-4D22-4993-993F-FDA5EC1B5300}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A090C1E5-15ED-4ADF-BBBE-DC5496F71D72}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{A0BC06A1-986A-44ED-BB77-A3E5CF9ABF92}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{A15D40AD-7431-46CE-A869-DACF55D52B1D}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=%systemroot%\system32\svchost.exe | 
"{A42C92BF-4CF1-4C0B-AA79-DA3F70F1FC2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{A5B81875-F694-4354-A059-816B6CDA1602}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A8092FB4-0237-4683-AA17-29B44DA4D2F0}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe | 
"{AE58A0CD-5C0B-42AF-86F3-1B1CA26A87EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AEEB6A40-ADA0-4485-8CE8-F06072C99D8D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{B5556AA5-A444-4111-91CC-718E012B884F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B7C9D0CC-5B10-46A2-9063-C181A8F82522}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe | 
"{BBCB01A3-2D0E-450E-84EA-DBED857CAEB4}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BFBB00C9-FC8B-40E4-84DE-C81626B2A1D1}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{C129872B-ADB6-48B4-A148-16A24E81C0EA}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{C2F88D29-FC81-4D3B-A359-D51733D526B4}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{C6F76582-0326-4049-AFDB-A5014F112EAB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CDF9E84B-2503-4230-90FB-0C8F9ECED3A4}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{CF76D535-A9CA-4D5E-BC17-EF8D7986FD7B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{D09462B8-C429-452C-8D82-DF3193E2C1C9}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{D34B4116-FAA5-4AA9-8231-94CDA7D636BD}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{DCE73D58-7764-4E43-9A21-F80412C82CA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DD903C11-44BE-44EC-A066-E6B4B14D446B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{E049DB36-4DBA-42AC-8456-D0FF97D29100}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E09DE8E8-8C0C-4B59-B8D9-2160CF3F4062}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E0BDE09F-2213-41EF-AC0C-1D6BA9C4DF7F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E48B1825-31F0-4F0A-892C-96E37B5351EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E962C9DF-1687-4E22-BB7A-280323D67318}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EBCAF1ED-F562-4F97-B8B6-93B581E424FF}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{F1EE3A79-4A6A-4280-9C45-C7E0083E7BDF}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{F5FC4D6E-0A1B-4535-981D-8EA17137F8AE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F6841C88-D15E-41CF-ABDC-35DEA69C2F5A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F72C4397-C92A-4953-A14A-0ED9B2048D74}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FA05501B-18A2-47E5-8ABC-25AF66DEDE53}" = lport=10245 | protocol=6 | dir=in | app=system | 
"{FA49DDF7-F8BE-4144-9664-5517C9CFAFE8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB066A9E-D614-4B93-9D2E-426DC989C1B2}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{FB8222DC-E6DF-426A-86B7-AD74783D1D73}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{FC6658AD-8716-41D8-BA34-9EAA4F60DEFE}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=%systemroot%\system32\vds.exe | 
"{FDE14132-3BF2-4B86-B48E-7FEB333B36AB}" = lport=80 | protocol=6 | dir=in | app=system | 
"{FE0D66B8-9BC3-4212-8A49-360D004B6EBD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C47AC9-073B-43F3-8423-D35ACD25D42D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{09981AA4-2029-4804-BAC7-F4A5A91F799B}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\prototype\prototypef.exe | 
"{0B5133CC-BC64-49E5-AAF8-282595D0E3FA}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe | 
"{0DB0C42A-8C30-4913-9A03-9722A9D7E6D7}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\team fortress 2\hl2.exe | 
"{0EB79B32-A809-4B59-8832-40CD26E4DD63}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\prototype\prototypef.exe | 
"{0F9153FF-D181-4505-939D-D94BA1C15E29}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1498060E-38D4-4AC7-A2A5-C6EAAEF1B5B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14F0B733-58EB-4BBB-95D5-835929E6E1A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1804CFA2-F121-4FBC-912F-57433597C473}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\alien swarm\srcds.exe | 
"{19DDD7EC-1A1C-44F4-8025-3738AF69D183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BAF4050-3987-4132-A325-78B2F97D2956}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\crimecraft\steamlauncher.exe | 
"{1BCE6B93-D94D-4ED2-8C7E-07E40F30414B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lego star wars saga\legostarwarssaga.exe | 
"{1C99A3C6-3638-4C23-8993-B057BD3784F4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{1EEDB6B8-9866-4776-9D10-04B655A968C3}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{1F56DC9A-141A-46D2-9531-E257069122B5}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{20E87731-8EA9-438B-A7A2-F3248C5AA348}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{244B2B2F-3A6F-45A4-BA12-8C441934FB93}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{24ABF9C5-20CB-4D97-83F3-6EFFEDD4B901}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{253407C6-5DCE-45E0-8C98-BE0B3F66CFEB}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\age of chivalry\hl2.exe | 
"{2584D129-F211-447A-8A4F-777C140C17A9}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{282B0CFF-32ED-48BA-BD7B-1416596A53D9}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\dota 2 beta\dota.exe | 
"{291D8AD2-E591-4085-A4B4-CB8BE1EA61DB}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{29FF3300-51D2-4BB9-96B8-9712A32A62D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B4AA93B-0D6A-448E-8AE2-679A7467EEA2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{2BB4115C-A623-4618-B58A-FDCD3A696BDA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | 
"{2C820E2C-D768-4C50-BC36-87F7CFC80E0F}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{2CA735B1-44DC-4EAB-A1B1-79FCCB87DB79}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{2D4D87BE-E902-4EE7-AD13-7CB4CFDAF7C7}" = protocol=6 | dir=in | app=%systemroot%\system32\plasrv.exe | 
"{2E4B46CC-E99D-40FA-91EF-91FE07689955}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{3091DF55-8E08-488F-9F0E-D33611FBDF90}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{33B60969-F604-41A5-98AF-B38C4CE04CFF}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{34241774-0704-47D0-B1B8-9A33C6F80A36}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | 
"{35003EC7-A7A1-4B7A-AE76-F65D689D9BCD}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\zombie panic! source dedicated server\srcds.exe | 
"{364FDB47-D3A2-467E-93B3-235E215FE4C9}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe | 
"{36ECBBC0-4A65-4319-B7D7-5433E4CA9D4D}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{379716D9-30B2-41E0-B615-965489A41F44}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{37F58350-3242-402F-98D6-DF23298AF2E5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{380CB8C1-B943-42B8-A08F-06AD74ED351D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{38A520BC-5816-4188-8165-FECFD3CC9B12}" = protocol=6 | dir=in | app=d:\steam\steam\steam.exe | 
"{39D0A779-354B-4AEA-A00F-15F56680EC8D}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\alien swarm\swarm.exe | 
"{3A78AB00-0CF5-4732-AE82-42AF25376336}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{3B366296-4848-46B4-8F71-3072DE2A9E77}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{3BB7978C-1EDC-4A7E-A24C-23C8EAFCF22C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C55060A-4931-40F5-957B-964E4B70EB14}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terraria.exe | 
"{3D7A6B70-6220-4779-A892-DCBFB7B730BF}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\garrysmod\hl2.exe | 
"{3DD29287-AE41-4DAD-A34A-3DF23B33F4CF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\jalian96\zombie panic! source dedicated server\srcds.exe | 
"{425ACABF-86E6-41F4-9234-90ECB0A8CDA7}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{42F9E564-E6BE-448C-9BCD-358CFF3772B8}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\prototype\prototypef.exe | 
"{44C9604E-7BB7-4C63-AF19-EC97D09A2EDE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{47B2DF44-D5D2-4652-B1B7-1E08C283D966}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{481C960B-36FC-4506-86B1-ECED97AEF1E5}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{48D21428-E1AC-447E-B5B0-04EA649886C4}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{49A62B44-EA8D-49D5-858D-B82D3DDD252F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{49EC29B2-3C47-4161-AF3C-279483218534}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\alien swarm\swarm.exe | 
"{49FE0567-12C7-41F6-AB57-E81F54366CC1}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\zombie panic! source dedicated server\srcds.exe | 
"{4A1FDC6B-4D7D-4C9D-81B3-93A58FEE6C43}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\cthulhu saves the world\cstw.exe | 
"{4C22E1C7-45EB-4804-A2B5-DFBDCC4B986E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{4C5BEBA1-D682-4C23-8081-4580D0E3A45B}" = dir=in | app=c:\program files\apowersoft\screen recording suite\screen-recording-suite.exe | 
"{4CF336EB-EDE4-4FA8-A458-37BA60506B67}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\idsalert.exe | 
"{4D28ED64-81DB-48F9-8F88-14EDE71F94C8}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{4D7FC216-989A-4293-958A-9FA26DCE71A7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{4DAB8CAA-A5CE-462C-89EA-6E0D42016082}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4DF3CBAA-383D-415E-BF74-9AAD8A0535CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{4EDF5422-CF01-464C-8CEA-165A50538853}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{4FB71ABF-72A3-48AB-9744-3C4146CC3E16}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{5207DA90-9B30-401C-B414-2E365AA8FD78}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{53A0E25F-AE2B-457D-A013-C7E9866E0AA2}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\just cause 2\justcause2.exe | 
"{541A323D-9DB4-4EA7-937A-6EC51F67BEF6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{549D0817-D8B4-4D7B-80B7-BC598F4D8292}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{54DC6E88-ADE1-40EF-B3F5-7A8D34915D7E}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\team fortress 2\hl2.exe | 
"{55231E24-1DAB-4BA6-A602-8384104E78D8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{56D398A1-6CC6-447D-A333-5BC7744B835F}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe | 
"{5937250C-4F25-442F-8441-A3CE96C4DD95}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{5A5EFB00-0875-45E5-9CBE-B2F23CE83E4E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ava\reactor.exe | 
"{5B1BF269-E6D3-4E6B-A637-A7361F47F97A}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5B847501-8C5C-4AD4-A8D3-66A2F2E69CAB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terraria.exe | 
"{5EB4F6AB-1DEB-47FC-837A-FE7E05075DF7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{605D3169-E765-4D5A-8A8C-37CA7E8E5112}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{6101DC8B-C8BD-4FE6-A469-4D93B877440C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{62005B3C-7C97-4F9D-A00C-8F823776F9E9}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{63B0A0A9-ABC4-460B-B1F7-7A6F389D7595}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{63B442D5-090B-47C6-8B3D-F85A3C9C2D9D}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{63F75551-216D-436E-BFF4-0FE50036B350}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{66E40EA8-09F0-477C-8AAB-329B7E226859}" = protocol=47 | dir=out | app=system | 
"{66E8B2F6-88B9-445A-8A1D-02E5EFDAC89F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{68C17224-FB40-40C4-9B03-9BC9D4140986}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{68EF16ED-C873-4C9C-983F-F423D12E7B4A}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{68FB5E8C-C94D-449B-B93A-EC38477F4BB4}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{6914C025-3829-46FC-8AF6-E6AFA8DB4F2D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\jalian96\garrysmod\hl2.exe | 
"{69C4857A-2C81-432E-AEF6-25EDD0BB8536}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{6A413F5D-9BE6-45A6-8AB1-9832199D2FE5}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{6C71B694-88FE-4870-BA2F-0062C27C004C}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{6D7A5344-1E3B-4234-A0EE-F849B5EEA3EE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{6D84EA77-F94D-4B65-A87A-6D2A6685EAB8}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{70096987-5AD5-476E-9E1C-4D5B279D2F7D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{70AD9408-DCDD-4EA8-AE85-74EAAA7D77EF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{71137B40-EAE9-45C4-99FE-16D82D2509F7}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\breath of death vii\bodviipc.exe | 
"{7135D057-29E9-40B4-B8A6-1BCCE8D145C4}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{71C544F5-6BAB-4928-81C8-472A4D982EB9}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{7234364F-F0EF-451F-8EF0-5B459EEFF880}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{7376E94B-0F42-45E4-BF5B-71EE4298DB25}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\ids.application.exe | 
"{73E793AF-266B-4739-B74A-BC82B32D7AED}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{75E1A611-1A17-44C4-A20E-B17D812A4B90}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{773F90F6-7DFF-4DEC-9922-10FD5D5CF484}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{78A3DEE7-D074-4744-834B-C1F44BA2DD87}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{796403C7-3168-480E-9EDA-E1DDA67333B3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7AFF79E2-0A3D-45E8-AE8A-46B7CD3AE328}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7CEA2325-506D-41D1-8CFB-BFB41B98FF16}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\age of chivalry\hl2.exe | 
"{7D40EECF-FC0C-40C4-8E41-9A66CE08D62F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\planetside 2\launchpad.exe | 
"{811CD248-CCCD-48D1-B8AB-7708B4BD9F2F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{83754FC1-4309-4641-A173-D9C90EF49943}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\planetside 2\launchpad.exe | 
"{866ABB0F-6F93-421A-A3A5-6C4C97E40C51}" = protocol=17 | dir=in | app=d:\steam\steam\steam.exe | 
"{86E726B7-049E-41D7-874C-B8F5798002C2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{8AA09CAB-CD94-411B-9D85-8F859CAF2681}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | 
"{8C4266D6-5254-413A-AD4B-3E631405258C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{8EA72494-47B9-42A8-9EA9-AC1F844B7419}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{8EDCCE6D-81AD-42A3-B360-28C40C091025}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{8F76FEBE-0F79-4082-924B-44BC56BBBF38}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{90B26950-CF55-4382-BB14-1CC653A48321}" = dir=in | app=c:\program files\apowersoft\screen recording suite\screenrecordingsuite.exe | 
"{910897A6-ABB9-4B51-BFE4-21CD2B35AB46}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\cthulhu saves the world\cstw.exe | 
"{91328B2E-4314-4226-B0F3-18C6E7D8904B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{9165F6CD-EF39-4D0B-B9DD-CD8F9C8842A3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{9273535C-78ED-4FA6-A198-5E28FB4EC735}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{9446AECB-D502-4001-B556-007CA8A30E39}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\dystopia\hl2.exe | 
"{94554558-B3C3-4352-9737-DFEC1B6CAD74}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 test\dota.exe | 
"{946AB5B4-88FA-4F65-9634-4AAD9F6070FA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | 
"{95C51366-FB4C-41E1-AA86-955C646909E9}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{99BDD4DC-C985-444C-98BD-77DDE052A5D2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{9A795352-11A4-4EA8-BB9A-6C163F76A94E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lego star wars saga\legostarwarssaga.exe | 
