Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: svchost.exe Virur 2GB Arbeitsspeicher verwendung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Thema geschlossen
Alt 17.05.2013, 12:35   #1
chrischi1
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Unglücklich

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Hallo liebe Trojaner-board.de Community
Ich habe seit einer Woche das Problem Das Svchost.exe 2GB (2`000`000K) Arbeitsspeicher braucht und den Explorer so überlastet das ich keine Ordner öffnen kann.
Ich habe hier schon mehrere Post`s gesehen aber keine konnte mir weiter helfen.
Hier mal ein Bild:

Grösser : hxxp://imageshack.us/a/img545/3854/svchostpic.png
Ich lasse gerade noch den ESET Online Scanner Durch laufen den log werde ich so schnell wie möglich Posten.
Er hat bisher 12 Sachen gefunden
Immer Adware.Yontoo & Adware.Multiplug.H (.F) ...
Ich hoffe um schnelle Antwort :

Hier der Log :
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6169b0ceeb55b649865bd8cd778d3228
# engine=13849
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-17 11:57:46
# local_time=2013-05-17 01:57:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 91 70423 119483162 0 0
# compatibility_mode=5893 16776574 100 94 20970084 120421716 0 0
# scanned=229814
# found=12
# cleaned=0
# scan_time=4738
sh=85263F072262A269CA7EE2A54C88B2E9073C152C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\ProgramData\Bcool\5059a7a026105.html"
sh=63CAB766A80052755623903192F1EBC67BAC6564 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\ProgramData\Bcool\fjhmfjbdloolpcinflblkjbcaioopgbc.crx"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=1D35C5005E8B2CBE463BE8840D8B519BCBDAEE3D ft=1 fh=57608bffe13529a4 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
sh=918FCE3D903DEF6BE57FA81545CE6FB1FFA8BA12 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.F application" ac=I fn="C:\ProgramData\Zoomex\settings.ini"
sh=85263F072262A269CA7EE2A54C88B2E9073C152C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\All Users\Bcool\5059a7a026105.html"
sh=63CAB766A80052755623903192F1EBC67BAC6564 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\All Users\Bcool\fjhmfjbdloolpcinflblkjbcaioopgbc.crx"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=1D35C5005E8B2CBE463BE8840D8B519BCBDAEE3D ft=1 fh=57608bffe13529a4 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
sh=918FCE3D903DEF6BE57FA81545CE6FB1FFA8BA12 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.F application" ac=I fn="C:\Users\All Users\Zoomex\settings.ini"
sh=04AF8C956D315B521969C33D662A70A88A7F3328 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\Herrmann\AppData\Roaming\Mozilla\Firefox\Profiles\alqi08uu.default\extensions\50fbdde49302c@50fbdde493058.com\content\bg.js"
sh=D697D0396B6AD1245FA79335D8AAA1B8D3815375 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\Users\Herrmann\AppData\Roaming\Mozilla\Firefox\Profiles\alqi08uu.default\extensions\plugin@yontoo.com\content\overlay.js"
         

Geändert von chrischi1 (17.05.2013 um 13:03 Uhr) Grund: url nicht verlinkt ...

Alt 17.05.2013, 14:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Hallo und

Zitat:
Ich habe seit einer Woche das Problem Das Svchost.exe 2GB (2`000`000K) Arbeitsspeicher braucht
Und? Selbst wenn svchost 4 GB belegt hättest du immer noch 12 GB für andere Prozesse über!
Du hast 16 GB RAM, wozu bitte? Damit der größte Teil einfach nicht genutzt wird? Wenn ja wozu hast du soviel RAM?

Bei Maschinen mit soviel RAM kann es durchaus normal sein, dass sich das System auch viel RAM krallt, damit viel im Speicher ist und nicht ständig auf die langsame Festplatte zugegriffen werden muss. Selbst SSDs sind um einiges langsamer als RAM.


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 17.05.2013, 14:40   #3
chrischi1
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Em ich habe Norton360 den system32 ordner durchlaufen lassen Nix gefunden
dann komplett scannen lassen Auch nix :/

Aber die svchost.exe Blockiert die Interaktion mit Ordnern oder anderen Sachen Videos etc es lässt sich nichts öffnen ;/ ich muss dann immer die svchost.exe beenden im Taskmanager und vor 1ner Woche hatte ich noch nicht, da hatte ich immer
nur 2% belegt ... (also 98% Frei)
Andere logs sind leider nicht gefunden worden ://
__________________

Alt 17.05.2013, 15:47   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Bitte diese Frage beantworten: Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.05.2013, 16:11   #5
chrischi1
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Zitat:
Zitat von cosinus Beitrag anzeigen
Bitte diese Frage beantworten: Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
ahhh jetzt kapiere ichs nein die sind nie fündig gerworden :/


Geändert von chrischi1 (17.05.2013 um 16:49 Uhr) Grund: kapiert

Alt 17.05.2013, 18:26   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
--> svchost.exe Virur 2GB Arbeitsspeicher verwendung

Alt 17.05.2013, 19:05   #7
chrischi1
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Unten ...

Geändert von chrischi1 (17.05.2013 um 19:18 Uhr)

Alt 17.05.2013, 19:07   #8
chrischi1
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Code:
ATTFilter
OTL Extras logfile created on: 17.05.2013 19:57:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
15.95 Gb Total Physical Memory | 9.89 Gb Available Physical Memory | 62.03% Memory free
31.90 Gb Paging File | 25.87 Gb Available in Paging File | 81.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 103.14 Gb Total Space | 10.21 Gb Free Space | 9.90% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 824.44 Gb Free Space | 88.51% Space Free | Partition Type: NTFS
 