"{9CE0CA69-881F-4033-B1BD-520B0520B1DC}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\terraria\terraria.exe | 
"{9DDE736A-FDDA-4B6D-97B1-2C27483961B2}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{9EBA0F0E-6B0E-40A4-B2CE-DF5C6E24F604}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\terraria\terraria.exe | 
"{9FD27446-B04E-4980-AF45-460F0AD4F576}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A0E1A198-E01B-4600-95D3-1F9FCB9813B1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{A1EC65D2-4089-4130-B1DE-1085857F63DD}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{A2096722-B4B3-4EE5-BF57-C175EB10FDA8}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\ids.application.exe | 
"{A25D0CA2-CD03-4FF3-826B-DC0DF9EB722A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{A2F78F8E-305D-4167-A7E0-9D6968683154}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A322FB48-077D-4EA2-96A7-58CCD5D16930}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{A32BFEBF-35DA-449A-8D2B-0C1BAD7E2F0F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{A3CB7A34-E262-45D7-A5DE-4A908EF1C1FC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\crimecraft\steamlauncher.exe | 
"{A453801C-151D-4E1F-8F31-3B2CCA2E226E}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{A52DC6DA-6081-436A-AAD6-000F872355CD}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\ordersupplies.exe | 
"{A5456CF4-05ED-4606-9E26-A173EB6BCFA4}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{A7CD712A-93DC-407B-93C9-AFA821CEE44A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{A7CFAAA8-D2FF-4247-B2B4-2FF9CEFD033B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\jalian96\zombie panic! source dedicated server\srcds.exe | 
"{A8344108-DD9F-4D3A-B757-960B7129696A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{A873CAF4-9A49-4604-8FA1-482A1E456C57}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{A99A6467-7782-476B-85C8-091976F3332D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\prototype\prototypef.exe | 
"{ABC02E1B-0A8A-4C74-ADBF-E2E5B4072D4B}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{ADB11EB9-6BA0-4B83-B319-D403A3360DAA}" = protocol=6 | dir=out | app=system | 
"{B0DD8135-569E-4D6B-9A45-3CA95CA4977E}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{B0E89411-17C4-4638-956D-CAD181BB5375}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{B2BBF56E-36E8-48EF-ACAA-3C5843F91718}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B43DF899-E610-4689-B7E9-56D27AAE6010}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ava\reactor.exe | 
"{B4AE518D-E9C7-4EC8-8FF3-7762EAE672DA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\jalian96\garrysmod\hl2.exe | 
"{B5D7D5A0-B7F3-440E-BECA-BDAE5CED68CE}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\lego star wars saga\legostarwarssaga.exe | 
"{B615CB6D-C8C8-4A4C-A2CE-52987EE4326C}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\garrysmod\hl2.exe | 
"{B6EB3285-A581-42F4-9D39-19D023B11FC6}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{B8DFE397-7AD0-4FB9-B3D5-FBD647CD4B36}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{BB773DB8-AFDD-44F3-9326-2BCB83FFA462}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{BC9175E1-1B3C-4682-9761-6682F6BF1C82}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{BD555A65-017D-43F4-B96C-090A24FBB89B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{BE3AEC0C-34FA-4CC7-97D4-0AC69B60A648}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\ordersupplies.exe | 
"{BF36C472-117C-4A25-AEE0-1D2798F5DE34}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{BF59628A-CA38-4CF1-9281-9924C5A449D9}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\magicka\magicka.exe | 
"{BFB80C5A-D0A8-4574-B182-26E714CAA7C7}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C0CC7328-1916-420F-8278-E6DF5D25D353}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{C1E5E485-19C2-4C42-9E09-2AD4CD7FE09D}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{C239EB38-50C3-4576-B9E0-F399F20EF0C4}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | 
"{C3E8CE92-12F9-431E-B7D4-B6C4984A63BD}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{C4EF5FE0-55C9-4CD7-9E46-259EC18AA9BF}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{C5C937B8-31E0-440D-8228-CE476F360C5B}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{C6BB211A-9804-4AC8-82FD-9668CCB33D6E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{C6FBEE38-AA11-4558-A73D-CF95114F77EF}" = protocol=6 | dir=in | app=%systemroot%\system32\msdtc.exe | 
"{C92B558B-8B2F-4C17-BDD7-F186517AF3A6}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{C9F24F2A-BCC3-494C-AF39-229189B9C3D1}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{CA96019A-02DB-467C-BE40-DC3CDDC769C2}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\magicka\magicka.exe | 
"{CC471A73-984B-4084-A182-1BDDC0E0D8C3}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\lego star wars saga\legostarwarssaga.exe | 
"{CCDB56FD-76C2-4AE2-A97B-05FF08B1D05A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{CD10BC0E-AA51-42E5-8162-DDCC2B2AC8E0}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\just cause 2\justcause2.exe | 
"{CE18DC99-4E21-4B35-A09E-7EC259E9498E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{D3A25794-9358-49E0-9FD7-A5852939E7A3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 test\dota.exe | 
"{D4E4EF52-1EDC-49B3-852D-12A32FA83D5E}" = protocol=6 | dir=out | app=%systemroot%\system32\msdtc.exe | 
"{D7603204-E524-4B0D-8D7C-0FB7A9A683B3}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{D7D7B933-7A8F-44F7-9654-A416FBE23C5C}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{D84FAA49-9AAF-4D4B-9C35-AE94A0823A35}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe | 
"{D94E6445-3645-489C-B147-264ECE2B57F2}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\ava\nwzlauncher.exe | 
"{DB6502D6-C40B-4C62-93A5-E586A9FFE18A}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{DD0E8D23-994F-43B2-B131-372AB11872D1}" = protocol=47 | dir=in | app=system | 
"{DEBD1A83-1031-4237-9430-BC5CF3A705C9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{E0213359-DA03-49FB-8B31-247E7AA941EB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{E1B37F99-4F91-4B86-9959-C177CE9D5231}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | 
"{E5662F5E-1B86-4B73-9516-FCC67A88F36C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{E8CCCDF3-CF60-4F06-9602-4096C529EB88}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{E926BD39-4F8F-4E82-A143-D1DD388904E1}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\alien swarm\srcds.exe | 
"{E929E351-62AB-4E00-B289-3B217354F4D2}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe | 
"{EA48C4D8-11F2-45D7-A3DD-D7910E0A7D47}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{EAC05D36-F0F8-4DE1-B564-E4C84C908D0A}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\breath of death vii\bodviipc.exe | 
"{ED2A330F-9D3D-40BA-A589-7906B2542023}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | 
"{EF3AA870-5D57-4B83-BAA4-79DCB7F3AD0C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | 
"{F01517E2-911A-4146-AC3F-58C4F99EC2C6}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\idsalert.exe | 
"{F22909B0-C8E1-4B39-8169-FC41774F0836}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\ava\nwzlauncher.exe | 
"{F2ECD8E6-729B-43C5-BD7A-974A9F1AFBA4}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\dota 2 beta\dota.exe | 
"{F44B5DEC-7A73-48AC-ADA0-9672A02585FF}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\dystopia\hl2.exe | 
"{F6C379BF-641C-4F42-B916-54CAEBC9E9B7}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{F8859468-543F-41C5-94F3-1EC6C1A13CAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F9CC6A86-F7CB-41EF-A6E4-1DC176C8C7A7}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{FBFFF4C1-68F0-412A-A365-17486B935557}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{FC0B0050-F48F-4955-918E-C641D6CF0D6D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{FC86F2A0-243F-4E2C-90AA-567225B3ACF3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{FCC842AA-FEE1-4100-B621-28B8D83A71C4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{FE7CDE28-DF29-476A-8326-98E4B34698A0}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"TCP Query User{02A2E234-7020-4639-A611-B93D9E0B4A8F}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{03BC65E0-2738-4C71-800C-8D8AE7AC07CF}C:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"TCP Query User{1740FF77-0A06-468E-8472-6FCB2A1BD4A5}C:\program files\steam\steamapps\jalian96\dystopia\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\jalian96\dystopia\hl2.exe | 
"TCP Query User{192F23A2-D57F-4436-8EDE-162FD155C5EB}C:\program files\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe | 
"TCP Query User{20C50F86-CAD3-4A46-A825-6A12976B612D}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{2955384A-4ACF-4B18-AD8D-1FCA80E113DF}D:\steam\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{4CE1D687-A7E0-460F-9610-23A7EFF1EAD9}D:\steam\steam\steamapps\jalian96\age of chivalry\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\age of chivalry\hl2.exe | 
"TCP Query User{6D418D97-4718-412F-9128-E797EF9E1BC9}C:\program files\steam\steamapps\jalian96\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\jalian96\team fortress 2\hl2.exe | 
"TCP Query User{6DCDA29E-1E9A-4AF1-B2C5-B70EA8F3A520}C:\program files\steam\steamapps\jalian96\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\jalian96\counter-strike source\hl2.exe | 
"TCP Query User{9121B673-4B66-4C6C-A26C-E4BC88F3B797}D:\steam\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"TCP Query User{9AEE5D63-A317-4066-A8F4-DA189A2F2600}C:\program files\steam\steamapps\common\alien swarm\swarm.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"TCP Query User{9B3F10BB-D34D-4AB0-8491-0F613A62A501}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{A03A0755-7484-448A-A716-8231C39DA3FE}D:\steam\steam\steamapps\jalian96\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\team fortress 2\hl2.exe | 
"TCP Query User{BC2D2F85-89D9-4948-B082-F6E423AC6FE8}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"TCP Query User{DB8B3B54-3981-476F-A927-B97EB8D0B642}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{DCA3F9DC-38E3-47F1-A436-49A964DDCCB5}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E57770B3-BD6C-45F1-B07E-98C7C022D21D}C:\users\julian\desktop\games\gw2\gw2.exe" = protocol=6 | dir=in | app=c:\users\julian\desktop\games\gw2\gw2.exe | 
"TCP Query User{E88C3458-8D6F-4D4C-A479-71E2C0118C26}D:\steam\steam\steam.exe" = protocol=6 | dir=in | app=d:\steam\steam\steam.exe | 
"TCP Query User{ED74E523-73DB-4B39-A26C-61C4306A3E94}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{0229962F-569B-4058-9D84-80AD769894F6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{0C2FF634-DDBC-4F02-91EB-209ABEBE9157}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{0F355243-3036-4666-BAE5-EA2F621BC54B}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{11FFC39D-6FFC-4B0C-B2D8-410CCF17E29C}D:\steam\steam\steam.exe" = protocol=17 | dir=in | app=d:\steam\steam\steam.exe | 
"UDP Query User{36218854-9797-4B6E-AC06-5D5D78534B73}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{3B16F4D3-E486-4CAD-95F1-4AF4B6A83D0B}D:\steam\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{49D0E5C5-0C63-4CF3-BFF1-12F30E89938A}D:\steam\steam\steamapps\jalian96\age of chivalry\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\age of chivalry\hl2.exe | 
"UDP Query User{4E9878C1-9AA9-466B-A6AB-DB8CAE77C92B}C:\program files\steam\steamapps\common\alien swarm\swarm.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"UDP Query User{4F2405DA-7B6C-4BE2-BC95-885809ED1876}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"UDP Query User{84AC4C3F-1235-45F4-A320-77D88AD56876}C:\program files\steam\steamapps\jalian96\dystopia\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\jalian96\dystopia\hl2.exe | 
"UDP Query User{C74A62AF-E30B-4F6D-A7DD-D242B732996B}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{CC5DB25E-8E38-41AC-9B8A-1E924E5AA749}C:\program files\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe | 
"UDP Query User{DCB39665-7DF6-448F-8DD6-FE7F5220F89F}D:\steam\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"UDP Query User{DFB650C4-9A09-41A3-B6CD-B21162CF7B1A}C:\program files\steam\steamapps\jalian96\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\jalian96\counter-strike source\hl2.exe | 
"UDP Query User{E1921B14-6F2B-4976-AE65-2C3EA7B25619}C:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"UDP Query User{E397AB5A-549D-46E1-824A-D679D849E494}C:\users\julian\desktop\games\gw2\gw2.exe" = protocol=17 | dir=in | app=c:\users\julian\desktop\games\gw2\gw2.exe | 
"UDP Query User{E7E79136-517C-478D-A738-61C1654AE8EA}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{EEDF08ED-7E4E-44FA-B0E5-8D40AF33C6B1}D:\steam\steam\steamapps\jalian96\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\team fortress 2\hl2.exe | 
"UDP Query User{FFE40B75-9A67-41D1-9AB4-48C340F89CF1}C:\program files\steam\steamapps\jalian96\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\jalian96\team fortress 2\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1446A30C-6DAF-461E-96B1-31C554870082}_is1" = Tag - IGF Professional 2008
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3825F8BD-F784-6FBB-A5CD-857559148007}" = AMD Catalyst Install Manager
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F198874-3C7D-5983-02EB-9E234C43F174}" = AMD Steady Video Plug-In 
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F96ACE-9249-D04D-E569-1D611D0982BB}" = ccc-utility
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6EB60F-BC70-101B-CACE-9D7794767A3C}" = AMD Accelerated Video Transcoding
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}" = REALTEK Wireless LAN Driver
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BFEF4962-6E70-D68B-9680-007E83E68291}" = AMD Fuel
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D38F781D-C6D6-3CD4-BEB8-B11D87B53A7F}" = AMD Drag and Drop Transcoding
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.4.8
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F47F1D92-F4DF-4113-80B0-B58F2EB10F28}" = AMD Media Foundation Decoders
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}" = Steganos Safe 2012
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0630-0716-3135-7887" = JDownloader 2
"1ClickDownload" = FTDownloader
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BLACKSHADES" = Black Shades (remove only)
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"IObit Malware Fighter_is1" = IObit Malware Fighter
"IPS Wizard" = IPS Wizard
"Kingsoft Office" = Kingsoft Office 2012 (8.1.0.3375)
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX_{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"MAGIX_{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Origin" = Origin
"Postal 2 Demo" = Postal 2 Demo
"PunkBusterSvc" = PunkBuster Services
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung ML-2160 Series" = Samsung ML-2160 Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"Screen Ruler 2D_is1" = Screen Ruler 2D 1.12.5.29
"ScummVM_is1" = ScummVM 1.5.0
"SkypePlayer" = Skype Audio Player (remove only)
"Smart Defrag 2_is1" = Smart Defrag 2
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 24980" = Mass Effect 2
"Steam App 55230" = Saints Row: The Third
"Steam App 620" = Portal 2
"Steam App 8190" = Just Cause 2
"Synthesia" = Synthesia (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmUnitedForever_is1" = TmUnitedForever
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UltraStar" = UltraStar 0.8.4
"Uplay" = Uplay
"Vindictus EU" = Vindictus EU
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"VTFEdit_is1" = VTFEdit 1.2.5
"Window Ruler 1.x_is1" = Window Ruler 1.x
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-618426037-2681808743-1371803286-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yume Nikki 0.10 English" = Yume Nikki 0.10 English
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.11.2012 16:41:56 | Computer Name = Julian-PC | Source = VSS | ID = 13
Description = 
 