Computer Name: CHRISCHI-PC | User Name: Herrmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0462B6AF-3A49-4DE4-B0ED-4E23BA846E41}" = rport=139 | protocol=6 | dir=out | app=system | 
"{0F5B9F99-F4F4-4F18-AFA5-D169A34D3DD0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{12B27073-5DCF-41B3-AD13-4DFE34ABB31A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{18D85AE7-162C-4744-8059-0EE2BD98AE67}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{374F7B76-3C3D-422D-97E9-4652F65962AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43117FCF-C6B5-49FD-B588-0C4A58E011AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5890D641-90C8-4039-9A6C-2C092F10469F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6739D897-50E6-45E2-800D-1C866A56937C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{69EC9E84-26EC-4265-9990-0B28AA60E5E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7151E6C8-7CDF-4DA8-92BF-F9A98E3B1165}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{91BB93DE-9399-453D-833B-F76F1042330D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{94E56B75-2815-450D-88FB-E732EA34490B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{98885095-8B54-4126-A867-DB24CB818C27}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99C48DBF-B26F-497D-9352-440C80C2BAC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B1FE187B-AFA0-4BCD-8963-E96DA89356A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BD1A8AB4-9564-4002-8FB2-F11CB5EEE9B7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C007ED8D-FDF6-42F5-B82F-5ED22FD90690}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CBACA890-A0D8-49E0-8BEC-CB99C6EFFBC4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CBEF7F31-C0EC-4C0C-B9D8-0FCEC287BCF3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D0F7D9C5-DE94-473D-8CC3-D0FA30F8C889}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E47084B9-BF71-4B51-A849-733B29A3533A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FBB20A81-4776-409A-963B-45FF55BFA6F0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FEBBFF33-F8C2-4CBB-9E49-C2C51B509500}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FAA886-241E-48FA-AACD-EB2E70D9490B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{0CAFE4A2-5D75-4694-8091-25A61BEBE816}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\videoplayer.exe | 
"{0CEAAFD2-6213-476F-8FE7-6E1A3E1FBCAD}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{0E3E9F11-95B8-48AE-9172-192DE623EFB0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{1013F4E2-9BB0-4C89-81DE-E3C132C3CC68}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{1183CCA4-E199-4F50-B670-534CD2373EE4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{11CB63AE-E142-4FEE-ACA7-8512F3DDE8BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{12E59150-F844-4F72-8C01-5A370F276E30}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{13B5D8B4-7FB1-4104-91AF-B8A8E62D8145}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\musicplayer.exe | 
"{1575B4B5-7171-4FC3-8FE0-26C131977859}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{183D2BEC-F76E-457A-907F-6425D0D583C4}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"{206523BD-BA65-4A9D-AB0C-4B71AD91CA76}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{27BE312A-483F-4337-9491-D0EF5C5E8479}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{28807936-CC34-4809-B1D2-E6B73924A4FF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{2CA6829B-A8F8-4718-8D2C-0116A699F923}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\movie\playmovie.exe | 
"{2E14FAB1-331D-4F29-911D-5E2E338245E0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\princeofpersia_launcher.exe | 
"{30A44E8B-4200-4884-BCEE-49F184B8D0CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{33A37FED-A10C-4C44-B566-2B8C36DE1A0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3725EDE0-49FB-40A9-927F-5A1D3C8CEBB6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{3B9544E1-415C-4935-9F8A-27ADD1197866}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3CD0793B-9FE3-480C-B8F0-987EDDBA4454}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3F7009F8-0BBE-4E5D-97BE-B827F7060234}" = dir=in | app=c:\program files\eslwire\wire.exe | 
"{43688F50-2A67-4B6B-9B0F-483652E96020}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{45929A32-C16D-4179-8E4C-B0B21CB6C1C6}" = protocol=6 | dir=in | app=d:\desktop\bf3\battlefield 3\bf3.exe | 
"{484D744F-8438-4357-B45B-14454F642412}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"{48549E77-7B17-4721-9B17-8865F885742F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{497BD64F-32AE-4C0F-9AD3-39342EA837E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4A666CDE-2F9A-4157-82C0-1E6F0FDEA823}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4C430E67-8E13-4DBE-9BC1-91FA56F72949}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4DFD60BF-308F-4130-9FDE-D24086E20879}" = dir=out | app=c:\program files\eslwire\wire.exe | 
"{4F2F8403-D5CD-4C43-A641-34862902BA1B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{51036456-798C-415C-B29E-C736B7EA6AA8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{511466CE-078E-4401-A673-C1862FDAD398}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{536F40B6-D1E6-46FE-8730-40E5E6E838AE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{57DE7718-BEB4-4B80-AA44-55CA6E6FE3A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5A9D6383-439B-441A-9529-FE8DFE3FA7F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5CF0E3EA-6761-446D-A32F-E9B17E4ED708}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{5D60A68F-FD6A-4BD4-B3DF-0E3786CF1841}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5DFAF632-E102-4ED1-9F9E-0F60D7B8792B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5EDD1C25-AB46-4033-9C82-3E6CBB949D68}" = protocol=17 | dir=in | app=d:\desktop\bf3\battlefield 3\bf3.exe | 
"{61A1DE9E-678C-4B90-AE52-0F47B6CF8C81}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{66A87328-CA22-495C-BB20-59FCF94E2CC8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{6BF88A52-151A-4AD1-AD1C-A7B038D5EEB6}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"{6C049665-750D-4484-9483-DCEFA425BE2D}" = protocol=17 | dir=in | app=c:\users\herrmann\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6E1EBF4A-29B8-46E2-9FD7-B05DCB211839}" = protocol=6 | dir=in | app=d:\desktop\assasin\ac3sp.exe | 
"{74FF400A-0A13-4E62-9C53-62683A62CD7B}" = protocol=6 | dir=in | app=d:\desktop\assasin\assassinscreed3.exe | 
"{76501030-E44E-4383-96BD-7B76930340F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{77E1BB82-1401-4935-860C-EFD02E7F87F0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{7A01CF71-AA1B-47AC-B582-6109BAE4F0B4}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{7D2F4F4C-033D-4681-A40C-72DCE39A44C7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{80316F4D-1BA9-4CFA-90D3-9C7676A4B90C}" = protocol=6 | dir=in | app=d:\downloads\crossfire_downloader (1).exe | 
"{8503B0D7-78E6-448F-841F-E4A1EDBBA483}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{8B00ADC1-E232-445E-AAE3-C43EF180840A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8B78FFBC-A51D-46A5-811D-8DA172C47ECE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\prince of persia.exe | 
"{8EA1071C-AE64-4A50-9177-ED9A5424DD05}" = protocol=6 | dir=in | app=d:\desktop\assasin\ac3mp.exe | 
"{8F67E8F3-41D7-4549-83C4-12EA0899073C}" = protocol=17 | dir=in | app=d:\desktop\assasin\ac3sp.exe | 
"{948B1AB8-12D7-41C3-A539-19AAE19725E4}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{9576BEFA-75F7-4A99-85BA-5CB2CD6762D7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{964ECDD5-34DB-49C1-8FB7-BF10F43BF133}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{96F3B583-CE3C-4C60-9A49-F173E9765571}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{998600B0-3615-49E8-A8DE-8AAEA1DA829D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{9F82393C-4389-4644-8929-A63885C7BD4F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A264540D-7060-4D08-B3F5-E4C85C25D3D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A3565842-C2A0-40BD-AAB2-D45056B1E5EF}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{AA80989B-9D7D-44B6-A29F-DD54293488B2}" = protocol=58 | dir=in | app=system | 
"{AB178E97-6043-4480-89C9-4504F41EE715}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{ABADF8D6-33AC-4A81-8AEB-E8ACFD15DD0F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B26E16A2-2F44-4325-834E-6A6E84A98FB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3090BC3-726E-446B-A3E3-E87D55E6861B}" = protocol=17 | dir=in | app=d:\desktop\assasin\ac3mp.exe | 
"{B4C9E4A0-B32E-46D9-9C78-B1AF0709A8D3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B747D3A2-C106-459F-BF00-27A4E3269898}" = protocol=6 | dir=out | app=system | 
"{BB33D5FA-01C3-4677-BD9F-EB0AAD8408C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD1DCE5C-15E1-4A71-843A-3E8DBE707F36}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\prince of persia.exe | 
"{C50904FB-C592-4F55-A97B-DAEA2AADE9B5}" = protocol=17 | dir=in | app=d:\downloads\crossfire_downloader (1).exe | 
"{C67016FE-1766-41CB-A5CF-FD75532D94A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{C867078D-DA58-4BBF-A60A-A877D2881925}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"{CAC45CDE-4193-4DE4-96B9-376C418503FD}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{CE4C6E43-6954-4AED-B9E5-8F97DBB20A15}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\princeofpersia_launcher.exe | 
"{D058210C-705D-473D-B350-3A5C41FB32DC}" = protocol=17 | dir=in | app=d:\desktop\assasin\assassinscreed3.exe | 
"{D1E800B9-F28B-4256-8DB1-D35E42AA2D59}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{D2209357-A470-480B-B6BF-529247C1D569}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D45CA416-E994-49BC-A076-21DE8329D79A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{D4C818AC-C640-49FA-899D-7AAEAC141A41}" = protocol=6 | dir=in | app=c:\users\herrmann\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D585AEB5-49E2-46C6-AF26-34407144BE64}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D92D0E7D-7324-4F34-8A88-65F2C987B75C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD18FB75-3E56-4C80-AD9A-6E71D576B0B5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F03D8AC6-0802-49BD-8698-7DDA613A2C68}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{F9A26E1E-5137-4AA7-8D83-626F71E46B9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5866DD36-8055-475B-A5C3-82C04091D14E}" = BF3 Settings Editor
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7E3B2D0F-029B-11E2-BD68-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{80E64FDE-029B-11E2-A955-F04DA23A5C58}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A7500970-FE98-11E1-B560-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"ESL Wire_is1" = ESL Wire 1.15.4
"Logitech Gaming Software" = Logitech Gaming Software 8.35
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"OptimizerPro1" = OptimizerPro1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20E7BC40-33F6-4A81-9D52-B58349326206}" = Bcool
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS0211)
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}" = ArcSoft ShowBiz
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" = SpyHunter
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1" = Cinema 4D version R12
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E890D16-5CB9-4F18-BAA1-CCD0A543CAE5}" = MAGIX Music Maker MX Premium Download Version
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8BD89760-6B5D-4A3C-8B0D-CDB93BEFC0F6}" = XSplit
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F6F7194-0734-4CDA-8C04-6B766F2241A6}" = Camtasia Studio 8
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994359E8-D614-4CC6-84DB-415C27D2BA12}" = MAGIX Screenshare
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A3AD65CC-B2CE-49da-AE4E-CC2ECF4EC0F8}" =  clear.fi SDK - MVP 2
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A6AC699F-8315-40CA-8F70-E917494978AB}" = VirtualDJ Home FREE
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DAF7BB88-6392-40aa-A714-8392C4BDBD2C}" =  clear.fi SDK- Movie 2
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDB0EF3-673C-FDCE-6498-750F51391660}" = Fooz Kids
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.2
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Clownfish" = Clownfish for Skype
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"EazelBar" = EazelBar
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"FoozKids" = Fooz Kids
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PicoZip Recovery Tool 1.02" = PicoZip Recovery Tool 1.02
"PunkBusterSvc" = PunkBuster Services
"Security Task Manager" = Security Task Manager 1.8g
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamViewer 8" = TeamViewer 8
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.4
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"winscp3_is1" = WinSCP 5.0.9 RC
"WTA-190c87f3-ae6c-4a37-90f7-afca69de52a9" = Torchlight
"WTA-2e3c5146-8752-4062-af0d-38776e12f506" = Wedding Dash
"WTA-336e0121-2fc7-4e95-b04e-c955c034ccaf" = Penguins!
"WTA-3508ff18-f336-4e9e-99e1-cb1c08ba8716" = Zuma Deluxe
"WTA-38fdca4a-833d-43f2-a622-2a1812ad517b" = Insaniquarium Deluxe
"WTA-6197ae63-ed97-455d-9ce6-15f67d936e4f" = Agatha Christie - Death on the Nile
"WTA-66ae9e4d-5e28-41f7-9eb0-b48e43b31dea" = Polar Bowler
"WTA-71077059-78d7-4bd2-8145-022b4c3a46d3" = John Deere Drive Green
"WTA-8024325c-6c76-4607-a3e9-a5c117c22f75" = Final Drive: Nitro
"WTA-925b3c54-2dd7-4f67-93b1-10da75224865" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-9c816215-2ae4-4846-9bf6-9c6ab8d22056" = FATE
"WTA-c1079165-a1fb-4479-8e87-3935f3a75925" = Plants vs. Zombies - Game of the Year
"WTA-d372831e-8b94-459e-9250-ef4d895def89" = Virtual Villagers 4 - The Tree of Life
"WTA-d39723d7-491c-466f-bee4-7a3230f497db" = Slingo Deluxe
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1242782858-1307113304-2311912926-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2013 06:22:25 | Computer Name = Chrischi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2013 06:31:02 | Computer Name = Chrischi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 17.05.2013 06:36:27 | Computer Name = Chrischi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 17.05.2013 06:36:28 | Computer Name = Chrischi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2013 06:37:10 | Computer Name = Chrischi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 17.05.2013 07:00:21 | Computer Name = Chrischi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2013 08:01:36 | Computer Name = Chrischi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 17.05.2013 09:55:50 | Computer Name = Chrischi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.6.0.0, Zeitstempel:
 0x511c9356  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x028a78a0  ID des fehlerhaften Prozesses:
 0x20ec  Startzeit der fehlerhaften Anwendung: 0x01ce52f577c345db  Pfad der fehlerhaften
 Anwendung: D:\Desktop\BF3\Battlefield 3\bf3.exe  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 7ae39079-bef9-11e2-9611-e840f2c8cfb5
 