Error - 28.11.2012 16:41:56 | Computer Name = Julian-PC | Source = VSS | ID = 12292
Description = 
 
Error - 28.11.2012 16:41:56 | Computer Name = Julian-PC | Source = VSS | ID = 8193
Description = 
 
Error - 28.11.2012 16:41:56 | Computer Name = Julian-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 28.11.2012 16:41:57 | Computer Name = Julian-PC | Source = VSS | ID = 13
Description = 
 
Error - 28.11.2012 16:41:57 | Computer Name = Julian-PC | Source = VSS | ID = 12292
Description = 
 
Error - 28.11.2012 16:41:57 | Computer Name = Julian-PC | Source = VSS | ID = 8193
Description = 
 
Error - 28.11.2012 16:41:57 | Computer Name = Julian-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 28.11.2012 16:42:08 | Computer Name = Julian-PC | Source = VSS | ID = 13
Description = 
 
Error - 28.11.2012 16:42:08 | Computer Name = Julian-PC | Source = VSS | ID = 12292
Description = 
 
[ System Events ]
Error - 05.05.2013 03:07:58 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 05.05.2013 03:08:35 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 05.05.2013 03:10:06 | Computer Name = Julian-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 05.05.2013 03:10:06 | Computer Name = Julian-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 06.05.2013 09:53:35 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 06.05.2013 09:53:55 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 06.05.2013 09:55:20 | Computer Name = Julian-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 06.05.2013 09:55:20 | Computer Name = Julian-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 06.05.2013 12:39:09 | Computer Name = Julian-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 06.05.2013 12:39:09 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >

cosinus · 06.05.2013, 21:19

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Jalian · 07.05.2013, 14:07

Also ich hab die Maus nicht bewegt, habe Antivira livescan ausgeschaltet, aber nachdem ich Combofix gestartet hatte war Antivira livescan wieder an und er hat darum gebeten es zu schliessen,was ich dann ja gemacht habe.