Error - 17.05.2013 11:18:24 | Computer Name = Chrischi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.6.0.0, Zeitstempel:
 0x511c9356  Name des fehlerhaften Moduls: d3d11.dll, Version: 6.2.9200.16492, Zeitstempel:
 0x50f31443  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000a6bca  ID des fehlerhaften Prozesses:
 0x1710  Startzeit der fehlerhaften Anwendung: 0x01ce530d9c466fca  Pfad der fehlerhaften
 Anwendung: D:\Desktop\BF3\Battlefield 3\bf3.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\d3d11.dll
Berichtskennung:
 03ad0245-bf05-11e2-9611-e840f2c8cfb5
 
Error - 17.05.2013 13:40:57 | Computer Name = Chrischi-PC | Source = VSS | ID = 8194
Description = 
 
[ System Events ]
Error - 25.02.2013 15:16:43 | Computer Name = Chrischi-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle 
Auftragsanzahl für den CHRISCHI-PC\Herrmann-Benutzer ("4890") ist gleich oder größer
 als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können
 das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die
 kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den
 BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird,
 bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits
 pro Benutzer und pro Computer zu erhöhen.
 
Error - 25.02.2013 15:16:53 | Computer Name = Chrischi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 25.02.2013 15:16:53 | Computer Name = Chrischi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 26.02.2013 04:45:08 | Computer Name = Chrischi-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle 
Auftragsanzahl für den CHRISCHI-PC\Herrmann-Benutzer ("4890") ist gleich oder größer
 als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können
 das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die
 kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den
 BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird,
 bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits
 pro Benutzer und pro Computer zu erhöhen.
 
Error - 26.02.2013 11:02:33 | Computer Name = Chrischi-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27.02.2013 04:05:10 | Computer Name = Chrischi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?02.?2013 um 20:07:56 unerwartet heruntergefahren.
 
Error - 27.02.2013 04:05:20 | Computer Name = Chrischi-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle 
Auftragsanzahl für den CHRISCHI-PC\Herrmann-Benutzer ("4891") ist gleich oder größer
 als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können
 das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die
 kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den
 BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird,
 bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits
 pro Benutzer und pro Computer zu erhöhen.
 
Error - 27.02.2013 05:33:06 | Computer Name = Chrischi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?02.?2013 um 10:32:07 unerwartet heruntergefahren.
 
Error - 27.02.2013 05:33:16 | Computer Name = Chrischi-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle 
Auftragsanzahl für den CHRISCHI-PC\Herrmann-Benutzer ("4892") ist gleich oder größer
 als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können
 das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die
 kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den
 BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird,
 bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits
 pro Benutzer und pro Computer zu erhöhen.
 
Error - 27.02.2013 05:33:38 | Computer Name = Chrischi-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         

Alt 17.05.2013, 19:12   #9
chrischi1
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Code:
ATTFilter
OTL logfile created on: 17.05.2013 19:57:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
15.95 Gb Total Physical Memory | 9.89 Gb Available Physical Memory | 62.03% Memory free
31.90 Gb Paging File | 25.87 Gb Available in Paging File | 81.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 103.14 Gb Total Space | 10.21 Gb Free Space | 9.90% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 824.44 Gb Free Space | 88.51% Space Free | Partition Type: NTFS
 