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-05-07.02 - Julian 07.05.2013  14:41:34.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3326.2079 [GMT 2:00]
ausgeführt von:: c:\users\Julian\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\users\Julian\AppData\Roaming\Love
c:\users\Julian\AppData\Roaming\Love\mari0\options.txt
c:\users\Julian\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Julian\AppData\Roaming\Microsoft\bass.dll
c:\users\Julian\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Julian\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Julian\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Julian\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Julian\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\IsUn0407.exe
c:\windows\system32\frapsvid.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-07 bis 2013-05-07  ))))))))))))))))))))))))))))))
.
.
2013-05-07 12:50 . 2013-05-07 12:53	--------	d-----w-	c:\users\Julian\AppData\Local\temp
2013-05-07 12:35 . 2013-05-07 12:35	66656	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-06 14:41 . 2013-05-06 14:41	--------	d-----w-	c:\users\Julian\AppData\Roaming\Malwarebytes
2013-05-06 14:40 . 2013-05-06 14:40	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-06 14:40 . 2013-05-06 14:41	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-05-06 14:40 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-05 12:36 . 2013-05-05 12:36	--------	d-----w-	c:\program files\FTDownloader.com
2013-05-04 06:39 . 2013-05-04 06:39	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-05-04 06:37 . 2013-05-04 06:37	69632	----a-w-	c:\windows\system32\smss.exe
2013-05-04 06:37 . 2013-05-04 06:37	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-04 06:37 . 2013-05-04 06:37	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-04 06:37 . 2013-05-04 06:37	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-05-04 06:37 . 2013-05-04 06:37	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-05-04 06:28 . 2013-05-04 06:28	--------	d-----w-	c:\program files\Enigma Software Group
2013-05-04 06:27 . 2013-05-04 13:13	--------	d-----w-	c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-04-30 18:18 . 2013-04-30 18:18	--------	d-----w-	c:\windows\system32\Extensions
2013-04-30 18:18 . 2013-04-30 18:18	--------	d-----w-	c:\windows\system32\searchplugins
2013-04-25 15:35 . 2013-04-25 15:35	--------	d-----w-	c:\programdata\BrowserProtect
2013-04-25 15:35 . 2013-04-25 15:36	--------	d-----w-	c:\users\Julian\AppData\Roaming\BabSolution
2013-04-25 15:35 . 2013-04-25 15:35	--------	d-----w-	c:\users\Julian\AppData\Local\PutLockerDownloader
2013-04-25 15:35 . 2013-04-25 15:35	--------	d-----w-	c:\program files\Gophoto.it
2013-04-21 16:29 . 2013-04-21 16:29	--------	d-----w-	c:\program files\Common Files\Skype
2013-04-13 13:15 . 2013-04-13 13:15	--------	d-----w-	c:\program files\Kalua Cocktails (Demoversion)
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-20 19:23 . 2011-08-31 12:09	137992	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2013-04-20 19:23 . 2011-08-31 12:20	291088	----a-w-	c:\windows\system32\PnkBstrB.xtr
2013-04-20 19:23 . 2011-08-31 12:09	291088	----a-w-	c:\windows\system32\PnkBstrB.exe
2013-04-20 19:20 . 2011-08-31 12:09	291088	----a-w-	c:\windows\system32\PnkBstrB.ex0
2013-04-01 08:11 . 2013-04-01 08:11	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-01 08:11 . 2013-04-01 08:11	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-01 08:10 . 2013-04-01 08:10	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-04-01 08:06 . 2013-04-01 08:06	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-04-01 08:06 . 2013-04-01 08:06	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-03-30 01:12 . 2012-10-18 15:21	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-30 01:12 . 2012-10-18 15:21	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-30 01:12 . 2012-10-18 15:21	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-12 19:20 . 2012-04-03 08:26	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-12 19:20 . 2011-06-26 14:01	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-09 17:05 . 2013-03-09 17:05	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-03-09 17:02 . 2013-03-09 17:02	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	293376	----a-w-	c:\windows\system32\KernelBase.dll
2013-03-09 17:02 . 2013-03-09 17:02	271360	----a-w-	c:\windows\system32\conhost.exe
2013-03-09 17:00 . 2013-03-09 17:00	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-03-09 17:00 . 2013-03-09 17:00	626688	----a-w-	c:\windows\system32\usp10.dll
2013-03-09 17:00 . 2013-03-09 17:00	55296	----a-w-	c:\windows\system32\cero.rs
2013-03-09 17:00 . 2013-03-09 17:00	51712	----a-w-	c:\windows\system32\esrb.rs
2013-03-09 17:00 . 2013-03-09 17:00	46592	----a-w-	c:\windows\system32\fpb.rs
2013-03-09 17:00 . 2013-03-09 17:00	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2013-03-09 17:00 . 2013-03-09 17:00	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2013-03-09 17:00 . 2013-03-09 17:00	43520	----a-w-	c:\windows\system32\csrr.rs
2013-03-09 17:00 . 2013-03-09 17:00	40960	----a-w-	c:\windows\system32\cob-au.rs
2013-03-09 17:00 . 2013-03-09 17:00	308736	----a-w-	c:\windows\system32\Wpc.dll
2013-03-09 17:00 . 2013-03-09 17:00	30720	----a-w-	c:\windows\system32\usk.rs
2013-03-09 17:00 . 2013-03-09 17:00	2576384	----a-w-	c:\windows\system32\gameux.dll
2013-03-09 17:00 . 2013-03-09 17:00	23552	----a-w-	c:\windows\system32\oflc.rs
2013-03-09 17:00 . 2013-03-09 17:00	21504	----a-w-	c:\windows\system32\grb.rs
2013-03-09 17:00 . 2013-03-09 17:00	20480	----a-w-	c:\windows\system32\pegi.rs
2013-03-09 17:00 . 2013-03-09 17:00	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2013-03-09 17:00 . 2013-03-09 17:00	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2013-03-09 17:00 . 2013-03-09 17:00	15360	----a-w-	c:\windows\system32\djctq.rs
2013-03-09 16:56 . 2013-03-09 16:56	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-03-09 16:55 . 2013-03-09 16:55	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-02-19 03:58 . 2013-03-16 03:14	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F72C9B41-A252-4F27-AAAA-813EA5FC84A3}\mpengine.dll
2013-02-11 12:48 . 2013-02-11 12:48	1389568	----a-w-	c:\windows\system32\msxml6.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe" [2013-04-10 547648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2009-05-07 1904640]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"SAFE2012 HotKeys"="c:\program files\Steganos Safe 2012\SteganosHotKeyService.exe" [2012-11-19 84480]
"SAFE2012 File Redirection Starter"="c:\program files\Steganos Safe 2012\fredirstarter.exe" [2012-11-19 17408]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288]
.
c:\users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~4\BROWSE~1\261249~1.132\{C16C1~1\BrowserProtect.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EADM"="c:\program files\Origin\Origin.exe" -AutoStart
"KPeerNexonEU"=c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Google Update"="c:\users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"Comrade.exe"=c:\program files\GameSpy\Comrade\Comrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 EagleXNt;EagleXNt; [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys [x]
R3 XDva397;XDva397; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SLEE_18_DRIVER;Steganos Live Encryption Engine 18 [Driver];c:\windows\system32\drivers\Sleen18.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:20]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-618426037-2681808743-1371803286-1000Core.job
- c:\users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-29 15:13]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-618426037-2681808743-1371803286-1000UA.job
- c:\users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-29 15:13]
.
2013-05-06 c:\windows\Tasks\WpsUpdateTask_Julian.job
- c:\program files\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2012-09-17 16:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Free YouTube Download - c:\users\Julian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: samsungsetup.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-618426037-2681808743-1371803286-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9b,6a,6b,96,79,7f,b4,1a,df,e1,7b,d3,b4,18,b5,ff,7a,21,43,13,d3,56,52,
   ff,7a,45,9a,c1,e6,ca,a0,47,19,00,40,0b,3b,c7,2a,da,97,1c,3f,57,60,62,4c,ab,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-618426037-2681808743-1371803286-1000\Software\SecuROM\License information*]
"datasecu"=hex:3d,ea,ca,7a,d5,42,78,ad,5e,01,33,58,48,f4,0c,65,34,42,3f,fc,bb,
   97,7c,85,ea,74,18,cd,c6,ba,ea,ce,9c,4f,ce,9a,45,cc,26,53,21,39,62,71,22,c2,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\avmwlanstick\WlanNetService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDPop3.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exeComboFix 13-05-07.02 - Julian 07.05.2013  14:41:34.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3326.2079 [GMT 2:00]
ausgeführt von:: c:\users\Julian\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\users\Julian\AppData\Roaming\Love
c:\users\Julian\AppData\Roaming\Love\mari0\options.txt
c:\users\Julian\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Julian\AppData\Roaming\Microsoft\bass.dll
c:\users\Julian\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Julian\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Julian\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Julian\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Julian\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\IsUn0407.exe
c:\windows\system32\frapsvid.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-07 bis 2013-05-07  ))))))))))))))))))))))))))))))
.
.
2013-05-07 12:50 . 2013-05-07 12:53	--------	d-----w-	c:\users\Julian\AppData\Local\temp
2013-05-07 12:35 . 2013-05-07 12:35	66656	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-06 14:41 . 2013-05-06 14:41	--------	d-----w-	c:\users\Julian\AppData\Roaming\Malwarebytes
2013-05-06 14:40 . 2013-05-06 14:40	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-06 14:40 . 2013-05-06 14:41	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-05-06 14:40 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-05 12:36 . 2013-05-05 12:36	--------	d-----w-	c:\program files\FTDownloader.com
2013-05-04 06:39 . 2013-05-04 06:39	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-05-04 06:37 . 2013-05-04 06:37	69632	----a-w-	c:\windows\system32\smss.exe
2013-05-04 06:37 . 2013-05-04 06:37	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-04 06:37 . 2013-05-04 06:37	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-04 06:37 . 2013-05-04 06:37	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-05-04 06:37 . 2013-05-04 06:37	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-05-04 06:28 . 2013-05-04 06:28	--------	d-----w-	c:\program files\Enigma Software Group
2013-05-04 06:27 . 2013-05-04 13:13	--------	d-----w-	c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-04-30 18:18 . 2013-04-30 18:18	--------	d-----w-	c:\windows\system32\Extensions
2013-04-30 18:18 . 2013-04-30 18:18	--------	d-----w-	c:\windows\system32\searchplugins
2013-04-25 15:35 . 2013-04-25 15:35	--------	d-----w-	c:\programdata\BrowserProtect
2013-04-25 15:35 . 2013-04-25 15:36	--------	d-----w-	c:\users\Julian\AppData\Roaming\BabSolution
2013-04-25 15:35 . 2013-04-25 15:35	--------	d-----w-	c:\users\Julian\AppData\Local\PutLockerDownloader
2013-04-25 15:35 . 2013-04-25 15:35	--------	d-----w-	c:\program files\Gophoto.it
2013-04-21 16:29 . 2013-04-21 16:29	--------	d-----w-	c:\program files\Common Files\Skype
2013-04-13 13:15 . 2013-04-13 13:15	--------	d-----w-	c:\program files\Kalua Cocktails (Demoversion)
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-20 19:23 . 2011-08-31 12:09	137992	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2013-04-20 19:23 . 2011-08-31 12:20	291088	----a-w-	c:\windows\system32\PnkBstrB.xtr
2013-04-20 19:23 . 2011-08-31 12:09	291088	----a-w-	c:\windows\system32\PnkBstrB.exe
2013-04-20 19:20 . 2011-08-31 12:09	291088	----a-w-	c:\windows\system32\PnkBstrB.ex0
2013-04-01 08:11 . 2013-04-01 08:11	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-01 08:11 . 2013-04-01 08:11	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-01 08:10 . 2013-04-01 08:10	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-04-01 08:06 . 2013-04-01 08:06	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-04-01 08:06 . 2013-04-01 08:06	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-03-30 01:12 . 2012-10-18 15:21	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-30 01:12 . 2012-10-18 15:21	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-30 01:12 . 2012-10-18 15:21	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-12 19:20 . 2012-04-03 08:26	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-12 19:20 . 2011-06-26 14:01	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-09 17:05 . 2013-03-09 17:05	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-03-09 17:02 . 2013-03-09 17:02	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-03-09 17:02 . 2013-03-09 17:02	293376	----a-w-	c:\windows\system32\KernelBase.dll
2013-03-09 17:02 . 2013-03-09 17:02	271360	----a-w-	c:\windows\system32\conhost.exe
2013-03-09 17:00 . 2013-03-09 17:00	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-03-09 17:00 . 2013-03-09 17:00	626688	----a-w-	c:\windows\system32\usp10.dll
2013-03-09 17:00 . 2013-03-09 17:00	55296	----a-w-	c:\windows\system32\cero.rs
2013-03-09 17:00 . 2013-03-09 17:00	51712	----a-w-	c:\windows\system32\esrb.rs
2013-03-09 17:00 . 2013-03-09 17:00	46592	----a-w-	c:\windows\system32\fpb.rs
2013-03-09 17:00 . 2013-03-09 17:00	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2013-03-09 17:00 . 2013-03-09 17:00	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2013-03-09 17:00 . 2013-03-09 17:00	43520	----a-w-	c:\windows\system32\csrr.rs
2013-03-09 17:00 . 2013-03-09 17:00	40960	----a-w-	c:\windows\system32\cob-au.rs
2013-03-09 17:00 . 2013-03-09 17:00	308736	----a-w-	c:\windows\system32\Wpc.dll
2013-03-09 17:00 . 2013-03-09 17:00	30720	----a-w-	c:\windows\system32\usk.rs
2013-03-09 17:00 . 2013-03-09 17:00	2576384	----a-w-	c:\windows\system32\gameux.dll
2013-03-09 17:00 . 2013-03-09 17:00	23552	----a-w-	c:\windows\system32\oflc.rs
2013-03-09 17:00 . 2013-03-09 17:00	21504	----a-w-	c:\windows\system32\grb.rs
2013-03-09 17:00 . 2013-03-09 17:00	20480	----a-w-	c:\windows\system32\pegi.rs
2013-03-09 17:00 . 2013-03-09 17:00	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2013-03-09 17:00 . 2013-03-09 17:00	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2013-03-09 17:00 . 2013-03-09 17:00	15360	----a-w-	c:\windows\system32\djctq.rs
2013-03-09 16:56 . 2013-03-09 16:56	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-03-09 16:55 . 2013-03-09 16:55	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-02-19 03:58 . 2013-03-16 03:14	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F72C9B41-A252-4F27-AAAA-813EA5FC84A3}\mpengine.dll
2013-02-11 12:48 . 2013-02-11 12:48	1389568	----a-w-	c:\windows\system32\msxml6.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe" [2013-04-10 547648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2009-05-07 1904640]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"SAFE2012 HotKeys"="c:\program files\Steganos Safe 2012\SteganosHotKeyService.exe" [2012-11-19 84480]
"SAFE2012 File Redirection Starter"="c:\program files\Steganos Safe 2012\fredirstarter.exe" [2012-11-19 17408]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288]
.
c:\users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~4\BROWSE~1\261249~1.132\{C16C1~1\BrowserProtect.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EADM"="c:\program files\Origin\Origin.exe" -AutoStart
"KPeerNexonEU"=c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Google Update"="c:\users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"Comrade.exe"=c:\program files\GameSpy\Comrade\Comrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 EagleXNt;EagleXNt; [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys [x]
R3 XDva397;XDva397; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SLEE_18_DRIVER;Steganos Live Encryption Engine 18 [Driver];c:\windows\system32\drivers\Sleen18.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:20]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-618426037-2681808743-1371803286-1000Core.job
- c:\users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-29 15:13]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-618426037-2681808743-1371803286-1000UA.job
- c:\users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-29 15:13]
.
2013-05-06 c:\windows\Tasks\WpsUpdateTask_Julian.job
- c:\program files\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2012-09-17 16:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Free YouTube Download - c:\users\Julian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: samsungsetup.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-618426037-2681808743-1371803286-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9b,6a,6b,96,79,7f,b4,1a,df,e1,7b,d3,b4,18,b5,ff,7a,21,43,13,d3,56,52,
   ff,7a,45,9a,c1,e6,ca,a0,47,19,00,40,0b,3b,c7,2a,da,97,1c,3f,57,60,62,4c,ab,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-618426037-2681808743-1371803286-1000\Software\SecuROM\License information*]
"datasecu"=hex:3d,ea,ca,7a,d5,42,78,ad,5e,01,33,58,48,f4,0c,65,34,42,3f,fc,bb,
   97,7c,85,ea,74,18,cd,c6,ba,ea,ce,9c,4f,ce,9a,45,cc,26,53,21,39,62,71,22,c2,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\avmwlanstick\WlanNetService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDPop3.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-07  14:56:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-07 12:56
.
Vor Suchlauf: 356471611392 Bytes frei
Nach Suchlauf: 356336652288 Bytes frei
.
- - End Of File - - AC71A0FBCC6BC188B8376ED5F7B987DA

--- --- ---

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-07 14:56:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-05-07 12:56
.
Vor Suchlauf: 356471611392 Bytes frei
Nach Suchlauf: 356336652288 Bytes frei
.
- - End Of File - - AC71A0FBCC6BC188B8376ED5F7B987DA
[/CODE]

cosinus · 07.05.2013, 14:17

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Jalian · 07.05.2013, 14:39

Also das hier ist vom junkware removal tool.
Ich poste alles nacheinander damit ich nicht durcheinander komme.

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Julian on 07.05.2013 at 15:34:28.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] browserprotect 
Successfully deleted: [Service] browserprotect 



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilivid
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\turegopt.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Julian\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\Julian\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Julian\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Julian\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Julian\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Julian\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Julian\appdata\local\linkury"
Successfully deleted: [Folder] "C:\Users\Julian\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Julian\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Julian\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Julian\appdata\locallow\facemoods.com"
Successfully deleted: [Folder] "C:\Users\Julian\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\ilivid"
Successfully deleted: [Folder] "C:\Program Files\yontoo"
Successfully deleted: [Folder] "C:\Users\Julian\AppData\Roaming\microsoft\windows\start menu\programs\BrowserProtect"
Successfully deleted: [Empty Folder] C:\Users\Julian\appdata\local\{24AD43A0-759F-46C4-9392-011D25C027A8}
Successfully deleted: [Empty Folder] C:\Users\Julian\appdata\local\{3E73D442-1239-466E-A0C0-CAE7880B8AB7}
Successfully deleted: [Empty Folder] C:\Users\Julian\appdata\local\{42B8140C-D120-4596-BBFF-5297B18D94EE}
Successfully deleted: [Empty Folder] C:\Users\Julian\appdata\local\{591A596C-9792-4F33-A81E-4D6DC27E6FC7}
Successfully deleted: [Empty Folder] C:\Users\Julian\appdata\local\{80AADA6C-B30F-415D-8D31-55D9D31FA777}
Successfully deleted: [Empty Folder] C:\Users\Julian\appdata\local\{8A718A6C-2F8B-4D40-827A-820D9AA32071}
Successfully deleted: [Empty Folder] C:\Users\Julian\appdata\local\{913B9D49-DE0F-4CEC-BF03-5D53DC8D0651}
Successfully deleted: [Empty Folder] C:\Users\Julian\appdata\local\{97BDCDB8-88C8-4900-BD21-859D7905F10B}
Successfully deleted: [Empty Folder] C:\Users\Julian\appdata\local\{9D67DB29-D2B9-4A13-BC96-8814ABB22E66}
Successfully deleted: [Empty Folder] C:\Users\Julian\appdata\local\{A76CF060-3ADE-4484-81DE-08A1CF467FC2}
Successfully deleted: [Empty Folder] C:\Users\Julian\appdata\local\{ABBAADA7-4CF5-49C3-9B42-51C39C26C4F8}
Successfully deleted: [Empty Folder] C:\Users\Julian\appdata\local\{B21ABF89-F151-4589-B04A-D94F9F4925FB}
Successfully deleted: [Empty Folder] C:\Users\Julian\appdata\local\{B6D02CE4-9692-4806-8476-8BBDC292F060}



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.05.2013 at 15:37:16.81
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Das hier ist vom AdwareCleaner

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 07/05/2013 um 15:41:34 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Julian - JULIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Julian\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\3mx9s3yy.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\3mx9s3yy.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\3mx9s3yy.default\extensions\gophoto@gophoto.it.xpi
Datei Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\3mx9s3yy.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Program Files\1ClickDownload
Ordner Gelöscht : C:\Program Files\ExpressFiles
Ordner Gelöscht : C:\Program Files\Gophoto.it
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delta
Ordner Gelöscht : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh
Ordner Gelöscht : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Ordner Gelöscht : C:\Users\Julian\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\3mx9s3yy.default\ConduitCommon
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\3mx9s3yy.default\extensions\OneClickDownload@OneClickDownload.com
Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\3mx9s3yy.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\a6dd88bc6aea43
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\a6dd88bc6aea43
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www2.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=A03A1C4BD63FE3E2 --> hxxp://www.google.com

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\3mx9s3yy.default\prefs.js

C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\3mx9s3yy.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101299");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "a03a8f620000000000001c4bd63fe3e2");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "a03a8f620000000000001c4bd63fe3e2");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15322");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:20:52");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelat[...]
Gelöscht : user_pref("extentions.y2layers.installId", "575f3972-807e-4592-b968-25bbab6fd86f");
Gelöscht : user_pref("extentions.y2layers.lastDnsTest", 372088);

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [13091 octets] - [07/05/2013 15:41:34]

########## EOF - C:\AdwCleaner[S1].txt - [13152 octets] ##########

Jalian · 07.05.2013, 14:57

So,und jetzt noch die 2 Logs von OTL

Code:

ATTFilter

OTL logfile created on: 07.05.2013 15:48:42 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Julian\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.25 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 53.62% Memory free
6.50 Gb Paging File | 4.59 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 700.20 Gb Total Space | 331.59 Gb Free Space | 47.36% Space Free | Partition Type: NTFS
Drive D: | 695.96 Gb Total Space | 446.60 Gb Free Space | 64.17% Space Free | Partition Type: NTFS
 
Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Julian\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe (IObit)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
PRC - C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe (IObit)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Steganos Safe 2012\SteganosHotKeyService.exe (Steganos Software GmbH)
PRC - C:\Program Files\Steganos Safe 2012\fredirstarter.exe (Steganos Software GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\ce70182f0348fc21a07409afd4a922f5\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\82f376255a9523982c52cf58b13268d3\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\webres.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll ()
MOD - C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll ()
MOD - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdvancedSystemCareService6) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (IMFservice) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva397) --  File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (EagleXNt) --  File not found
DRV - (catchme) -- C:\Users\Julian\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys (OpenLibSys.org)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SLEE_18_DRIVER) -- C:\Windows\System32\drivers\SleeN18.sys (Softwareentwicklung Remus - ArchiCrypt - )
DRV - (UrlFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys (IObit.com)
DRV - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (FileMonitor) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys (IObit)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (Apowersoft_AudioDevice) -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (SmartDefragDriver) -- C:\Windows\System32\drivers\SmartDefragDriver.sys ()
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 2D D1 12 16 5D CC 01  [binary data]
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..\SearchScopes\{CE901047-0715-429F-9716-6DBB6B034A37}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.66.2
FF - prefs.js..extensions.enabledAddons: mp4downloader@jeff.net:1.3.2
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledAddons: ytd@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
FF - prefs.js..browser.startup.homepage: 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0:  File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0:  File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0:  File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Julian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.14 23:24:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.04 17:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.20 17:32:00 | 000,000,000 | ---D | M]
 
[2011.06.26 15:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions
[2013.05.07 15:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\3mx9s3yy.default\extensions
[2012.07.29 17:18:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\3mx9s3yy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.05.03 16:57:12 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\3mx9s3yy.default\extensions\ascsurfingprotection@iobit.com
[2012.06.29 16:58:32 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\3mx9s3yy.default\extensions\battlefieldplay4free@ea.com
[2012.08.18 18:15:56 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.04.11 17:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\extensions\ftdownloader3@ftdownloader.com.xpi
[2012.03.06 15:30:14 | 000,049,306 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\extensions\mp4downloader@jeff.net.xpi
[2012.08.18 18:15:56 | 000,216,359 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi
[2012.08.18 18:15:56 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.08.17 21:44:12 | 000,007,820 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\3mx9s3yy.default\extensions\{d8b271a6-6ed3-427d-b600-1b674e00e6ec}.xpi
File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\PROGRAM FILES\YTD TOOLBAR\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Julian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2013.05.07 14:50:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SAFE2012 File Redirection Starter] C:\Program Files\Steganos Safe 2012\fredirstarter.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SAFE2012 HotKeys] C:\Program Files\Steganos Safe 2012\SteganosHotKeyService.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe (IObit)
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Julian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O15 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-618426037-2681808743-1371803286-1000\..Trusted Domains: vizzed.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA245330-7C5B-4A63-8AD8-FA592A8DE10E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F72AAA8A-1EEF-42F5-A0CB-D6B99E68ADE6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.07 15:30:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.07 15:30:46 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.07 14:50:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.07 14:50:18 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\temp
[2013.05.07 14:38:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.07 14:38:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.07 14:38:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.07 14:38:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.07 14:36:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.07 14:35:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.07 14:35:30 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.07 14:30:49 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\OLT
[2013.05.06 16:41:14 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Malwarebytes
[2013.05.06 16:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.06 16:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.06 16:40:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.06 16:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.05 14:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\FTDownloader.com
[2013.05.04 15:39:09 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\NFS Most Wanted
[2013.05.04 15:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2013.05.04 08:37:47 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.05.04 08:37:47 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.05.04 08:37:47 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.05.04 08:37:16 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.04 08:36:17 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.04 08:36:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.04 08:36:16 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.04 08:36:16 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.04 08:36:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.04 08:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.02 18:25:17 | 000,000,000 | R--D | C] -- C:\Users\Julian\Desktop\Internet Explorer
[2013.04.30 20:18:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.04.30 20:18:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.04.28 11:32:45 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013.04.28 09:15:33 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\dickhead
[2013.04.25 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
[2013.04.21 18:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.21 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.04.13 15:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Kalua Cocktails (Demoversion)
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.07 15:52:10 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 15:52:10 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 15:44:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.07 15:27:01 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Julian.job
[2013.05.07 15:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.07 15:15:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-618426037-2681808743-1371803286-1000UA.job
[2013.05.07 14:50:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.07 14:35:13 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.06 16:40:53 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.06 16:15:05 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-618426037-2681808743-1371803286-1000Core.job
[2013.05.05 19:17:56 | 000,015,445 | ---- | M] () -- C:\Users\Julian\Desktop\Infoblatt V2.1.odt
[2013.05.05 16:02:21 | 000,004,304 | ---- | M] () -- C:\Users\Julian\Desktop\Neues RTF-Dokument (2).rtf
[2013.05.05 14:36:12 | 000,000,824 | ---- | M] () -- C:\Users\Julian\Desktop\FTDownloader.lnk
[2013.05.04 15:26:13 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
[2013.05.04 15:09:12 | 000,370,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.04 08:37:47 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.05.04 08:37:47 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.05.04 08:37:47 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.05.04 08:37:16 | 002,347,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.04 08:36:17 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.04 08:36:17 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.04 08:36:16 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.04 08:36:16 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.04 08:36:16 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.03 20:26:16 | 000,298,521 | ---- | M] () -- C:\Users\Julian\Desktop\saar_wapp_pub_4c.jpg
[2013.05.03 16:57:04 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013.05.03 16:57:04 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013.04.28 11:32:45 | 000,001,131 | ---- | M] () -- C:\Users\Julian\Desktop\Uplay.lnk
[2013.04.28 09:15:12 | 000,707,088 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.28 09:15:12 | 000,660,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.28 09:15:12 | 000,152,680 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.28 09:15:12 | 000,124,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.20 21:23:13 | 000,137,992 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.04.20 21:23:04 | 000,291,088 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.04.20 21:20:53 | 000,291,088 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.07 14:38:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.07 14:38:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.07 14:38:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.07 14:38:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.07 14:38:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.06 16:40:53 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.05 19:18:14 | 000,015,445 | ---- | C] () -- C:\Users\Julian\Desktop\Infoblatt V2.1.odt
[2013.05.05 14:36:12 | 000,000,824 | ---- | C] () -- C:\Users\Julian\Desktop\FTDownloader.lnk
[2013.05.04 15:26:13 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
[2013.05.03 20:26:16 | 000,298,521 | ---- | C] () -- C:\Users\Julian\Desktop\saar_wapp_pub_4c.jpg
[2013.04.28 11:32:45 | 000,001,131 | ---- | C] () -- C:\Users\Julian\Desktop\Uplay.lnk
[2013.02.11 14:42:07 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012.12.20 20:28:37 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012.12.19 16:45:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.12.05 21:00:56 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\WebCamLib.dll
[2012.11.29 17:40:02 | 000,662,786 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.11.06 13:53:34 | 000,205,312 | ---- | C] () -- C:\Windows\System32\SBuySupplies.exe
[2012.09.28 14:08:34 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.09.19 21:09:40 | 000,076,660 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
[2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.03.19 20:18:20 | 000,000,094 | ---- | C] () -- C:\Users\Julian\AppData\Local\fusioncache.dat
[2012.02.15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.02.15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.01.28 17:09:27 | 000,000,045 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\TheHunterSettings_live.cfg
[2011.12.28 00:52:05 | 000,000,001 | ---- | C] () -- C:\Windows\System32\sav85014.sys
[2011.12.18 17:52:50 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.12.07 15:59:19 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.12.07 15:59:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.11.20 01:02:15 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.10.09 13:27:00 | 000,007,605 | ---- | C] () -- C:\Users\Julian\AppData\Local\Resmon.ResmonCfg
[2011.08.31 14:09:56 | 000,138,056 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\PnkBstrK.sys
[2011.08.31 14:09:56 | 000,137,992 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.08.31 14:09:27 | 000,291,088 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.08.31 14:09:24 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.08.30 16:27:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.30 16:23:57 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.08.30 16:21:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.08.16 18:10:23 | 000,001,488 | ---- | C] () -- C:\Users\Julian\.recently-used.xbel
[2011.06.26 15:44:11 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2011.11.25 19:27:07 | 000,000,650 | ---- | M] ()(C:\Users\Julian\AppData\Local\PMB Fik?s) -- C:\Users\Julian\AppData\Local\PMB Fik聥s
[2011.11.25 19:27:07 | 000,000,650 | ---- | C] ()(C:\Users\Julian\AppData\Local\PMB Fik?s) -- C:\Users\Julian\AppData\Local\PMB Fik聥s