Computer Name: CHRISCHI-PC | User Name: Herrmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Users\Herrmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Herrmann\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
PRC - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Fraps\fraps.exe (Beepa P/L)
PRC - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.)
PRC - C:\Windows\ZSSnp211.exe (ZSMCSNAP)
PRC - C:\Windows\Domino.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Herrmann\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Origin\tufao.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Battlelog Web Plugins\launcher-109.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.1.22\wincfi39.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll ()
MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll ()
MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\Domino.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (EslWireHelper) -- C:\Program Files\EslWire\service\WireHelperSvc.exe ()
SRV:64bit: - (Live Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (SpyHunter 4 Service) -- C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) -- C:\Windows\SysNative\drivers\vrtaucbl.sys (Eugene V. Muzychenko)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys (Symantec Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys (Symantec Corporation)
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (hcwhdpvr) -- C:\Windows\SysNative\drivers\hcwhdpvr.sys (Hauppauge, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (ZSMC30x) -- C:\Windows\SysNative\drivers\ZS211.sys (ZSMC.Corporation)
DRV:64bit: - (vvftav211) -- C:\Windows\SysNative\drivers\vvftav211.sys (Vimicro Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130517.002\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130517.002\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130516.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130502.001\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=48f3fef100000000000000ff59e340e3
IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\..\URLSearchHook: {16CC3586-3547-4025-9E2F-F04C365D8B90} - No CLSID value found
IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=48f3fef100000000000000ff59e340e3
IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\..\SearchScopes\{16CC3586-3547-4025-9E2F-F04C365D8B90}: "URL" = hxxp://search.eazel.com/results.php?cat=web&co=&lg=en&q={searchTerms}
IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=48f3fef100000000000000ff59e340e3"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B0F827075-B026-42F3-885D-98981EE7B1AE%7D:2.6.1095.52
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.13.2.19379
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}: C:\Program Files (x86)\EazelBar\Firefox [2012.09.15 00:34:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.05.17 10:54:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.04.06 18:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.05.10 21:40:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.05.17 10:53:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.06 18:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.02 01:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Extensions
[2013.05.15 13:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\alqi08uu.default\extensions
[2013.03.06 18:27:42 | 000,000,000 | ---D | M] (Zoomex) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\alqi08uu.default\extensions\50fbdde49302c@50fbdde493058.com
[2013.02.28 20:59:02 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\alqi08uu.default\extensions\ffxtlbr@babylon.com
[2013.03.06 18:31:53 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\alqi08uu.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack
[2013.02.28 20:58:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\alqi08uu.default\extensions\plugin@yontoo.com
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\alqi08uu.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2012.11.15 19:30:12 | 000,214,020 | ---- | M] () (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\alqi08uu.default\extensions\socksharedownloader@socksharedownloader.com.xpi
[2013.02.28 20:59:06 | 000,001,294 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\alqi08uu.default\searchplugins\delta.xml
[2012.11.23 21:12:14 | 000,002,536 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\alqi08uu.default\searchplugins\mngr.xml
[2013.03.06 18:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.02 16:51:23 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2013.02.16 02:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Doodledoku = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\adcigljcdlemflbekljdfohfpipeolof\12_0\
CHR - Extension: Take me to my Youtube\u2122 Subscriptions = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\amgjpoadjikandnkbmmlnkdhgljnmejf\1.1.5_0\
CHR - Extension: Turn Off the Lights = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2_0\
CHR - Extension: YouTube = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\7.5.3_0\
CHR - Extension: Better Battlelog (BBLog) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\3.5.2_0\
CHR - Extension: Causality Games = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl\10_0\
CHR - Extension: The QR Code Generator = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0\
CHR - Extension: Rechtschreibpr\u00FCfung = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehceilhofkogkifpjmgdhciddpbcboo\1.2_0\
CHR - Extension: Stoppuhr / Timer = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.6_0\
CHR - Extension: Custom Google\u2122 Background = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg\4.3.3_0\
CHR - Extension: FlyOrDie Blackball = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkhefodfbgjpcmahghmfggbcpjabnag\1.0.3_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.26_0\
CHR - Extension: Google Mail-Checker = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Timeline for Youtube = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\obknajoccmgkokfoclhgjnlcekgglkmn\1.0.11_0\
CHR - Extension: Battlefield 3 = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagmklehiaheilihklokljahmoihkjni\1_0\
CHR - Extension: Google Mail = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Doodledoku = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\adcigljcdlemflbekljdfohfpipeolof\12_0\
CHR - Extension: Take me to my Youtube\u2122 Subscriptions = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\amgjpoadjikandnkbmmlnkdhgljnmejf\1.1.5_0\
CHR - Extension: Turn Off the Lights = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2_0\
CHR - Extension: YouTube = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\7.5.3_0\
CHR - Extension: Better Battlelog (BBLog) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\3.5.2_0\
CHR - Extension: Causality Games = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl\10_0\
CHR - Extension: The QR Code Generator = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0\
CHR - Extension: Rechtschreibpr\u00FCfung = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehceilhofkogkifpjmgdhciddpbcboo\1.2_0\
CHR - Extension: Stoppuhr / Timer = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.6_0\
CHR - Extension: Custom Google\u2122 Background = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg\4.3.3_0\
CHR - Extension: FlyOrDie Blackball = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkhefodfbgjpcmahghmfggbcpjabnag\1.0.3_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.26_0\
CHR - Extension: Google Mail-Checker = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Timeline for Youtube = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\obknajoccmgkokfoclhgjnlcekgglkmn\1.0.11_0\
CHR - Extension: Battlefield 3 = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagmklehiaheilihklokljahmoihkjni\1_0\