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 07.05.2013 15:48:42 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Julian\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.25 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 53.62% Memory free
6.50 Gb Paging File | 4.59 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 700.20 Gb Total Space | 331.59 Gb Free Space | 47.36% Space Free | Partition Type: NTFS
Drive D: | 695.96 Gb Total Space | 446.60 Gb Free Space | 64.17% Space Free | Partition Type: NTFS
 
Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006442EE-B611-4CF6-ABA0-9E2930CECC42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{00C5F3A9-4035-45EE-AEEF-86E5D271CAB1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{056D809E-EF0A-4136-B9D6-66E496B466CB}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{095741D1-5334-46E5-89A4-3B6021A01D08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1229EB90-28DF-4DA3-A167-8AC91BB652BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{128F43A7-19F7-459E-B0BA-390E5C2827C9}" = lport=443 | protocol=6 | dir=in | app=system | 
"{13B56AF0-ED3D-4977-B3F1-A1A2B48BC78A}" = lport=5985 | protocol=6 | dir=in | app=system | 
"{17F6DB06-57F6-4D69-9E78-1B045DA66FD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{22012E1F-B29B-43FB-A832-02985E05114E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{2AA78CE0-9891-463A-A6F6-75F3A8750EC8}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{2CF14630-146D-4ED5-8A20-00EDE27AE496}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{2E2EC65D-4562-4B75-85B6-44513E33204E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2EE43205-61A8-4210-A8B8-BEC968FBE018}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{2FA87104-2382-4929-A6A9-91E80AFFCD86}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe | 
"{2FF6B415-4D53-477F-AFB8-56E6D9BF3E86}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{311747ED-E1FD-46F4-B089-72E84531E1F6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{31B57D60-A8F7-40ED-922B-0090E5BB6599}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\vdsldr.exe | 
"{353D3D08-7ECD-4304-B528-4CB117188DC7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{36332821-C278-4F5F-A80E-21D0A9F97BB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3DAE6BE2-9CC3-4B75-87F6-60B6FAA7BE53}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{49696F26-B59F-4E8C-BC5C-35D0B84196AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4B553AC0-91C7-4027-B6DD-512E89D1780B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4DB65F63-6A68-47F6-8721-10098068F531}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{50CEF1F5-B886-4503-A696-BA98C290A575}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5627278A-BBFD-43EA-AE7E-D85FBD125F95}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{58A7AB88-D714-4680-8DC3-8D3CE891F35D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5B449088-41D6-42EE-AD8B-3CD909B92096}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{603B7DC4-6348-469C-9B0D-36D8CDD2FDFA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{60DE1C49-6ABB-4127-AF18-DDF744198E7B}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{64C18A74-080F-450E-B3AE-EE1F621C0C27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{6AD0E858-CE4F-4FBB-9120-00FCD94C6042}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{71119965-665A-439D-ABD0-FE6FF0C3AE0D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{7121C5D7-DC9F-4AA7-A87D-229CBFDC5DB8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7348218D-A88A-4920-8DAC-81EE14A0D332}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=%systemroot%\system32\snmptrap.exe | 
"{7F9A2DCA-AFF4-415B-8B6C-02B95F3638A8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{8A415FA4-5626-497E-A2B8-F12589E3160C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8DD94C23-6219-4F81-ACDA-354204D2177A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8E777F33-F465-4EA4-9BEB-689C312AE822}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9359E3ED-5E50-4631-BD49-682EB719A638}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe | 
"{941DEC18-F7D2-4C3F-A92E-2938041A5AB8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{98A49159-50C5-495C-8D2B-9523AA222A10}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{995045EF-9E82-4EFA-B84F-557FDE7B8E23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9DEC3D21-4D22-4993-993F-FDA5EC1B5300}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A090C1E5-15ED-4ADF-BBBE-DC5496F71D72}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{A0BC06A1-986A-44ED-BB77-A3E5CF9ABF92}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{A15D40AD-7431-46CE-A869-DACF55D52B1D}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=%systemroot%\system32\svchost.exe | 
"{A42C92BF-4CF1-4C0B-AA79-DA3F70F1FC2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{A5B81875-F694-4354-A059-816B6CDA1602}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A8092FB4-0237-4683-AA17-29B44DA4D2F0}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe | 
"{AE58A0CD-5C0B-42AF-86F3-1B1CA26A87EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AEEB6A40-ADA0-4485-8CE8-F06072C99D8D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{B5556AA5-A444-4111-91CC-718E012B884F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B7C9D0CC-5B10-46A2-9063-C181A8F82522}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe | 
"{BBCB01A3-2D0E-450E-84EA-DBED857CAEB4}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BFBB00C9-FC8B-40E4-84DE-C81626B2A1D1}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{C129872B-ADB6-48B4-A148-16A24E81C0EA}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{C2F88D29-FC81-4D3B-A359-D51733D526B4}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{C6F76582-0326-4049-AFDB-A5014F112EAB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CDF9E84B-2503-4230-90FB-0C8F9ECED3A4}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{CF76D535-A9CA-4D5E-BC17-EF8D7986FD7B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{D09462B8-C429-452C-8D82-DF3193E2C1C9}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{D34B4116-FAA5-4AA9-8231-94CDA7D636BD}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{DCE73D58-7764-4E43-9A21-F80412C82CA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DD903C11-44BE-44EC-A066-E6B4B14D446B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{E049DB36-4DBA-42AC-8456-D0FF97D29100}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E09DE8E8-8C0C-4B59-B8D9-2160CF3F4062}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E0BDE09F-2213-41EF-AC0C-1D6BA9C4DF7F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E48B1825-31F0-4F0A-892C-96E37B5351EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E962C9DF-1687-4E22-BB7A-280323D67318}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EBCAF1ED-F562-4F97-B8B6-93B581E424FF}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{F1EE3A79-4A6A-4280-9C45-C7E0083E7BDF}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{F5FC4D6E-0A1B-4535-981D-8EA17137F8AE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F6841C88-D15E-41CF-ABDC-35DEA69C2F5A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F72C4397-C92A-4953-A14A-0ED9B2048D74}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FA05501B-18A2-47E5-8ABC-25AF66DEDE53}" = lport=10245 | protocol=6 | dir=in | app=system | 
"{FA49DDF7-F8BE-4144-9664-5517C9CFAFE8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB066A9E-D614-4B93-9D2E-426DC989C1B2}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{FB8222DC-E6DF-426A-86B7-AD74783D1D73}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{FC6658AD-8716-41D8-BA34-9EAA4F60DEFE}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=%systemroot%\system32\vds.exe | 
"{FDE14132-3BF2-4B86-B48E-7FEB333B36AB}" = lport=80 | protocol=6 | dir=in | app=system | 
"{FE0D66B8-9BC3-4212-8A49-360D004B6EBD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C47AC9-073B-43F3-8423-D35ACD25D42D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{07E27F0F-8F1E-4FAE-8076-06E97752E16A}" = protocol=58 | dir=in | app=system | 
"{09981AA4-2029-4804-BAC7-F4A5A91F799B}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\prototype\prototypef.exe | 
"{0B5133CC-BC64-49E5-AAF8-282595D0E3FA}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe | 
"{0DB0C42A-8C30-4913-9A03-9722A9D7E6D7}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\team fortress 2\hl2.exe | 
"{0EB79B32-A809-4B59-8832-40CD26E4DD63}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\prototype\prototypef.exe | 
"{0F9153FF-D181-4505-939D-D94BA1C15E29}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1498060E-38D4-4AC7-A2A5-C6EAAEF1B5B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14F0B733-58EB-4BBB-95D5-835929E6E1A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1804CFA2-F121-4FBC-912F-57433597C473}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\alien swarm\srcds.exe | 
"{19DDD7EC-1A1C-44F4-8025-3738AF69D183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BAF4050-3987-4132-A325-78B2F97D2956}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\crimecraft\steamlauncher.exe | 
"{1BCE6B93-D94D-4ED2-8C7E-07E40F30414B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lego star wars saga\legostarwarssaga.exe | 
"{1C99A3C6-3638-4C23-8993-B057BD3784F4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{1EEDB6B8-9866-4776-9D10-04B655A968C3}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{1F56DC9A-141A-46D2-9531-E257069122B5}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{20E87731-8EA9-438B-A7A2-F3248C5AA348}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{244B2B2F-3A6F-45A4-BA12-8C441934FB93}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{24ABF9C5-20CB-4D97-83F3-6EFFEDD4B901}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{253407C6-5DCE-45E0-8C98-BE0B3F66CFEB}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\age of chivalry\hl2.exe | 
"{2584D129-F211-447A-8A4F-777C140C17A9}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{282B0CFF-32ED-48BA-BD7B-1416596A53D9}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\dota 2 beta\dota.exe | 
"{291D8AD2-E591-4085-A4B4-CB8BE1EA61DB}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{29FF3300-51D2-4BB9-96B8-9712A32A62D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B4AA93B-0D6A-448E-8AE2-679A7467EEA2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{2BB4115C-A623-4618-B58A-FDCD3A696BDA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | 
"{2C820E2C-D768-4C50-BC36-87F7CFC80E0F}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{2CA735B1-44DC-4EAB-A1B1-79FCCB87DB79}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{2D4D87BE-E902-4EE7-AD13-7CB4CFDAF7C7}" = protocol=6 | dir=in | app=%systemroot%\system32\plasrv.exe | 
"{2E4B46CC-E99D-40FA-91EF-91FE07689955}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{3091DF55-8E08-488F-9F0E-D33611FBDF90}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{33B60969-F604-41A5-98AF-B38C4CE04CFF}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{34241774-0704-47D0-B1B8-9A33C6F80A36}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | 
"{35003EC7-A7A1-4B7A-AE76-F65D689D9BCD}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\zombie panic! source dedicated server\srcds.exe | 
"{364FDB47-D3A2-467E-93B3-235E215FE4C9}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe | 
"{36ECBBC0-4A65-4319-B7D7-5433E4CA9D4D}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{379716D9-30B2-41E0-B615-965489A41F44}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{37F58350-3242-402F-98D6-DF23298AF2E5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{380CB8C1-B943-42B8-A08F-06AD74ED351D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{38A520BC-5816-4188-8165-FECFD3CC9B12}" = protocol=6 | dir=in | app=d:\steam\steam\steam.exe | 
"{39D0A779-354B-4AEA-A00F-15F56680EC8D}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\alien swarm\swarm.exe | 
"{3A78AB00-0CF5-4732-AE82-42AF25376336}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{3B366296-4848-46B4-8F71-3072DE2A9E77}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{3BB7978C-1EDC-4A7E-A24C-23C8EAFCF22C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C55060A-4931-40F5-957B-964E4B70EB14}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terraria.exe | 
"{3D7A6B70-6220-4779-A892-DCBFB7B730BF}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\garrysmod\hl2.exe | 
"{3DD29287-AE41-4DAD-A34A-3DF23B33F4CF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\jalian96\zombie panic! source dedicated server\srcds.exe | 
"{425ACABF-86E6-41F4-9234-90ECB0A8CDA7}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{42F9E564-E6BE-448C-9BCD-358CFF3772B8}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\prototype\prototypef.exe | 
"{44C9604E-7BB7-4C63-AF19-EC97D09A2EDE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{47B2DF44-D5D2-4652-B1B7-1E08C283D966}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{481C960B-36FC-4506-86B1-ECED97AEF1E5}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{48D21428-E1AC-447E-B5B0-04EA649886C4}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{49A62B44-EA8D-49D5-858D-B82D3DDD252F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{49EC29B2-3C47-4161-AF3C-279483218534}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\alien swarm\swarm.exe | 
"{49FE0567-12C7-41F6-AB57-E81F54366CC1}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\zombie panic! source dedicated server\srcds.exe | 
"{4A1FDC6B-4D7D-4C9D-81B3-93A58FEE6C43}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\cthulhu saves the world\cstw.exe | 
"{4C22E1C7-45EB-4804-A2B5-DFBDCC4B986E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{4C5BEBA1-D682-4C23-8081-4580D0E3A45B}" = dir=in | app=c:\program files\apowersoft\screen recording suite\screen-recording-suite.exe | 
"{4CF336EB-EDE4-4FA8-A458-37BA60506B67}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\idsalert.exe | 
"{4D28ED64-81DB-48F9-8F88-14EDE71F94C8}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{4D7FC216-989A-4293-958A-9FA26DCE71A7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{4DAB8CAA-A5CE-462C-89EA-6E0D42016082}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4DF3CBAA-383D-415E-BF74-9AAD8A0535CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{4EDF5422-CF01-464C-8CEA-165A50538853}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{4FB71ABF-72A3-48AB-9744-3C4146CC3E16}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{5207DA90-9B30-401C-B414-2E365AA8FD78}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{53A0E25F-AE2B-457D-A013-C7E9866E0AA2}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\just cause 2\justcause2.exe | 
"{541A323D-9DB4-4EA7-937A-6EC51F67BEF6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{549D0817-D8B4-4D7B-80B7-BC598F4D8292}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{54DC6E88-ADE1-40EF-B3F5-7A8D34915D7E}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\team fortress 2\hl2.exe | 
"{55231E24-1DAB-4BA6-A602-8384104E78D8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{56D398A1-6CC6-447D-A333-5BC7744B835F}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe | 
"{5937250C-4F25-442F-8441-A3CE96C4DD95}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{5A5EFB00-0875-45E5-9CBE-B2F23CE83E4E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ava\reactor.exe | 
"{5B1BF269-E6D3-4E6B-A637-A7361F47F97A}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5B847501-8C5C-4AD4-A8D3-66A2F2E69CAB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terraria.exe | 
"{5D97538F-546E-45F7-BA33-7005759460C2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{5EB4F6AB-1DEB-47FC-837A-FE7E05075DF7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{605D3169-E765-4D5A-8A8C-37CA7E8E5112}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{6101DC8B-C8BD-4FE6-A469-4D93B877440C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{62005B3C-7C97-4F9D-A00C-8F823776F9E9}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{63B0A0A9-ABC4-460B-B1F7-7A6F389D7595}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{63B442D5-090B-47C6-8B3D-F85A3C9C2D9D}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{63F75551-216D-436E-BFF4-0FE50036B350}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{66E40EA8-09F0-477C-8AAB-329B7E226859}" = protocol=47 | dir=out | app=system | 
"{66E8B2F6-88B9-445A-8A1D-02E5EFDAC89F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{68C17224-FB40-40C4-9B03-9BC9D4140986}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{68EF16ED-C873-4C9C-983F-F423D12E7B4A}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{68FB5E8C-C94D-449B-B93A-EC38477F4BB4}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{6914C025-3829-46FC-8AF6-E6AFA8DB4F2D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\jalian96\garrysmod\hl2.exe | 
"{69C4857A-2C81-432E-AEF6-25EDD0BB8536}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{6A413F5D-9BE6-45A6-8AB1-9832199D2FE5}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{6C71B694-88FE-4870-BA2F-0062C27C004C}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{6D7A5344-1E3B-4234-A0EE-F849B5EEA3EE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{6D84EA77-F94D-4B65-A87A-6D2A6685EAB8}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{70096987-5AD5-476E-9E1C-4D5B279D2F7D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{70AD9408-DCDD-4EA8-AE85-74EAAA7D77EF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{71137B40-EAE9-45C4-99FE-16D82D2509F7}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\breath of death vii\bodviipc.exe | 
"{7135D057-29E9-40B4-B8A6-1BCCE8D145C4}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{71C544F5-6BAB-4928-81C8-472A4D982EB9}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{7234364F-F0EF-451F-8EF0-5B459EEFF880}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{7376E94B-0F42-45E4-BF5B-71EE4298DB25}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\ids.application.exe | 
"{73E793AF-266B-4739-B74A-BC82B32D7AED}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{75E1A611-1A17-44C4-A20E-B17D812A4B90}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{773F90F6-7DFF-4DEC-9922-10FD5D5CF484}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\super hexagon\superhexagon.exe | 
"{78A3DEE7-D074-4744-834B-C1F44BA2DD87}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{796403C7-3168-480E-9EDA-E1DDA67333B3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7AFF79E2-0A3D-45E8-AE8A-46B7CD3AE328}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7CEA2325-506D-41D1-8CFB-BFB41B98FF16}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\age of chivalry\hl2.exe | 
"{7D40EECF-FC0C-40C4-8E41-9A66CE08D62F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\planetside 2\launchpad.exe | 
"{811CD248-CCCD-48D1-B8AB-7708B4BD9F2F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{83754FC1-4309-4641-A173-D9C90EF49943}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\planetside 2\launchpad.exe | 
"{866ABB0F-6F93-421A-A3A5-6C4C97E40C51}" = protocol=17 | dir=in | app=d:\steam\steam\steam.exe | 
"{86E726B7-049E-41D7-874C-B8F5798002C2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{8AA09CAB-CD94-411B-9D85-8F859CAF2681}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | 
"{8C4266D6-5254-413A-AD4B-3E631405258C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{8EA72494-47B9-42A8-9EA9-AC1F844B7419}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{8EDCCE6D-81AD-42A3-B360-28C40C091025}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{8F76FEBE-0F79-4082-924B-44BC56BBBF38}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{90B26950-CF55-4382-BB14-1CC653A48321}" = dir=in | app=c:\program files\apowersoft\screen recording suite\screenrecordingsuite.exe | 
"{910897A6-ABB9-4B51-BFE4-21CD2B35AB46}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\cthulhu saves the world\cstw.exe | 
"{91328B2E-4314-4226-B0F3-18C6E7D8904B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{9165F6CD-EF39-4D0B-B9DD-CD8F9C8842A3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{9273535C-78ED-4FA6-A198-5E28FB4EC735}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{9446AECB-D502-4001-B556-007CA8A30E39}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\dystopia\hl2.exe | 
"{94554558-B3C3-4352-9737-DFEC1B6CAD74}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 test\dota.exe | 
"{946AB5B4-88FA-4F65-9634-4AAD9F6070FA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | 
"{95C51366-FB4C-41E1-AA86-955C646909E9}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{99BDD4DC-C985-444C-98BD-77DDE052A5D2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{9A795352-11A4-4EA8-BB9A-6C163F76A94E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lego star wars saga\legostarwarssaga.exe | 
"{9CE0CA69-881F-4033-B1BD-520B0520B1DC}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\terraria\terraria.exe | 
"{9DDE736A-FDDA-4B6D-97B1-2C27483961B2}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{9EBA0F0E-6B0E-40A4-B2CE-DF5C6E24F604}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\terraria\terraria.exe | 
"{9FD27446-B04E-4980-AF45-460F0AD4F576}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A0E1A198-E01B-4600-95D3-1F9FCB9813B1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{A1EC65D2-4089-4130-B1DE-1085857F63DD}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{A2096722-B4B3-4EE5-BF57-C175EB10FDA8}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\ids.application.exe | 
"{A25D0CA2-CD03-4FF3-826B-DC0DF9EB722A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{A2F78F8E-305D-4167-A7E0-9D6968683154}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A322FB48-077D-4EA2-96A7-58CCD5D16930}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{A32BFEBF-35DA-449A-8D2B-0C1BAD7E2F0F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{A3CB7A34-E262-45D7-A5DE-4A908EF1C1FC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\crimecraft\steamlauncher.exe | 
"{A453801C-151D-4E1F-8F31-3B2CCA2E226E}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{A52DC6DA-6081-436A-AAD6-000F872355CD}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\ordersupplies.exe | 
"{A5456CF4-05ED-4606-9E26-A173EB6BCFA4}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{A7CD712A-93DC-407B-93C9-AFA821CEE44A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{A7CFAAA8-D2FF-4247-B2B4-2FF9CEFD033B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\jalian96\zombie panic! source dedicated server\srcds.exe | 
"{A8344108-DD9F-4D3A-B757-960B7129696A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{A873CAF4-9A49-4604-8FA1-482A1E456C57}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{A99A6467-7782-476B-85C8-091976F3332D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\prototype\prototypef.exe | 
"{ABC02E1B-0A8A-4C74-ADBF-E2E5B4072D4B}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{ADB11EB9-6BA0-4B83-B319-D403A3360DAA}" = protocol=6 | dir=out | app=system | 
"{B0DD8135-569E-4D6B-9A45-3CA95CA4977E}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{B0E89411-17C4-4638-956D-CAD181BB5375}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{B2BBF56E-36E8-48EF-ACAA-3C5843F91718}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B43DF899-E610-4689-B7E9-56D27AAE6010}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ava\reactor.exe | 
"{B4AE518D-E9C7-4EC8-8FF3-7762EAE672DA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\jalian96\garrysmod\hl2.exe | 
"{B5D7D5A0-B7F3-440E-BECA-BDAE5CED68CE}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\lego star wars saga\legostarwarssaga.exe | 
"{B615CB6D-C8C8-4A4C-A2CE-52987EE4326C}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\garrysmod\hl2.exe | 
"{B6EB3285-A581-42F4-9D39-19D023B11FC6}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{B8DFE397-7AD0-4FB9-B3D5-FBD647CD4B36}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{BB773DB8-AFDD-44F3-9326-2BCB83FFA462}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{BC9175E1-1B3C-4682-9761-6682F6BF1C82}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{BD555A65-017D-43F4-B96C-090A24FBB89B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{BE3AEC0C-34FA-4CC7-97D4-0AC69B60A648}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\ordersupplies.exe | 
"{BF36C472-117C-4A25-AEE0-1D2798F5DE34}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{BF59628A-CA38-4CF1-9281-9924C5A449D9}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\magicka\magicka.exe | 
"{BFB80C5A-D0A8-4574-B182-26E714CAA7C7}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C0CC7328-1916-420F-8278-E6DF5D25D353}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{C1E5E485-19C2-4C42-9E09-2AD4CD7FE09D}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{C239EB38-50C3-4576-B9E0-F399F20EF0C4}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | 
"{C3E8CE92-12F9-431E-B7D4-B6C4984A63BD}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{C4EF5FE0-55C9-4CD7-9E46-259EC18AA9BF}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{C5C937B8-31E0-440D-8228-CE476F360C5B}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{C6BB211A-9804-4AC8-82FD-9668CCB33D6E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{C6FBEE38-AA11-4558-A73D-CF95114F77EF}" = protocol=6 | dir=in | app=%systemroot%\system32\msdtc.exe | 
"{C92B558B-8B2F-4C17-BDD7-F186517AF3A6}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{C9F24F2A-BCC3-494C-AF39-229189B9C3D1}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{CA96019A-02DB-467C-BE40-DC3CDDC769C2}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\magicka\magicka.exe | 
"{CC471A73-984B-4084-A182-1BDDC0E0D8C3}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\lego star wars saga\legostarwarssaga.exe | 
"{CCDB56FD-76C2-4AE2-A97B-05FF08B1D05A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{CD10BC0E-AA51-42E5-8162-DDCC2B2AC8E0}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\just cause 2\justcause2.exe | 
"{CE18DC99-4E21-4B35-A09E-7EC259E9498E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{D3A25794-9358-49E0-9FD7-A5852939E7A3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 test\dota.exe | 
"{D4E4EF52-1EDC-49B3-852D-12A32FA83D5E}" = protocol=6 | dir=out | app=%systemroot%\system32\msdtc.exe | 
"{D7603204-E524-4B0D-8D7C-0FB7A9A683B3}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{D7D7B933-7A8F-44F7-9654-A416FBE23C5C}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{D84FAA49-9AAF-4D4B-9C35-AE94A0823A35}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe | 
"{D94E6445-3645-489C-B147-264ECE2B57F2}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\ava\nwzlauncher.exe | 
"{DB6502D6-C40B-4C62-93A5-E586A9FFE18A}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{DD0E8D23-994F-43B2-B131-372AB11872D1}" = protocol=47 | dir=in | app=system | 
"{DEBD1A83-1031-4237-9430-BC5CF3A705C9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{E0213359-DA03-49FB-8B31-247E7AA941EB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{E1B37F99-4F91-4B86-9959-C177CE9D5231}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | 
"{E5662F5E-1B86-4B73-9516-FCC67A88F36C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{E8CCCDF3-CF60-4F06-9602-4096C529EB88}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{E926BD39-4F8F-4E82-A143-D1DD388904E1}" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\alien swarm\srcds.exe | 
"{E929E351-62AB-4E00-B289-3B217354F4D2}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe | 
"{EA48C4D8-11F2-45D7-A3DD-D7910E0A7D47}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{EAC05D36-F0F8-4DE1-B564-E4C84C908D0A}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\breath of death vii\bodviipc.exe | 
"{ED2A330F-9D3D-40BA-A589-7906B2542023}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | 
"{EF3AA870-5D57-4B83-BAA4-79DCB7F3AD0C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | 
"{F01517E2-911A-4146-AC3F-58C4F99EC2C6}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\idsalert.exe | 
"{F22909B0-C8E1-4B39-8169-FC41774F0836}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\ava\nwzlauncher.exe | 
"{F2ECD8E6-729B-43C5-BD7A-974A9F1AFBA4}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\dota 2 beta\dota.exe | 
"{F44B5DEC-7A73-48AC-ADA0-9672A02585FF}" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\dystopia\hl2.exe | 
"{F6C379BF-641C-4F42-B916-54CAEBC9E9B7}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{F8859468-543F-41C5-94F3-1EC6C1A13CAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F9CC6A86-F7CB-41EF-A6E4-1DC176C8C7A7}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{FBFFF4C1-68F0-412A-A365-17486B935557}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{FC0B0050-F48F-4955-918E-C641D6CF0D6D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{FC86F2A0-243F-4E2C-90AA-567225B3ACF3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{FCC842AA-FEE1-4100-B621-28B8D83A71C4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{FE7CDE28-DF29-476A-8326-98E4B34698A0}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"TCP Query User{02A2E234-7020-4639-A611-B93D9E0B4A8F}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{03BC65E0-2738-4C71-800C-8D8AE7AC07CF}C:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"TCP Query User{1740FF77-0A06-468E-8472-6FCB2A1BD4A5}C:\program files\steam\steamapps\jalian96\dystopia\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\jalian96\dystopia\hl2.exe | 
"TCP Query User{192F23A2-D57F-4436-8EDE-162FD155C5EB}C:\program files\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe | 
"TCP Query User{20C50F86-CAD3-4A46-A825-6A12976B612D}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{2955384A-4ACF-4B18-AD8D-1FCA80E113DF}D:\steam\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{4CE1D687-A7E0-460F-9610-23A7EFF1EAD9}D:\steam\steam\steamapps\jalian96\age of chivalry\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\age of chivalry\hl2.exe | 
"TCP Query User{6D418D97-4718-412F-9128-E797EF9E1BC9}C:\program files\steam\steamapps\jalian96\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\jalian96\team fortress 2\hl2.exe | 
"TCP Query User{6DCDA29E-1E9A-4AF1-B2C5-B70EA8F3A520}C:\program files\steam\steamapps\jalian96\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\jalian96\counter-strike source\hl2.exe | 
"TCP Query User{9121B673-4B66-4C6C-A26C-E4BC88F3B797}D:\steam\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"TCP Query User{9AEE5D63-A317-4066-A8F4-DA189A2F2600}C:\program files\steam\steamapps\common\alien swarm\swarm.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"TCP Query User{9B3F10BB-D34D-4AB0-8491-0F613A62A501}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{A03A0755-7484-448A-A716-8231C39DA3FE}D:\steam\steam\steamapps\jalian96\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steam\steamapps\jalian96\team fortress 2\hl2.exe | 
"TCP Query User{BC2D2F85-89D9-4948-B082-F6E423AC6FE8}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"TCP Query User{DB8B3B54-3981-476F-A927-B97EB8D0B642}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{DCA3F9DC-38E3-47F1-A436-49A964DDCCB5}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E57770B3-BD6C-45F1-B07E-98C7C022D21D}C:\users\julian\desktop\games\gw2\gw2.exe" = protocol=6 | dir=in | app=c:\users\julian\desktop\games\gw2\gw2.exe | 
"TCP Query User{E88C3458-8D6F-4D4C-A479-71E2C0118C26}D:\steam\steam\steam.exe" = protocol=6 | dir=in | app=d:\steam\steam\steam.exe | 
"TCP Query User{ED74E523-73DB-4B39-A26C-61C4306A3E94}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{0229962F-569B-4058-9D84-80AD769894F6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{0C2FF634-DDBC-4F02-91EB-209ABEBE9157}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{0F355243-3036-4666-BAE5-EA2F621BC54B}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{11FFC39D-6FFC-4B0C-B2D8-410CCF17E29C}D:\steam\steam\steam.exe" = protocol=17 | dir=in | app=d:\steam\steam\steam.exe | 
"UDP Query User{36218854-9797-4B6E-AC06-5D5D78534B73}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{3B16F4D3-E486-4CAD-95F1-4AF4B6A83D0B}D:\steam\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{49D0E5C5-0C63-4CF3-BFF1-12F30E89938A}D:\steam\steam\steamapps\jalian96\age of chivalry\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\age of chivalry\hl2.exe | 
"UDP Query User{4E9878C1-9AA9-466B-A6AB-DB8CAE77C92B}C:\program files\steam\steamapps\common\alien swarm\swarm.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"UDP Query User{4F2405DA-7B6C-4BE2-BC95-885809ED1876}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"UDP Query User{84AC4C3F-1235-45F4-A320-77D88AD56876}C:\program files\steam\steamapps\jalian96\dystopia\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\jalian96\dystopia\hl2.exe | 
"UDP Query User{C74A62AF-E30B-4F6D-A7DD-D242B732996B}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{CC5DB25E-8E38-41AC-9B8A-1E924E5AA749}C:\program files\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe | 
"UDP Query User{DCB39665-7DF6-448F-8DD6-FE7F5220F89F}D:\steam\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"UDP Query User{DFB650C4-9A09-41A3-B6CD-B21162CF7B1A}C:\program files\steam\steamapps\jalian96\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\jalian96\counter-strike source\hl2.exe | 
"UDP Query User{E1921B14-6F2B-4976-AE65-2C3EA7B25619}C:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"UDP Query User{E397AB5A-549D-46E1-824A-D679D849E494}C:\users\julian\desktop\games\gw2\gw2.exe" = protocol=17 | dir=in | app=c:\users\julian\desktop\games\gw2\gw2.exe | 
"UDP Query User{E7E79136-517C-478D-A738-61C1654AE8EA}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{EEDF08ED-7E4E-44FA-B0E5-8D40AF33C6B1}D:\steam\steam\steamapps\jalian96\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steam\steamapps\jalian96\team fortress 2\hl2.exe | 
"UDP Query User{FFE40B75-9A67-41D1-9AB4-48C340F89CF1}C:\program files\steam\steamapps\jalian96\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\jalian96\team fortress 2\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1446A30C-6DAF-461E-96B1-31C554870082}_is1" = Tag - IGF Professional 2008
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3825F8BD-F784-6FBB-A5CD-857559148007}" = AMD Catalyst Install Manager
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F198874-3C7D-5983-02EB-9E234C43F174}" = AMD Steady Video Plug-In 
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F96ACE-9249-D04D-E569-1D611D0982BB}" = ccc-utility
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6EB60F-BC70-101B-CACE-9D7794767A3C}" = AMD Accelerated Video Transcoding
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}" = REALTEK Wireless LAN Driver
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BFEF4962-6E70-D68B-9680-007E83E68291}" = AMD Fuel
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D38F781D-C6D6-3CD4-BEB8-B11D87B53A7F}" = AMD Drag and Drop Transcoding
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.4.8
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F47F1D92-F4DF-4113-80B0-B58F2EB10F28}" = AMD Media Foundation Decoders
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}" = Steganos Safe 2012
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0630-0716-3135-7887" = JDownloader 2
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BLACKSHADES" = Black Shades (remove only)
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"IObit Malware Fighter_is1" = IObit Malware Fighter
"IPS Wizard" = IPS Wizard
"Kingsoft Office" = Kingsoft Office 2012 (8.1.0.3375)
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX_{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"MAGIX_{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Origin" = Origin
"Postal 2 Demo" = Postal 2 Demo
"PunkBusterSvc" = PunkBuster Services
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung ML-2160 Series" = Samsung ML-2160 Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"Screen Ruler 2D_is1" = Screen Ruler 2D 1.12.5.29
"ScummVM_is1" = ScummVM 1.5.0
"SkypePlayer" = Skype Audio Player (remove only)
"Smart Defrag 2_is1" = Smart Defrag 2
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 24980" = Mass Effect 2
"Steam App 55230" = Saints Row: The Third
"Steam App 620" = Portal 2
"Steam App 8190" = Just Cause 2
"Synthesia" = Synthesia (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmUnitedForever_is1" = TmUnitedForever
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UltraStar" = UltraStar 0.8.4
"Uplay" = Uplay
"Vindictus EU" = Vindictus EU
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"VTFEdit_is1" = VTFEdit 1.2.5
"Window Ruler 1.x_is1" = Window Ruler 1.x
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-618426037-2681808743-1371803286-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yume Nikki 0.10 English" = Yume Nikki 0.10 English
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 07.05.2013 09:44:07 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 07.05.2013 09:45:03 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 07.05.2013 09:45:38 | Computer Name = Julian-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 07.05.2013 09:45:38 | Computer Name = Julian-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
 