CHR - Extension: Google Mail = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.04.21 19:23:59 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2:64bit: - BHO: (EazelBar Helper) - {FE478DC2-E4AD-4197-8F80-5E456BEBC57F} - C:\Program Files (x86)\EazelBar\Toolbar64.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (VirtualDJ Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\SockshareDownloader\smarterdownloader.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (EazelBar) - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - C:\Program Files (x86)\EazelBar\Toolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (VirtualDJ Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (EazelBar) - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - C:\Program Files (x86)\EazelBar\Toolbar32.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe File not found
O4 - HKLM..\Run: [BigDogPath] C:\Windows\ZSSnp211.exe (ZSMCSNAP)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov)
O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [Rbkukl] C:\Users\Herrmann\AppData\Roaming\Rbkukl.exe File not found
O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [Yontoo Desktop] C:\Users\Herrmann\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Herrmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B7A229A-5D65-4939-91BC-C2CCF6A076F9}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.21 18:49:55 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{be0e271b-9e9e-11e2-9c49-e840f2c8cfb5}\Shell - "" = AutoRun
O33 - MountPoints2\{be0e271b-9e9e-11e2-9c49-e840f2c8cfb5}\Shell\AutoRun\command - "" = M:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.17 12:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.05.15 13:40:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.05.15 13:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.05.15 13:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013.05.15 13:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013.05.14 17:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InterLok
[2013.05.14 17:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Antares Audio Technologies
[2013.05.14 17:54:49 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Antares
[2013.05.14 17:53:34 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Downloads
[2013.05.14 17:05:18 | 000,695,296 | ---- | C] (AnjoCaido) -- D:\Desktop\Minecraft Cracked.exe
[2013.05.14 14:22:52 | 000,000,000 | ---D | C] -- D:\Desktop\DICE Verantwortlich Für Hacker atakke
[2013.05.12 00:40:24 | 000,000,000 | ---D | C] -- D:\Desktop\Skate3 how to fix bugy objects in Skate3
[2013.05.11 21:36:01 | 000,000,000 | ---D | C] -- D:\Desktop\Skate3
[2013.05.11 21:36:01 | 000,000,000 | ---D | C] -- D:\Desktop\Skate3
[2013.05.10 21:40:37 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.05.10 21:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013.05.10 21:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.05.10 21:40:30 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys
[2013.05.10 21:40:30 | 000,796,248 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys
[2013.05.10 21:40:30 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys
[2013.05.10 21:40:30 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys
[2013.05.10 21:40:30 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys
[2013.05.10 21:40:30 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys
[2013.05.10 21:40:30 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys
[2013.05.10 21:40:30 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam.sys
[2013.05.10 21:40:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1403010.016
[2013.05.10 21:39:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013.05.10 21:39:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013.05.10 21:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013.05.10 21:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2013.05.10 09:57:38 | 000,027,208 | ---- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2013.05.10 09:57:34 | 000,055,872 | ---- | C] (Adobe Systems Inc) -- C:\Windows\SysNative\AdobePDF.dll
[2013.05.09 22:35:46 | 000,000,000 | ---D | C] -- D:\Desktop\Neuer Ordner (3)
[2013.05.09 22:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.05.09 21:31:22 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\PunkBuster
[2013.05.09 21:27:36 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\PunkBuster
[2013.05.05 11:10:26 | 000,000,000 | ---D | C] -- D:\Desktop\Interface
[2013.05.05 10:46:11 | 000,000,000 | ---D | C] -- D:\Desktop\sky
[2013.05.04 23:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2013.05.04 19:32:25 | 000,000,000 | ---D | C] -- D:\Desktop\scheiss
[2013.04.28 19:37:39 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\ESL Wire Game Client
[2013.04.28 19:37:25 | 000,160,784 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2013.04.28 19:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
[2013.04.28 19:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire
[2013.04.28 19:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire
[2013.04.25 17:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.22 14:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.04.22 12:46:08 | 000,000,000 | R--D | C] -- D:\Desktop\Eigene Seite
[2013.04.22 01:51:13 | 000,000,000 | ---D | C] -- D:\Desktop\Battlefield 3 Sniper Montage 004 by chrischi2321
[2013.04.21 19:10:44 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.04.21 19:10:44 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.04.21 19:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2013.04.21 18:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.04.21 18:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.04.17 21:09:17 | 000,000,000 | ---D | C] -- D:\Desktop\sniper ws hudson
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 18:43:01 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.17 18:43:01 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.17 18:13:20 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.17 13:12:28 | 000,056,703 | ---- | M] () -- D:\Desktop\dipasd.png
[2013.05.17 13:06:15 | 001,614,852 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.17 13:06:15 | 000,697,276 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.17 13:06:15 | 000,652,594 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.17 13:06:15 | 000,148,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.17 13:06:15 | 000,121,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.17 13:02:31 | 000,277,982 | ---- | M] () -- D:\Desktop\svchostpic.png
[2013.05.17 13:02:31 | 000,000,132 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2013.05.17 11:00:26 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 11:00:26 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 10:57:54 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{8DC6A15C-EF0E-47B6-AC79-5FCEEEB282A8}.job
[2013.05.17 10:55:12 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2013.05.17 10:53:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.17 10:53:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.17 10:53:16 | 4254,539,774 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.17 09:06:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.17 09:06:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.16 19:32:06 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.16 19:28:35 | 000,000,600 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\winscp.rnd
[2013.05.15 15:40:17 | 000,037,584 | ---- | M] () -- D:\Desktop\PnkBstrA.rar
[2013.05.15 15:40:00 | 000,144,556 | ---- | M] () -- D:\Desktop\PnkBstrB.rar
[2013.05.15 15:27:38 | 002,448,702 | ---- | M] () -- D:\Desktop\pbsvc.rar
[2013.05.15 15:12:52 | 000,007,605 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\resmon.resmoncfg
[2013.05.14 22:22:02 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242782858-1307113304-2311912926-1000UA.job
[2013.05.14 17:42:00 | 000,001,638 | ---- | M] () -- D:\Desktop\groups.yml
[2013.05.14 15:22:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242782858-1307113304-2311912926-1000Core.job
[2013.05.14 13:41:29 | 000,009,707 | ---- | M] () -- D:\Desktop\MAN.png
[2013.05.12 18:31:11 | 000,000,515 | ---- | M] () -- D:\Desktop\config.yml
[2013.05.12 11:24:02 | 001,578,538 | ---- | M] () -- D:\Desktop\steam failo.png
[2013.05.11 21:29:20 | 000,001,059 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.10 21:40:42 | 001,940,410 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB
[2013.05.10 21:40:37 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.05.10 21:40:37 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.05.10 21:40:37 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.05.10 13:03:54 | 000,000,871 | ---- | M] () -- C:\Windows\wininit.ini
[2013.05.10 12:41:22 | 000,000,576 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013.05.10 09:57:38 | 000,027,208 | ---- | M] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2013.05.10 09:57:34 | 000,055,872 | ---- | M] (Adobe Systems Inc) -- C:\Windows\SysNative\AdobePDF.dll
[2013.05.09 23:36:59 | 000,158,767 | ---- | M] () -- D:\Desktop\arbeitssp.png
[2013.05.09 22:26:53 | 000,045,083 | ---- | M] () -- D:\Desktop\punk.png
[2013.05.05 11:08:55 | 000,078,428 | ---- | M] () -- D:\Desktop\QD Inventory 0_235-667-1.zip
[2013.05.04 22:40:24 | 015,833,336 | ---- | M] () -- D:\Desktop\The Elder Scrolls V_ Skyrim Live Action Trailer_(720p).mp4
[2013.05.04 22:39:28 | 056,976,098 | ---- | M] () -- D:\Desktop\The Elder Scrolls V - Skyrim Trailer German HD_(720p).mp4
[2013.05.04 18:47:34 | 000,001,526 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013.04.29 18:12:28 | 012,322,882 | ---- | M] () -- D:\Desktop\test test 123 _D_(1080p).mp4
[2013.04.28 19:37:25 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2013.04.26 13:47:22 | 000,002,274 | ---- | M] () -- D:\Desktop\Google Chrome.lnk
[2013.04.25 15:12:41 | 000,044,176 | ---- | M] () -- D:\Desktop\chrischi.jpg
[2013.04.23 18:11:22 | 007,657,516 | ---- | M] () -- D:\Desktop\lalelu.wav
[2013.04.23 13:42:21 | 577,658,776 | ---- | M] () -- D:\Desktop\bf3 2013-04-23 13-15-17-99.avi
[2013.04.22 15:18:57 | 000,982,395 | ---- | M] () -- D:\Desktop\so.jpg
[2013.04.22 15:10:38 | 001,001,599 | ---- | M] () -- D:\Desktop\fail.png
[2013.04.22 14:25:12 | 000,379,579 | ---- | M] () -- D:\Desktop\bf3back.jpg
[2013.04.21 21:19:33 | 000,002,202 | ---- | M] () -- D:\Desktop\amcap.lnk
[2013.04.21 19:10:44 | 000,002,146 | ---- | M] () -- D:\Desktop\SpyHunter.lnk
[2013.04.21 18:49:55 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.04.21 18:40:29 | 000,101,571 | ---- | M] () -- D:\Desktop\zoom.png
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.17 13:12:28 | 000,056,703 | ---- | C] () -- D:\Desktop\dipasd.png
[2013.05.17 12:58:34 | 000,277,982 | ---- | C] () -- D:\Desktop\svchostpic.png
[2013.05.17 10:55:12 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2013.05.16 19:31:52 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.16 19:30:59 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.16 19:30:59 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.16 19:30:58 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.15 15:40:17 | 000,037,584 | ---- | C] () -- D:\Desktop\PnkBstrA.rar
[2013.05.15 15:39:58 | 000,144,556 | ---- | C] () -- D:\Desktop\PnkBstrB.rar
[2013.05.15 15:27:45 | 002,580,552 | ---- | C] () -- D:\Desktop\pbsvc.exe
[2013.05.15 15:27:17 | 002,448,702 | ---- | C] () -- D:\Desktop\pbsvc.rar
[2013.05.14 17:42:00 | 000,001,638 | ---- | C] () -- D:\Desktop\groups.yml
[2013.05.14 13:41:29 | 000,009,707 | ---- | C] () -- D:\Desktop\MAN.png
[2013.05.12 16:24:00 | 000,000,515 | ---- | C] () -- D:\Desktop\config.yml
[2013.05.12 11:24:01 | 001,578,538 | ---- | C] () -- D:\Desktop\steam failo.png
[2013.05.11 21:29:20 | 000,001,059 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.10 21:55:42 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\VT20130115.021
[2013.05.10 21:40:37 | 001,940,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB
[2013.05.10 21:40:37 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.05.10 21:40:37 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.05.10 21:40:30 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam64.cat
[2013.05.10 21:40:30 | 000,007,611 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.cat
[2013.05.10 21:40:30 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnet64.cat
[2013.05.10 21:40:30 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\iron.cat
[2013.05.10 21:40:30 | 000,007,589 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.cat
[2013.05.10 21:40:30 | 000,007,587 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.cat
[2013.05.10 21:40:30 | 000,007,585 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.cat
[2013.05.10 21:40:30 | 000,007,581 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.cat
[2013.05.10 21:40:30 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa.inf
[2013.05.10 21:40:30 | 000,002,852 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds.inf
[2013.05.10 21:40:30 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnet.inf
[2013.05.10 21:40:30 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.inf
[2013.05.10 21:40:30 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.inf
[2013.05.10 21:40:30 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam.inf
[2013.05.10 21:40:30 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.inf
[2013.05.10 21:40:30 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\iron.inf
[2013.05.10 21:40:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\isolate.ini
[2013.05.10 12:41:16 | 000,000,576 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013.05.10 12:33:11 | 000,202,597 | ---- | C] () -- D:\Desktop\All_CPU_Meter_V4.6.gadget
[2013.05.09 23:36:59 | 000,158,767 | ---- | C] () -- D:\Desktop\arbeitssp.png
[2013.05.09 22:26:53 | 000,045,083 | ---- | C] () -- D:\Desktop\punk.png
[2013.05.05 11:08:54 | 000,078,428 | ---- | C] () -- D:\Desktop\QD Inventory 0_235-667-1.zip
[2013.05.04 22:40:04 | 015,833,336 | ---- | C] () -- D:\Desktop\The Elder Scrolls V_ Skyrim Live Action Trailer_(720p).mp4
[2013.05.04 22:39:06 | 056,976,098 | ---- | C] () -- D:\Desktop\The Elder Scrolls V - Skyrim Trailer German HD_(720p).mp4
[2013.04.29 18:12:24 | 012,322,882 | ---- | C] () -- D:\Desktop\test test 123 _D_(1080p).mp4
[2013.04.29 15:40:55 | 000,001,538 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013.04.29 15:40:55 | 000,001,526 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013.04.28 19:37:25 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2013.04.25 15:12:39 | 000,044,176 | ---- | C] () -- D:\Desktop\chrischi.jpg
[2013.04.23 18:08:45 | 007,657,516 | ---- | C] () -- D:\Desktop\lalelu.wav
[2013.04.23 13:17:51 | 577,658,776 | ---- | C] () -- D:\Desktop\bf3 2013-04-23 13-15-17-99.avi
[2013.04.22 15:18:54 | 000,982,395 | ---- | C] () -- D:\Desktop\so.jpg
[2013.04.22 15:10:38 | 001,001,599 | ---- | C] () -- D:\Desktop\fail.png
[2013.04.22 14:25:11 | 000,379,579 | ---- | C] () -- D:\Desktop\bf3back.jpg
[2013.04.21 21:19:33 | 000,002,202 | ---- | C] () -- D:\Desktop\amcap.lnk
[2013.04.21 18:49:55 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.04.21 18:49:48 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2013.04.21 18:49:46 | 000,002,146 | ---- | C] () -- D:\Desktop\SpyHunter.lnk
[2013.04.21 18:40:28 | 000,101,571 | ---- | C] () -- D:\Desktop\zoom.png
[2013.03.21 20:54:31 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2013.03.18 19:18:48 | 000,013,248 | ---- | C] () -- C:\Windows\SysWow64\System.dll
[2013.02.26 18:26:38 | 000,007,605 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\resmon.resmoncfg
[2013.01.22 18:53:24 | 000,002,378 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012.12.02 16:37:41 | 000,009,216 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\AllocEx.dat
[2012.11.30 14:08:36 | 000,000,227 | ---- | C] () -- C:\Windows\steinsgate.ini
[2012.10.30 18:54:12 | 000,000,871 | ---- | C] () -- C:\Windows\wininit.ini
[2012.10.08 22:50:15 | 000,000,132 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.10.01 17:41:45 | 001,591,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.29 22:45:22 | 000,005,120 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.16 19:15:31 | 000,000,600 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\winscp.rnd
[2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.02.03 07:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1138 bytes -> C:\Users\Herrmann\AppData\Local\CYT9DHppduFjCC:Nzaeh7O60cDzzjgB8ml