< End of report >

cosinus · 07.05.2013, 15:27

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledAddons: ytd@mybrowserbar.com:6.2
FF - user.js - File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Jalian · 07.05.2013, 17:50

Es hat neu gestarted, und am Ende stand dass die Daten gelöscht wurden, aber kurz vor dem Neustart kam folgende Nachricht.

___________________________________________________________________________________________________________________
avgnt.exe - Fehler in Anwendung

Die Anweisung in 0x6c696cfc verweist auf Speicher 0x00000020. Der Vorgang read konnte nicht im Speicher durchgeführt werden.

Klicken sie auf "OK", um das Programm zu beenden.
___________________________________________________________________________________________________________________

(Das ganze noch einmal im Original im Anhang.)
---------------------------------------------------------------------
Ich habe jetzt keinen Namen eingefügt,weil es bei mir am Computer nur ein Benutzerkonto gibt.

Hier nocheinmal den Log.

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: wtxpcom@mybrowserbar.com:6.2 removed from extensions.enabledAddons
Prefs.js: ytd@mybrowserbar.com:6.2 removed from extensions.enabledAddons
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Julian\Downloads\cmd.bat deleted successfully.
C:\Users\Julian\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Julian
->Temp folder emptied: 43219 bytes
->Temporary Internet Files folder emptied: 3141546 bytes
->Java cache emptied: 4052623 bytes
->FireFox cache emptied: 60096485 bytes
->Google Chrome cache emptied: 346642005 bytes
->Flash cache emptied: 20427 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1656259 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66747 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 396.00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 05072013_183055

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 07.05.2013, 20:47

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Jalian · 08.05.2013, 06:19

Ich hatte gestern nicht mehr viel Zeit,deshalb habe ich jetzt nur einen durchlauf mit dem Malwarebytes Anti-Malware Programm geschafft.

Nach einem Durchlauf zeigte er mehr Malware an als vorher.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.07.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Julian :: JULIAN-PC [Administrator]

Schutz: Aktiviert

07.05.2013 21:49:50
MBAM-log-2013-05-08 (01-42-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 844651
Laufzeit: 2 Stunde(n), 57 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Transit\SoftonicDownloader_fuer_grand-theft-auto-gta-iv-screensaver.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Transit\SoftonicDownloader_fuer_mario-forever.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Transit\installer_heart_of_darkness_1_2__Deutsch(1).exe (PUP.SmsPay.PGen) -> Keine Aktion durchgeführt.
C:\Windows.old\Users\Julian Wilhelm\Desktop\Funny\Quatsch\Geschenk.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt.
C:\Windows.old\Users\Julian Wilhelm\Desktop\Funny\Quatsch\Langeweile.exe (PUP.Joke.Buttons) -> Keine Aktion durchgeführt.
C:\Windows.old\Users\Julian Wilhelm\Desktop\Funny\Quatsch\Langeweile1_1.exe (PUP.Joke.Langeweile) -> Keine Aktion durchgeführt.

(Ende)

Die meisten Dateien die da erwähnt wurden stammen von meinem kleinen Bruder und müssten eigentlich längst gelöscht worden sein.

Den zweiten Durchlauf mache ich dann heute Abend.

cosinus · 08.05.2013, 08:11

Wie du siehst wurden sie nicht gelöscht

Und vorher hattest du "nur" einen Quickscan mit MBAM gemacht

08.05.2013, 08:11	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spy-Hunter 4 unvollständige Deinstallation Wie du siehst wurden sie nicht gelöscht Und vorher hattest du "nur" einen Quickscan mit MBAM gemacht __________________ Logfiles bitte immer in CODE-Tags posten

Spy-Hunter 4 unvollständige Deinstallation

Log-Analyse und Auswertung: Spy-Hunter 4 unvollständige Deinstallation