< End of report >
         

Geändert von chrischi1 (17.05.2013 um 19:17 Uhr) Grund: Jetzt

Alt 17.05.2013, 20:49   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Zitat:
(AnjoCaido) -- D:\Desktop\Minecraft Cracked.exe


Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.05.2013, 21:24   #11
chrischi1
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Minecraft Cracked.exe kann nicht sein das habe ich seit 2 jahren drauf noch nie probleme gehabt ...

Geändert von chrischi1 (17.05.2013 um 21:25 Uhr) Grund: rechtschreibung

Alt 17.05.2013, 21:38   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Zitat:
Minecraft Cracked.exe kann nicht sein das habe ich seit 2 jahren drauf noch nie probleme gehabt ...
Schön, nur hat das mit dem Thema nix zu tun.
Wir geben bei Crackusern keinen Bereingungssupport.
Und dass dein Crack tatsächlich so sauber und vertrauenswürdig ist wie du offensichtlich glaubst, wagt jeder der das Risiko derartiger Cracks kennt, zu bezweifeln.

Hilfe gibt es noch bei der Datenrettung und Neuinstallation von Windows.

Lass in Zukunft die Finger von Cracks und Keygens!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.05.2013, 21:48   #13
chrischi1
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Ich habe das gerade mit virus total + Norton + und mit antispy scannen lassen Nix 100% sicher

Alt 17.05.2013, 21:51   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung



Was hat das mit dem Thema zu tun? Nix
Wie geben keinen Support mehr wenn wir Cracks sehen, außer Hilfe zu Datensicherung und Neuinstallation.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.05.2013, 21:55   #15
chrischi1
 
svchost.exe Virur 2GB Arbeitsspeicher verwendung - Standard

svchost.exe Virur 2GB Arbeitsspeicher verwendung




Thema geschlossen

Themen zu svchost.exe Virur 2GB Arbeitsspeicher verwendung
antwort, arbeitsspeicher, bild, explorer.exe crash, hoffe, log, online, poste, problem, sachen, scanner, schnell, spyhunter, spyhunter entfernen, svchost.exe, svchoste.exe virus, tarma, win32/adware.multiplug.f, win32/adware.multiplug.h, win32/adware.yontoo, win32/adware.yontoo.b, windos7, woche




Ähnliche Themen: svchost.exe Virur 2GB Arbeitsspeicher verwendung


  1. Windows VISTA svchost.exe über 1.300.000 KB Arbeitsspeicher / Temperatur bei 80 Grad
    Alles rund um Windows - 04.06.2015 (3)
  2. Arbeitsspeicher voll / Firefox wird geschlossen / große "svchost.exe"
    Log-Analyse und Auswertung - 11.05.2015 (17)
  3. SVCHOST macht Rechner langsam, belegt bei Internetverbindung für Minuten 100% Arbeitsspeicher
    Log-Analyse und Auswertung - 31.03.2015 (9)
  4. Pc stürzt ab bei verwendung von nero 11
    Log-Analyse und Auswertung - 23.12.2014 (3)
  5. Svchost.exe verbraucht viel Arbeitsspeicher
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (9)
  6. svchost.exe(netsvcs) und Firefox brauchen nahezu 100% CPU, und belegen sämtlichen freien Arbeitsspeicher
    Log-Analyse und Auswertung - 21.11.2014 (7)
  7. Svchost verbraucht sehr viel Arbeitsspeicher
    Plagegeister aller Art und deren Bekämpfung - 04.03.2014 (5)
  8. Win 7: svchost.exe frisst ungewöhnlich viel Arbeitsspeicher
    Log-Analyse und Auswertung - 21.12.2013 (13)
  9. svchost frisst arbeitsspeicher, ungewollte umleitung bei klick auf link usw.
    Plagegeister aller Art und deren Bekämpfung - 17.10.2011 (3)
  10. svchost.exe......Arbeitsspeicher 50%...mit Malware gecheckt
    Log-Analyse und Auswertung - 03.08.2011 (12)
  11. svchost.exe verbraucht sehr viel Arbeitsspeicher. Virus?
    Plagegeister aller Art und deren Bekämpfung - 02.03.2011 (8)
  12. Frage: Verwendung der Spendengelder ?
    Lob, Kritik und Wünsche - 24.09.2010 (1)
  13. Browserabsturz bei Verwendung von Suchmaschinen
    Plagegeister aller Art und deren Bekämpfung - 07.02.2010 (2)
  14. Verwendung meiner IP Adresse!?!
    Log-Analyse und Auswertung - 06.10.2009 (3)
  15. svchost nimmt (im vergleich zu sonst) viel arbeitsspeicher ein
    Log-Analyse und Auswertung - 10.09.2007 (1)
  16. IE PopUps bei Verwendung von Firefox
    Log-Analyse und Auswertung - 11.02.2007 (3)
  17. 2 Trojaner obwohl Norton Antivirus in Verwendung
    Plagegeister aller Art und deren Bekämpfung - 09.02.2005 (3)

Zum Thema svchost.exe Virur 2GB Arbeitsspeicher verwendung - Hallo liebe Trojaner-board.de Community Ich habe seit einer Woche das Problem Das Svchost.exe 2GB (2`000`000K) Arbeitsspeicher braucht und den Explorer so überlastet das ich keine Ordner öffnen kann. Ich habe - svchost.exe Virur 2GB Arbeitsspeicher verwendung...
Archiv
Du betrachtest: svchost.exe Virur 2GB Arbeitsspeicher verwendung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.